• Home
  • Blogs
  • PDF (New 2024) Actual ISC SSCP Exam Questions [Q220-Q242]

PDF (New 2024) Actual ISC SSCP Exam Questions [Q220-Q242]

Share

PDF (New 2024) Actual ISC SSCP Exam Questions

Dumps Moneyack Guarantee - SSCP Dumps UpTo 90% Off

NEW QUESTION # 220
Which of the following is true of network security?

  • A. A firewall is a not a necessity in today's connected world.
  • B. A black firewall is a necessity in today's connected world.
  • C. A firewall is a necessity in today's connected world.
  • D. A whitewall is a necessity in today's connected world.

Answer: C

Explanation:
Commercial firewalls are a dime-a-dozen in todays world. Black firewall and whitewall are just distracters.


NEW QUESTION # 221
___________________ is ultimately responsible for security and privacy violations.

  • A. Person committing the violation
  • B. Security Officer
  • C. OS Software
  • D. CIO / CEO

Answer: D


NEW QUESTION # 222
What is the most correct choice below when talking about the steps to resume normal operation at the primary site after the green light has been given by the salvage team?

  • A. The most critical operations are moved from alternate site to primary site before others
  • B. You moves items back in the same order as the categories document in your plan or exactly in the same order as you did on your way to the alternate site
  • C. The least critical functions should be moved back first
  • D. Operation may be carried by a completely different team than disaster recovery team

Answer: C

Explanation:
Section: Risk, Response and Recovery
Explanation/Reference:
It's interesting to note that the steps to resume normal processing operations will be different than the steps of the recovery plan; that is, the least critical work should be brought back first to the primary site.
The most important point above in the steps would be to move the least critical items or resources back to the primary site first. This way you can ensure that the site was really well prepared and that all is working fine.
Before that first step would be done, you would get the green light from the salvage team that it is fine to move back to the primary site. The first step after getting the green light would be to move the least critical elements first.
As stated in the Shon Harris book:
The least critical functions should be moved back first, so if there are issues in network configurations or connectivity, or important steps were not carried out, the critical operations of the company are not negatively affected. Why go through the trouble of moving the most critical systems and operations to a safe and stable site, only to return it to a main site that is untested? Let the less critical departments act as the canary. If they survive, then move over the more critical components of the company.
When it is time for the company to move back into its original site or a new site, the company enters the reconstitution phase. A company is not out of an emergency state until it is back in operation at the original primary site or a new site that was constructed to replace the primary site, because the company is always vulnerable while operating in a backup facility.
Many logistical issues need to be considered as to when a company must return from the alternate site to the original site. The following lists a few of these issues:
Ensuring the safety of employees
Ensuring an adequate environment is provided (power, facility infrastructure, water, HVAC) Ensuring that the necessary equipment and supplies are present and in working order Ensuring proper communications and connectivity methods are working Properly testing the new environment Once the coordinator, management, and salvage team sign off on the readiness of the facility, the salvage team should carry out the following steps:
Back up data from the alternate site and restore it within the new facility.
Carefully terminate contingency operations.
Securely transport equipment and personnel to the new facility.
All other choices are not the correct answer.
Reference(s) used for this question:
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (Kindle Location 19389). McGraw-Hill.
Kindle Edition.
and
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Page 290.


NEW QUESTION # 223
When considering an IT System Development Life-cycle, security should be:

  • A. Added once the design is completed.
  • B. Treated as an integral part of the overall system design.
  • C. Mostly considered during the initiation phase.
  • D. Mostly considered during the development phase.

Answer: B

Explanation:
Security must be considered in information system design. Experience has
shown it is very difficult to implement security measures properly and successfully after a system has been developed, so it should be integrated fully into the system life-cycle process. This includes establishing security policies, understanding the resulting security requirements, participating in the evaluation of security products, and finally in the engineering, design, implementation, and disposal of the system.
Source: STONEBURNER, Gary & al, National Institute of Standards and Technology (NIST), NIST Special Publication 800-27, Engineering Principles for Information Technology Security (A Baseline for Achieving Security), June 2001 (page 7).


NEW QUESTION # 224
What can be defined as secret communications where the very existence of the message is hidden?

  • A. Cryptology
  • B. Clustering
  • C. Vernam cipher
  • D. Steganography

Answer: D

Explanation:
Steganography is a secret communication where the very existence of the message is hidden.
For example, in a digital image, the least significant bit of each word can be used to comprise a message without causing any significant change in the image. Key clustering is a situation in which a plaintext message generates identical ciphertext messages using the same transformation algorithm but with different keys. Cryptology encompasses cryptography and cryptanalysis. The Vernam Cipher, also called a one-time pad, is an encryption scheme using a random key of the same size as the message and is used only once. It is said to be unbreakable, even with infinite resources.


NEW QUESTION # 225
Which of the following control pairings include: organizational policies and procedures, preemployment background checks, strict hiring practices, employment agreements, employee termination procedures, vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior awareness, and sign-up procedures to obtain access to information systems and networks?

  • A. Preventive/Physical Pairing
  • B. Detective/Administrative Pairing
  • C. Preventive/Technical Pairing
  • D. Preventive/Administrative Pairing

Answer: D

Explanation:
Preventive
/Administrative Pairing: These mechanisms include organizational policies and procedures, pre-employment background checks, strict hiring practices, employment agreements, friendly and unfriendly employee termination procedures, vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior awareness, and sign-up procedures to obtain access to information systems and networks. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34.


NEW QUESTION # 226
________, _________, and __________ are required to successfully complete a crime.<br>(Choose three)

  • A. Means
  • B. Opportunity
  • C. Motive
  • D. Buffer Overflow
  • E. Advantage
  • F. Root kit

Answer: A,B,C


NEW QUESTION # 227
What is called an attack where the attacker spoofs the source IP address in an ICMP ECHO broadcast packet so it seems to have originated at the victim's system, in order to flood it with REPLY packets?

  • A. Smurf attack
  • B. SYN Flood attack
  • C. Ping of Death attack
  • D. Denial of Service (DOS) attack

Answer: A

Explanation:
Explanation/Reference:
Although it may cause a denial of service to the victim's system, this type of attack is a Smurf attack. A SYN Flood attack uses up all of a system's resources by setting up a number of bogus communication sockets on the victim's system. A Ping of Death attack is done by sending IP packets that exceed the maximum legal length (65535 octets).
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter
11: Application and System Development (page 789).


NEW QUESTION # 228
Which of the following describes a computer processing architecture in which a language compiler or pre-processor breaks program instructions down into basic operations that can be performed by the processor at the same time?

  • A. Very-Long Instruction-Word Processor (VLIW)
  • B. Super Scalar Processor Architecture (SCPA)
  • C. Reduced-Instruction-Set-Computer (RISC)
  • D. Complex-Instruction-Set-Computer (CISC)

Answer: A

Explanation:
Very long instruction word (VLIW) describes a computer processing architecture in which a language compiler or pre-processor breaks program instruction down into basic operations that can be performed by the processor in parallel (that is, at the same time). These operations are put into a very long instruction word which the processor can then take apart without further analysis, handing each operation to an appropriate functional unit.
The following answer are incorrect:
The term "CISC" (complex instruction set computer or computing) refers to computers designed with a full set of computer instructions that were intended to provide needed capabilities in the most efficient way. Later, it was discovered that, by reducing the full set to only the most frequently used instructions, the computer would get more work done in a shorter amount of time for most applications. Intel's Pentium microprocessors are CISC microprocessors.
The PowerPC microprocessor, used in IBM's RISC System/6000 workstation and Macintosh computers, is a RISC microprocessor. RISC takes each of the longer, more complex instructions from a CISC design and reduces it to multiple instructions that are shorter and faster to process.
RISC technology has been a staple of mobile devices for decades, but it is now finally poised to take on a serious role in data center servers and server virtualization. The latest RISC processors support virtualization and will change the way computing resources scale to meet workload demands.
A superscalar CPU architecture implements a form of parallelism called instruction level parallelism within a single processor. It therefore allows faster CPU throughput than would otherwise be possible at a given clock rate. A superscalar processor executes more than one instruction during a clock cycle by simultaneously dispatching multiple instructions to redundant functional units on the processor. Each functional unit is not a separate CPU core but an execution resource within a single CPU such as an arithmetic logic unit, a bit shifter, or a multiplier.


NEW QUESTION # 229
How do you distinguish between a bridge and a router?

  • A. A bridge simply connects multiple networks, a router examines each packet to determine which network to forward it to.
  • B. The bridge is a specific type of router used to connect a LAN to the global Internet.
  • C. The bridge connects multiple networks at the data link layer, while router connects multiple networks at the network layer.
  • D. "Bridge" and "router" are synonyms for equipment used to join two networks.

Answer: C

Explanation:
A bridge operates at the Data Link Layer and a router operates at the Network Layer.
The following answers are incorrect:
A bridge simply connects multiple networks, a router examines each packet to determine which network to forward it to. Is incorrect because both forward packets this is not distinctive enough.
"Bridge" and "router" are synonyms for equipment used to join two networks. Is incorrect because the two are unique and operate at different layers of the OSI model.
The bridge is a specific type of router used to connect a LAN to the global Internet. Is incorrect because a bridge does not connect a LAN to the global internet, but connects networks together creating a LAN.


NEW QUESTION # 230
What assesses potential loss that could be caused by a disaster?

  • A. The Business Continuity Plan (BCP)
  • B. The Business Impact Analysis (BIA)
  • C. The Risk Assessment (RA)
  • D. The Business Assessment (BA)

Answer: B

Explanation:
Section: Risk, Response and Recovery
Explanation/Reference:
The Business Assessment is divided into two components. Risk Assessment (RA) and Business Impact Analysis (BIA). Risk Assessment is designed to evaluate existing exposures from the organization's environment, whereas the BIA assesses potential loss that could be caused by a disaster. The Business Continuity Plan's goal is to reduce the risk of financial loss by improving the ability to recover and restore operations efficiently and effectively.
Source: BARNES, James C. & ROTHSTEIN, Philip J., A Guide to Business Continuity Planning, John Wiley & Sons, 2001 (page 57).
And: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 8: Business Continuity Planning and Disaster Recovery Planning (page 276).


NEW QUESTION # 231
Unshielded Twisted Pair cabling is a:

  • A. two-pair wire medium that is used in a variety of networks.
  • B. three-pair wire medium that is used in a variety of networks.
  • C. one-pair wire medium that is used in a variety of networks.
  • D. four-pair wire medium that is used in a variety of networks.

Answer: D

Explanation:
Unshielded Twisted Pair cabling is a four-pair wire medium that is used in a variety of networks.


NEW QUESTION # 232
If your property Insurance has Replacement Cost Valuation (RCV) clause your damaged property will be compensated:

  • A. Based on the value of item on the date of loss
  • B. Based on the value listed on the Ebay auction web site
  • C. Based on new, comparable, or identical item for old regardless of condition of lost item
  • D. Based on value of item one month before the loss

Answer: C

Explanation:
Explanation/Reference:
RCV is the maximum amount your insurance company will pay you for damage to covered property before deducting for depreciation. The RCV payment is based on the current cost to replace your property with new, identical or comparable property.
The other choices were detractor:
Application and definition of the insurance terms Replacement Cost Value (RCV), Actual Cash Value (ACV) and depreciation can be confusing. It's important that you understand the terms to help settle your claim fairly.
An easy way to understand RCV and ACV is to think in terms of "new" and "used." Replacement cost is the item's current price, new. "What will it cost when I replace it?" Actual cash is the item's used price, old. "How much money is it worth since I used it for five years?" Hold Back
Most policies only pay the Actual Cash Value upfront, and then they pay you the "held back" depreciation after you incur the expense to repair or replace your personal property items.
NOTE: You must remember to send documentation to the insurance company proving you've incurred the additional expense you will be reimbursed.
Actual Cash Value (ACV)
ACV is the amount your insurance company will pay you for damage to covered property after deducting for depreciation. ACV is the replacement cost of a new item, minus depreciation. If stated as a simple equation, ACV could be defined as follows: ACV=RCV-Depreciation
Unfortunately, ACV is not always as easy to agree upon as a simple math equation. The ACV can also be calculated as the price a willing buyer would pay for your used item.
Depreciation
Depreciation (sometimes called "hold back") is defined as the "loss in value from all causes, including age, and wear and tear." Although the definition seems to be clear, in our experience, value" as a real-world application is clearly subjective and varies widely. We have seen the same adjuster apply NO depreciation (100 percent value) on one claim and 40 percent depreciation almost half value) on an almost identical claim.
This shows that the process of applying depreciation is subjective and clearly negotiable.
Excessive Depreciation
When the insurance company depreciates more than they should, it is called "Excessive depreciation." Although not ethical, it is very common. Note any items that have excessive depreciation and write a letter to your insurance company.
References:
http://carehelp.org/downloads/category/1-insurance-handouts.html?download=17%3Ahandout08-rcv-and- acv
and
http://www.schirickinsurance.com/resources/value2005.pdf
and
TIPTON, Harold F. & KRAUSE, MICKI, information Security Management Handbook, 4th Edition, Volume
1
Property Insurance overview, Page 587.


NEW QUESTION # 233
Which of the following can be best defined as computing techniques for inseparably embedding unobtrusive marks or labels as bits in digital data and for detecting or extracting the marks later?

  • A. Steganography
  • B. Digital enveloping
  • C. Digital watermarking
  • D. Digital signature

Answer: C

Explanation:
RFC 2828 (Internet Security Glossary) defines digital watermarking as computing techniques for inseparably embedding unobtrusive marks or labels as bits in digital data-text, graphics, images, video, or audio#and for detecting or extracting the marks later. The set of embedded bits (the digital watermark) is sometimes hidden, usually imperceptible, and always intended to be unobtrusive. It is used as a measure to protect intellectual property rights. Steganography involves hiding the very existence of a message. A digital signature is a value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity. A digital envelope is a combination of encrypted data and its encryption key in an encrypted form that has been prepared for use of the recipient.
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.


NEW QUESTION # 234
Which access control model achieves data integrity through well-formed transactions and separation of duties?

  • A. Clark-Wilson model
  • B. Non-interference model
  • C. Sutherland model
  • D. Biba model

Answer: A

Explanation:
The Clark-Wilson model differs from other models that are subject- and object- oriented by introducing a third access element programs resulting in what is called an access triple, which prevents unauthorized users from modifying data or programs. The Biba model uses objects and subjects and addresses integrity based on a hierarchical lattice of integrity levels. The non-interference model is related to the information flow model with restrictions on the information flow. The Sutherland model approaches integrity by focusing on the problem of inference. Source: ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 2: Access Control Systems and Methodology (page 12). And: KRAUSE, Micki & TIPTON, Harold F., Handbook of Information Security Management, CRC Press, 1997, Domain 1: Access Control.


NEW QUESTION # 235
What mechanism automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local police/fire station and the appropriate headquarters?

  • A. A remote station alarm
  • B. Proprietary alarm
  • C. An auxiliary station alarm
  • D. Central station alarm

Answer: C

Explanation:
Explanation/Reference:
Auxiliary station alarms automatically cause an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local police/fire station and the appropriate headquarters. They are usually Municipal Fire Alarm Boxes are installed at your business or building, they are wired directly into the fire station.
Central station alarms are operated by private security organizations. It is very similar to a proprietary alarm system (see below). However, the biggest difference is the monitoring and receiving of alarm is done off site at a central location manned by non staff members. It is a third party.
Proprietary alarms are similar to central stations alarms except that monitoring is performed directly on the protected property. This type of alarm is usually use to protect large industrials or commercial buildings.
Each of the buildings in the same vincinity has their own alarm system, they are all wired together at a central location within one of the building acting as a common receiving point. This point is usually far away from the other building so it is not under the same danger. It is usually man 24 hours a day by a trained team who knows how to react under different conditions.
A remote station alarm is a direct connection between the signal-initiating device at the protected property and the signal-receiving device located at a remote station, such as the fire station or usually a monitoring service. This is the most popular type of implementation and the owner of the premise must pay a monthly monitoring fee. This is what most people use in their home where they get a company like ADT to receive the alarms on their behalf.
A remote system differs from an auxiliary system in that it does not use the municipal fire of police alarm circuits.
Reference(s) used for this question:
ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 11: Physical Security (page 211).
and
Great presentation J.T.A. Stone on SlideShare


NEW QUESTION # 236
In the context of network enumeration by an outside attacker and possible Distributed Denial of Service (DDoS) attacks, which of the following firewall rules is not appropriate to protect an organization's internal network?

  • A. Allow echo request outbound
  • B. Allow echo reply outbound
  • C. Drop echo request inbound
  • D. Allow echo reply inbound

Answer: B

Explanation:
Echo replies outbound should be dropped, not allowed. There is no reason for any internet users to send ICMP ECHO Request to your interal hosts from the internet. If they wish to find out if a service is available, they can use a browser to connect to your web server or simply send an email if they wish to test your mail service.
Echo replies outbound could be used as part of the SMURF amplification attack where someone will send ICMP echo requests to gateways broadcast addresses in order to amplify the request by X number of users sitting behind the gateway.
By allowing inbound echo requests and outbound echo replies, it makes it easier for attackers to learn about the internal network as well by performing a simply ping sweep. ICMP can also be used to find out which host has been up and running the longest which would indicates which patches are missing on the host if a critical patch required a reboot.
ICMP can also be use for DDoS attacks, so you should strictly limit what type of ICMP traffic would be allowed to flow through your firewall.
On top of all this, tools such as LOKI could be use as a client-server application to transfer files back and forward between the internat and some of your internal hosts. LOKI is a client/server program published in the online publication Phrack . This program is a working proof-of-concept to demonstrate that data can be transmitted somewhat secretly across a
network by hiding it in traffic that normally does not contain payloads. The example code
can tunnel the equivalent of a Unix RCMD/RSH session in either ICMP echo request (ping)
packets or UDP traffic to the DNS port. This is used as a back door into a Unix system after
root access has been compromised. Presence of LOKI on a system is evidence that the
system has been compromised in the past.
The outbound echo request and inbound echo reply allow internal users to verify
connectivity with external hosts.
The following answers are incorrect:
Allow echo request outbound The outbound echo request and inbound echo reply allow
internal users to verify connectivity with external hosts.
Drop echo request inbound There is no need for anyone on the internet to attempt pinging
your internal hosts.
Allow echo reply inbound The outbound echo request and inbound echo reply allow internal
users to verify connectivity with external hosts.
Reference(s) used for this question:
http://www.phrack.org/issues.html?issue=49&id=6
STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000, Chapter 10:
The Perfect Firewall.


NEW QUESTION # 237
Which of the following is the most important consideration in locating an alternate computing facility during the development of a disaster recovery plan?

  • A. It is close enough to become operational quickly.
  • B. It is unlikely to be affected by the same disaster.
  • C. It is close enough to serve its users.
  • D. It is convenient to airports and hotels.

Answer: B

Explanation:
Section: Risk, Response and Recovery
Explanation/Reference:
You do not want the alternate or recovery site located in close proximity to the original site because the same event that create the situation in the first place might very well impact that site also.
From NIST: "The fixed site should be in a geographic area that is unlikely to be negatively affected by the same disaster event (e.g., weather-related impacts or power grid failure) as the organization's primary site.
The following answers are incorrect:
It is close enough to become operational quickly. Is incorrect because it is not the best answer. You'd want the alternate site to be close but if it is too close the same event could impact that site as well.
It is close enough to serve its users. Is incorrect because it is not the best answer. You'd want the alternate site to be close to users if applicable, but if it is too close the same event could impact that site as well It is convenient to airports and hotels. Is incorrect because it is not the best answer, it is more important that the same event does not impact the alternate site then convenience.
References:
OIG CBK Business Continuity and Disaster Recovery Planning (pages 368 - 369) NIST document 800-34 pg 21


NEW QUESTION # 238
One purpose of a security awareness program is to modify:

  • A. employee's attitudes and behaviors towards enterprise's security posture
  • B. corporate attitudes about safeguarding data
  • C. management's approach towards enterprise's security posture
  • D. attitudes of employees with sensitive data

Answer: A

Explanation:
Explanation/Reference:
security awareness training is to modify employees behaviour and attitude towards towards enterprise's security posture.
Security-awareness training is performed to modify employees' behavior and attitude toward security. This can best be achieved through a formalized process of security-awareness training.
It is used to increase the overall awareness of security throughout the company. It is targeted to every single employee and not only to one group of users.
Unfortunately you cannot apply a patch to a human being, the only thing you can do is to educate employees and make them more aware of security issues and threats. Never underestimate human stupidity.
Reference(s) used for this question:
TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
also see:
Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 130). McGraw-Hill. Kindle Edition.


NEW QUESTION # 239
What security problem is most likely to exist if an operating system permits objects to be used sequentially by multiple users without forcing a refresh of the objects?

  • A. Unauthorized obtaining of a privileged execution state.
  • B. Denial of service through a deadly embrace.
  • C. Data leakage through covert channels.
  • D. Disclosure of residual data.

Answer: D

Explanation:
This question is asking you to consider the effects of object reuse. Object reuse is "reassigning to subject media that previously contained information. Object reuse is a security concern because if insufficient measures were taken to erase the information on the media, the information may be disclosed to unauthorized personnel."
This concept relates to Security Architecture and Design, because it is in level C2: Controlled Access Protection, of the Orange Book, where "The object reuse concept must be invoked, meaning that any medium holding data must not contain any remnants of information after it is release for another subject to use."
REFERENCE:
AIO Version 5 (Shon Harris), page 360
and
TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.


NEW QUESTION # 240
In which layer of the OSI Model are connection-oriented protocols located in the TCP/IP suite of protocols?

  • A. Transport layer
  • B. Physical layer
  • C. Application layer
  • D. Network layer

Answer: A

Explanation:
Connection-oriented protocols such as TCP provides reliability.
It is the responsibility of such protocols in the transport layer to ensure every byte is accounted for. The network layer does not provide reliability. It only privides the best route to get the traffic to the final destination address.
For your exam you should know the information below about OSI model:
The Open Systems Interconnection model (OSI) is a conceptual model that characterizes and standardizes the internal functions of a communication system by partitioning it into abstraction layers. The model is a product of the Open Systems Interconnection project at the International Organization for Standardization (ISO), maintained by the identification ISO/IEC 7498-1.
The model groups communication functions into seven logical layers. A layer serves the layer above it and is served by the layer below it. For example, a layer that provides error-free communications across a network provides the path needed by applications above it, while it calls the next lower layer to send and receive packets that make up the contents of that path. Two instances at one layer are connected by a horizontal.
OSI Model

Image source: http://www.petri.co.il/images/osi_model.JPG
PHYSICAL LAYER The physical layer, the lowest layer of the OSI model, is concerned with the transmission and reception of the unstructured raw bit stream over a physical medium. It describes the electrical/optical, mechanical, and functional interfaces to the physical medium, and carries the signals for all of the higher layers. It provides:
Data encoding: modifies the simple digital signal pattern (1s and 0s) used by the PC to better accommodate the characteristics of the physical medium, and to aid in bit and frame synchronization. It determines:
What signal state represents a binary 1
How the receiving station knows when a "bit-time" starts
How the receiving station delimits a frame
DATA LINK LAYER
The data link layer provides error-free transfer of data frames from one node to another
over the physical layer, allowing layers above it to assume virtually error-free transmission
over the link. To do this, the data link layer provides:
Link establishment and termination: establishes and terminates the logical link between two
nodes.
Frame traffic control: tells the transmitting node to "back-off" when no frame buffers are
available.
Frame sequencing: transmits/receives frames sequentially.
Frame acknowledgment: provides/expects frame acknowledgments. Detects and recovers
from errors that occur in the physical layer by retransmitting non-acknowledged frames and
handling duplicate frame receipt.
Frame delimiting: creates and recognizes frame boundaries.
Frame error checking: checks received frames for integrity.
Media access management: determines when the node "has the right" to use the physical
medium.
NETWORK LAYER
The network layer controls the operation of the subnet, deciding which physical path the
data should take based on network conditions, priority of service, and other factors. It
provides:
Routing: routes frames among networks.
Subnet traffic control: routers (network layer intermediate systems) can instruct a sending
station to "throttle back" its frame transmission when the router's buffer fills up.
Frame fragmentation: if it determines that a downstream router's maximum transmission
unit (MTU) size is less than the frame size, a router can fragment a frame for transmission
and re-assembly at the destination station.
Logical-physical address mapping: translates logical addresses, or names, into physical
addresses.
Subnet usage accounting: has accounting functions to keep track of frames forwarded by
subnet intermediate systems, to produce billing information.
Communications Subnet The network layer software must build headers so that the network layer software residing in the subnet intermediate systems can recognize them and use them to route data to the destination address.
This layer relieves the upper layers of the need to know anything about the data transmission and intermediate switching technologies used to connect systems. It establishes, maintains and terminates connections across the intervening communications facility (one or several intermediate systems in the communication subnet).
In the network layer and the layers below, peer protocols exist between a node and its immediate neighbor, but the neighbor may be a node through which data is routed, not the destination station. The source and destination stations may be separated by many intermediate systems.
TRANSPORT LAYER The transport layer ensures that messages are delivered error-free, in sequence, and with no losses or duplications. It relieves the higher layer protocols from any concern with the transfer of data between them and their peers.
The size and complexity of a transport protocol depends on the type of service it can get from the network layer. For a reliable network layer with virtual circuit capability, a minimal transport layer is required. If the network layer is unreliable and/or only supports datagrams, the transport protocol should include extensive error detection and recovery.
The transport layer provides:
Message segmentation: accepts a message from the (session) layer above it, splits the message into smaller units (if not already small enough), and passes the smaller units down to the network layer. The transport layer at the destination station reassembles the message. Message acknowledgment: provides reliable end-to-end message delivery with acknowledgments. Message traffic control: tells the transmitting station to "back-off" when no message buffers are available. Session multiplexing: multiplexes several message streams, or sessions onto one logical link and keeps track of which messages belong to which sessions (see session layer).
Typically, the transport layer can accept relatively large messages, but there are strict message size limits imposed by the network (or lower) layer. Consequently, the transport
layer must break up the messages into smaller units, or frames, prepending a header to
each frame.
The transport layer header information must then include control information, such as
message start and message end flags, to enable the transport layer on the other end to
recognize message boundaries. In addition, if the lower layers do not maintain sequence,
the transport header must contain sequence information to enable the transport layer on
the receiving end to get the pieces back together in the right order before handing the
received message up to the layer above.
End-to-end layers
Unlike the lower "subnet" layers whose protocol is between immediately adjacent nodes,
the transport layer and the layers above are true "source to destination" or end-to-end
layers, and are not concerned with the details of the underlying communications facility.
Transport layer software (and software above it) on the source station carries on a
conversation with similar software on the destination station by using message headers
and control messages.
SESSION LAYER
The session layer allows session establishment between processes running on different
stations. It provides:
Session establishment, maintenance and termination: allows two application processes on
different machines to establish, use and terminate a connection, called a session.
Session support: performs the functions that allow these processes to communicate over
the network, performing security, name recognition, logging, and so on.
PRESENTATION LAYER
The presentation layer formats the data to be presented to the application layer. It can be
viewed as the translator for the network. This layer may translate data from a format used
by the application layer into a common format at the sending station, then translate the
common format to a format known to the application layer at the receiving station.
The presentation layer provides:
Character code translation: for example, ASCII to EBCDIC.
Data conversion: bit order, CR-CR/LF, integer-floating point, and so on.
Data compression: reduces the number of bits that need to be transmitted on the network.
Data encryption: encrypt data for security purposes. For example, password encryption.
APPLICATION LAYER The application layer serves as the window for users and application processes to access network services. This layer contains a variety of commonly needed functions:
Resource sharing and device redirection Remote file access Remote printer access Inter-process communication Network management Directory services Electronic messaging (such as mail) Network virtual terminals
The following were incorrect answers:
Application Layer - The application layer serves as the window for users and application processes to access network services. Network layer - The network layer controls the operation of the subnet, deciding which physical path the data should take based on network conditions, priority of service, and other factors. Physical Layer - The physical layer, the lowest layer of the OSI model, is concerned with the transmission and reception of the unstructured raw bit stream over a physical medium. It describes the electrical/optical, mechanical, and functional interfaces to the physical medium, and carries the signals for all of the higher layers.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 260 and Official ISC2 guide to CISSP CBK 3rd Edition Page number 287 and http://en.wikipedia.org/wiki/Tcp_protocol


NEW QUESTION # 241
In a known plaintext attack, the cryptanalyst has knowledge of which of the following?

  • A. the plaintext and the algorithm
  • B. the plaintext and the secret key
  • C. the ciphertext and the key
  • D. both the plaintext and the associated ciphertext of several messages

Answer: D

Explanation:
In a known plaintext attack, the attacker has the plaintext and ciphertext of one or more messages. The goal is to discover the key used to encrypt the messages so that other messages can be deciphered and read. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 3rd Ed., chapter 8: Cryptography (page 676). Also check out: Handbook of Applied Cryptography 4th Edition by Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone.


NEW QUESTION # 242
......


ISC SSCP certification is an excellent choice for professionals who want to advance their careers in the field of information security. System Security Certified Practitioner (SSCP) certification is designed to validate an individual's expertise in security operations and administration, which is a critical skill set needed to ensure the security of an organization's information systems. With the increasing demand for information security professionals, the SSCP certification can help individuals stand out in a competitive job market.


Here is the Certification Path of ISC SSCP Exam

What are the prerequisites for this exam? What experience, if any, do I need in order to take the ISC SSCP exam?

ISC SSCP Dumps describes that to qualify, an applicant must meet all of the following criteria:

Candidates must be at least 18 years of age. Candidates must verify that they hold a bachelor's degree from a recognized university, or its equivalent, from a regionally accredited institution of higher learning in a field that is related to information systems security certification.

For example, if you have a computer science or computer engineering degree, you must have studied at an accredited university with a focus on information systems security. Candidates are required to have completed a minimum of seventy (70) hours of training in the topics like Coursework in information systems security, Incident handling, Ethical hacking, Digital forensics, Social engineering, the Security assessment in information systems, Vulnerability assessment in information systems, Cryptography for network events and controls at the network layer or higher, Cryptography for application events and controls at the application layer or higher, Cryptography for data at data layer or higher. Candidates must pass the ISC Certified Penetration Tester (CPT) certification exam.

 

Updated Apr-2024 Pass SSCP Exam - Real Practice Test Questions: https://passking.actualtorrent.com/SSCP-exam-guide-torrent.html

Related Blogs

more
ISC SSCP Certification Practice Exam

Copyright © 2026 ACTUALTORRENT.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.