ISC New 2024 SSCP Sample Questions Reliable SSCP Test Engine [Q498-Q523]

ISC New 2024 SSCP Sample Questions Reliable SSCP Test Engine

Feel ISC SSCP Dumps PDF Will likely be The best Option

The common mistakes made on the SSCP exam by candidates would be:

Not knowing how to respond to certain questions and guessing their responses. Guessing and guessing until it's too late, and guessing all the way up to the point where they know they are incorrect. Dressing inappropriately for the experience. The common mistakes here can be made by bringing inappropriate materials like cheat sheets and books during the exam. However, it's safe to take a copy of the syllabus and other documents that you can look at anytime you want during your exam. You can keep these in a folder and bring it with you using an organizer to avoid any trouble. Not knowing what to expect. Having anxiety and fear that they wouldn't pass because of their background especially if they've only been in IT for less than two years. Not preparing themselves physically and emotionally. By leaving the test center early before others, thus giving them less time to review their answers. Skipping questions. Not having the right training.

On the other hand, people who pass the exam by preparing themselves with SSCP Dumps would be able to answer questions confidently. Rather than having doubts about their answers; they could feel that they are right about their responses because of what they learned during training. They know what to expect and understand how difficult it is to pass these exams because of all the things they learned from their teachers who are ISC certified security professionals.

The SSCP certification is an excellent way for individuals to demonstrate their expertise in system security and advance their careers. It is especially valuable for those who are responsible for the security of organizational IT systems, such as network administrators, security analysts, and system engineers. System Security Certified Practitioner (SSCP) certification is recognized globally and is highly regarded by employers in various industries, including healthcare, finance, and government. By earning the SSCP certification, professionals can improve their job prospects and increase their earning potential in the field of system security.

Network & Communication Security (16%):

• Managing Network Security – This subject area covers one’s knowledge of segmentation, logical & physical network device placement, and secure device management;
• Understanding & Applying the Basic Concepts of Networking – This subsection includes the information about the transmission media types, OSI & TCP/IP models, network relationships, network topographies, as well as commonly used protocols and ports;
• Managing Network Access Controls – It contains the details regarding network access control & monitoring, network access control protocols & standards, and remote access operations & configuration;
• Configuring & Operating Wireless Technologies – This objective covers transmission security and wireless security devices.
• Configuring & Operating Network-Based Security Devices – It evaluates your skills in performing various actions, including the network intrusion detection & prevention systems, traffic-shaping devices, firewalls & proxies, and routers & switches;

 

NEW QUESTION # 498
Which virus category has the capability of changing its own code, making it harder to detect by anti-virus software?

• A. Stealth viruses
• B. Trojan horses
• C. Polymorphic viruses
• D. Logic bombs

Answer: C

Explanation:
Explanation/Reference:
A polymorphic virus has the capability of changing its own code, enabling it to have many different variants, making it harder to detect by anti-virus software. The particularity of a stealth virus is that it tries to hide its presence after infecting a system. A Trojan horse is a set of unauthorized instructions that are added to or replacing a legitimate program. A logic bomb is a set of instructions that is initiated when a specific event occurs.
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter
11: Application and System Development (page 786).

NEW QUESTION # 499
Which of the following biometric devices has the lowest user acceptance level?

• A. Retina Scan
• B. Hand geometry
• C. Signature recognition
• D. Fingerprint scan

Answer: A

Explanation:
According to the cited reference, of the given options, the Retina scan has the lowest user acceptance level as it is needed for the user to get his eye close to a device and it is not user friendly and very intrusive.
However, retina scan is the most precise with about one error per 10 millions usage.
Look at the 2 tables below. If necessary right click on the image and save it on your desktop for a larger view or visit the web site directly at https://sites.google.com/site/biometricsecuritysolutions/crossover-accuracy . Biometric Comparison Chart


Biometric Aspect Descriptions Reference(s) used for this question:
RHODES, Keith A., Chief Technologist, United States General Accounting Office, National Preparedness, Technologies to Secure Federal Buildings, April 2002 (page 10). and https://sites.google.com/site/biometricsecuritysolutions/crossover-accuracy

NEW QUESTION # 500
All of the following can be considered essential business functions that should be identified when creating a Business Impact Analysis (BIA) except one. Which of the following would not be considered an essential element of the BIA but an important TOPIC to include within the BCP plan:

• A. Purchasing
• B. Public Relations
• C. IT Network Support
• D. Accounting

Answer: B

Explanation:
Public Relations, although important to a company, is not listed as an
essential business function that should be identified and have loss criteria developed for.
All other entries are considered essential and should be identified and have loss criteria
developed.
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-
Hill/Osborne, 2002, chapter 9: Disaster Recovery and Business continuity (page 598).

NEW QUESTION # 501
Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.

• A. Eavesdropping
• B. Social Engineering
• C. Sniffing
• D. Shoulder Surfing
• E. None of the items are correct

Answer: B

NEW QUESTION # 502
What is the main difference between a Smurf and a Fraggle attack?

• A. A Smurf attack is UDP-based and a Fraggle attack is ICMP-based.
• B. A Smurf attack is UDP-based and a Fraggle attack is TCP-based.
• C. Smurf attack packets cannot be spoofed.
• D. A Smurf attack is ICMP-based and a Fraggle attack is UDP-based.

Answer: D

Explanation:
Section: Network and Telecommunications
Explanation/Reference:
Fraggle is an attack similar to Smurf, but instead of using ICMP, it uses UDP.
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 11:
Application and System Development (page 790).

NEW QUESTION # 503
Which of the following questions is less likely to help in assessing identification and authentication controls?

• A. Are passwords changed at least every ninety days or earlier if needed?
• B. Is a current list maintained and approved of authorized users and their access?
• C. Is there a process for reporting incidents?
• D. Are inactive user identifications disabled after a specified period of time?

Answer: C

Explanation:
Section: Access Control
Explanation/Reference:
Identification and authentication is a technical measure that prevents unauthorized people (or unauthorized processes) from entering an IT system. Access control usually requires that the system be able to identify and differentiate among users. Reporting incidents is more related to incident response capability (operational control) than to identification and authentication (technical control).
Source: SWANSON, Marianne, NIST Special Publication 800-26, Security Self-Assessment Guide for Information Technology Systems, November 2001 (Pages A-30 to A-32).

NEW QUESTION # 504
Which of the following best allows risk management results to be used knowledgeably?

• A. An uncertainty analysis
• B. A vulnerability analysis
• C. A threat identification
• D. A likelihood assessment

Answer: A

Explanation:
Risk management consists of two primary and one underlying activity; risk assessment and risk mitigation are the primary activities and uncertainty analysis is the underlying one. After having performed risk assessment and mitigation, an uncertainty analysis should be performed. Risk management must often rely on speculation, best guesses, incomplete data, and many unproven assumptions. A documented uncertainty analysis allows the risk management results to be used knowledgeably. A vulnerability analysis, likelihood assessment and threat identification are all parts of the collection and analysis of data part of the risk assessment, one of the primary activities of risk management. Source: SWANSON, Marianne & GUTTMAN, Barbara, National Institute of Standards and Technology (NIST), NIST Special Publication 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, September 1996 (pages 19-21).

NEW QUESTION # 505
SMTP can best be described as:

• A. a standard defining the format of e-mail messages.
• B. a host-to-host email protocol.
• C. an email retrieval protocol.
• D. a web-based e-mail reading protocol.

Answer: B

Explanation:
Section: Network and Telecommunications
Explanation/Reference:
Simple Mail Transfer Protocol (SMTP) is a host-to-host email protocol. An SMTP server accepts email messages from other systems and stores them for the addressees. Stored email can be read in various ways.
Users with interactive accounts on the email server machine can read the email using local email applications.
Users on other systems can download their email via email clients using POP or IMAP email retrieval protocols. Sometimes mail can also be read through a web-based interface (using HTTP or HTTPS). MIME is a standard defining the format of e-mail messages, as stated in RFC2045.
Source: GUTTMAN, Barbara & BAGWILL, Robert, NIST Special Publication 800-xx, Internet Security Policy: A Technical Guide, Draft Version, May 25, 2000 (pages 91-92).

NEW QUESTION # 506
Which backup method is additive because the time and tape space required for each night's backup grows during the week as it copies the day's changed files and the previous days' changed files up to the last full backup?

• A. differential backup method
• B. full backup method
• C. tape backup method.
• D. incremental backup method

Answer: A

Explanation:
Section: Risk, Response and Recovery
Explanation/Reference:
The Differential Backup Method is additive because the time and tape space required for each night's backup grows during the week as it copies the day's changed files and the previous days' changed files up to the last full backup.
Archive Bits
Unless you've done a lot of backups in your time you've probably never heard of an Archive Bit. An archive bit is, essentially, a tag that is attached to every file. In actuality, it is a binary digit that is set on or off in the file, but that's crummy technical jargon that doesn't really tell us anything. For the sake of our discussion, just think of it as the flag on a mail box. If the flag is up, it means the file has been changed. If it's down, then the file is unchanged.
Archive bits let the backup software know what needs to be backed up. The differential and incremental backup types rely on the archive bit to direct them.
Backup Types
Full or Normal
The "Full" or "normal" backup type is the most standard. This is the backup type that you would use if you wanted to backup every file in a given folder or drive. It backs up everything you direct it to regardless of what the archive bit says. It also resets all archive bits (puts the flags down). Most backup software, including the built-in Windows backup software, lets you select down to the individual file that you want backed up. You can also choose to backup things like the "system state".
Incremental
When you schedule an incremental backup, you are in essence instructing the software to only backup files that have been changed, or files that have their flag up. After the incremental backup of that file has occured, that flag will go back down. If you perform a normal backup on Monday, then an incremental backup on Wednesday, the only files that will be backed up are those that have changed since Monday. If on Thursday someone deletes a file by accident, in order to get it back you will have to restore the full backup from Monday, followed by the Incremental backup from Wednesday.
Differential
Differential backups are similar to incremental backups in that they only backup files with their archive bit, or flag, up. However, when a differential backup occurs it does not reset those archive bits which means, if the following day, another differential backup occurs, it will back up that file again regardless of whether that file has been changed or not.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 69.
And: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 9:
Disaster Recovery and Business continuity (pages 617-619).
And: http://www.brighthub.com/computing/windows-platform/articles/24531.aspx

NEW QUESTION # 507
What can be defined as a batch process dumping backup data through communications lines to a server at an alternate location?

• A. Remote journaling
• B. Data clustering
• C. Database shadowing
• D. Electronic vaulting

Answer: D

Explanation:
Explanation/Reference:
Electronic vaulting refers to the transfer of backup data to an off-site location. This is primarily a batch process of dumping backup data through communications lines to a server at an alternate location.
Electronic vaulting is accomplished by backing up system data over a network. The backup location is usually at a separate geographical location known as the vault site. Vaulting can be used as a mirror or a backup mechanism using the standard incremental or differential backup cycle. Changes to the host system are sent to the vault server in real-time when the backup method is implemented as a mirror. If vaulting updates are recorded in real-time, then it will be necessary to perform regular backups at the off- site location to provide recovery services due to inadvertent or malicious alterations to user or system data.
The following are incorrect answers:
Remote journaling refers to the parallel processing of transactions to an alternate site (as opposed to a batch dump process). Journaling is a technique used by database management systems to provide redundancy for their transactions. When a transaction is completed, the database management system duplicates the journal entry at a remote location. The journal provides sufficient detail for the transaction to be replayed on the remote system. This provides for database recovery in the event that the database becomes corrupted or unavailable.
Database shadowing uses the live processing of remote journaling, but creates even more redundancy by duplicating the database sets to multiple servers. There are also additional redundancy options available within application and database software platforms. For example, database shadowing may be used where a database management system updates records in multiple locations. This technique updates an entire copy of the database at a remote location.
Data clustering refers to the classification of data into groups (clusters). Clustering may also be used, although it should not be confused with redundancy. In clustering, two or more "partners" are joined into the cluster and may all provide service at the same time. For example, in an active-active pair, both systems may provide services at any time. In the case of a failure, the remaining partners may continue to provide service but at a decreased capacity.
The following resource(s) were used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 20403-20407 and 20411-20414 and 20375-20377 and 20280-20283). Auerbach Publications. Kindle Edition.

NEW QUESTION # 508
The Secure Hash Algorithm (SHA-1) creates:

• A. a variable length message digest from a variable length input message
• B. a variable length message digest from a fixed length input message
• C. a fixed length message digest from a variable length input message
• D. a fixed length message digest from a fixed length input message

Answer: C

Explanation:
Section: Cryptography
Explanation/Reference:
According to The CISSP Prep Guide, "The Secure Hash Algorithm (SHA-1) computes a fixed length message digest from a variable length input message." Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, page 160.
also see:
http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf

NEW QUESTION # 509
Which of the following is the act of performing tests and evaluations to test a system's security level to see if it complies with the design specifications and security requirements?

• A. Accuracy
• B. Validation
• C. Assessment
• D. Verification

Answer: D

Explanation:
Section: Security Operation Adimnistration
Explanation/Reference:
Verification vs. Validation:
Verification determines if the product accurately represents and meets the specifications. A product can be developed that does not match the original specifications. This step ensures that the specifications are properly met.
Validation determines if the product provides the necessary solution intended real-world problem. In large projects, it is easy to lose sight of overall goal. This exercise ensures that the main goal of the project is met.
From DITSCAP:
6.3.2. Phase 2, Verification. The Verification phase shall include activities to verify compliance of the system with previously agreed security requirements. For each life-cycle development activity, DoD Directive 5000.1 (reference (i)), there is a corresponding set of security activities, enclosure 3, that shall verify compliance with the security requirements and evaluate vulnerabilities.
6.3.3. Phase 3, Validation. The Validation phase shall include activities to evaluate the fully integrated system to validate system operation in a specified computing environment with an acceptable level of residual risk.
Validation shall culminate in an approval to operate.
You must also be familiar with Verification and Validation for the purpose of the exam. A simple definition for Verification would be whether or not the developers followed the design specifications along with the security requirements. A simple definition for Validation would be whether or not the final product meets the end user needs and can be use for a specific purpose.
Wikipedia has an informal description that is currently written as: Validation can be expressed by the query
"Are you building the right thing?" and Verification by "Are you building it right?
NOTE:
DITSCAP was replaced by DIACAP some time ago (2007). While DITSCAP had defined both a verification and a validation phase, the DIACAP only has a validation phase. It may not make a difference in the answer for the exam; however, DIACAP is the cornerstone policy of DOD C&A and IA efforts today. Be familiar with both terms just in case all of a sudden the exam becomes updated with the new term.
Reference(s) used for this question:
Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 1106). McGraw-Hill. Kindle Edition.
http://iase.disa.mil/ditscap/DITSCAP.html
https://en.wikipedia.org/wiki/Verification_and_validation
For the definition of "validation" in DIACAP, Click Here
Further sources for the phases in DIACAP, Click Here

NEW QUESTION # 510
Which of the following is the primary reason why a user would choose a dial-up modem connection to the Internet when they have a faster, secure Internet connection through the organization's network?

• A. To access web sites that blocked by the organization's proxy server.
• B. To check their personal e-mail.
• C. To circumvent the organization's security policy.
• D. To set up public services using the organization's resources.

Answer: C

Explanation:
Section: Network and Telecommunications
Explanation/Reference:
All the choices above represent examples of circumventing the organization's security policy, which is the primary reason why a user would be using a dial-up Internet connection when a secure connection is available through the organization's network.
Source: STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000, Chapter 1: Understanding Firewalls.

NEW QUESTION # 511
What can best be described as an abstract machine which must mediate all access to subjects to objects?

• A. A security domain
• B. The reference monitor
• C. The security perimeter
• D. The security kernel

Answer: B

Explanation:
The reference monitor is an abstract machine which must mediate all access to subjects to objects, be protected from modification, be verifiable as correct, and is always invoked. The security kernel is the hardware, firmware and software elements of a trusted computing base that implement the reference monitor concept. The security perimeter includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted. A security domain is a domain of trust that shares a single security policy and single management. Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

NEW QUESTION # 512
Authentication is based on which of the following:<br>(Choose three)

• A. Something you are
• B. Something you have
• C. Something you know
• D. Something you input
• E. Something you compute

Answer: A,B,C

Explanation:
The three types of authentication include something you know, something you have, and something you are.

NEW QUESTION # 513
Which of the following best describes remote journaling?

• A. Send hourly tapes containing transactions off-site.
• B. Send daily tapes containing transactions off-site.
• C. Real-time capture of transactions to multiple storage devices.
• D. Real time transmission of copies of the entries in the journal of transactions to an alternate site.

Answer: D

Explanation:
Explanation/Reference:
Remote Journaling is a technology to facilitate sending copies of the journal of transaction entries from a production system to a secondary system in realtime. The remote nature of such a connection is predicated upon having local journaling already established. Local journaling on the production side allows each change that ensues for a journal-eligible object e.g., database physical file, SQL table, data area, data queue, byte stream file residing within the IFS) to be recorded and logged. It's these local images that flow to the remote system. Once there, the journal entries serve a variety of purposes, from feeding a high availability software replay program or data warehouse to offering an offline, realtime vault of the most recent database changes.
Reference(s) used for this question:
The Essential Guide to Remote Journaling by IBM
and
TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
and
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 8: Business Continuity Planning and Disaster Recovery Planning (page 286).

NEW QUESTION # 514
Which is the last line of defense in a physical security sense?

• A. exterior barriers
• B. people
• C. interior barriers
• D. perimeter barriers

Answer: B

Explanation:
Explanation/Reference:
"Ultimately, people are the last line of defense for your company's assets" (Pastore & Dulaney, 2006, p.
529).
Pastore, M. and Dulaney, E. (2006). CompTIA Security+ study guide: Exam SY0-101. Indianapolis, IN:
Sybex.

NEW QUESTION # 515
Which of the following item would best help an organization to gain a common understanding of functions that are critical to its survival?

• A. A business assessment
• B. A disaster recovery plan
• C. A risk assessment
• D. A business impact analysis

Answer: D

Explanation:
A Business Impact Analysis (BIA) is an assessment of an organization's
business functions to develop an understanding of their criticality, recovery time objectives,
and resources needed.
By going through a Business Impact Analysis, the organization will gain a common
understanding of functions that are critical to its survival.
A risk assessment is an evaluation of the exposures present in an organization's external
and internal environments.
A Business Assessment generally include Business Analysis as a discipline and it has
heavy overlap with requirements analysis sometimes also called requirements engineering,
but focuses on identifying the changes to an organization that are required for it to achieve
strategic goals. These changes include changes to strategies, structures, policies,
processes, and information systems.
A disaster recovery plan is the comprehensive statement of consistent actions to be taken
before, during and after a disruptive event that causes a significant loss of information
systems resources.
Source: BARNES, James C. & ROTHSTEIN, Philip J., A Guide to Business Continuity
Planning, John Wiley & Sons, 2001 (page 57).

NEW QUESTION # 516
What type of cable is used with 100Base-TX Fast Ethernet?

• A. Category 5 unshielded twisted-pair (UTP).
• B. RG-58 cable.
• C. Category 3 or 4 unshielded twisted-pair (UTP).
• D. Fiber-optic cable

Answer: A

Explanation:
This is the type of cabling recommended for 100Base-TX networks.
Fiber-optic cable is incorrect. Incorrect media type for 100Base-TX -- 100Base-FX would denote fiber optic cabling.
"Category 3 or 4 unshielded twisted-pair (UTP)" is incorrect. These types are not recommended for 100Mbps operation.
RG-58 cable is incorrect. Incorrect media type for 100Base-TX.
References CBK, p. 428 AIO3, p. 455

NEW QUESTION # 517
CORRECT TEXT
Passwords should be changed every ________ days at a minimum. 90 days is the recommended minimum, but some resources will tell you that 30-60 days is ideal.

Answer:

NEW QUESTION # 518
In biometrics, the "one-to-one" search used to verify claim to an identity made by a person is considered:

• A. Auditing
• B. Identification
• C. Authentication
• D. Authorization

Answer: C

Explanation:
Biometric devices can be use for either IDENTIFICATION or AUTHENTICATION ONE TO ONE is for AUTHENTICATION This means that you as a user would provide some biometric credential such as your fingerprint. Then they will compare the template that you have provided with the one stored in the Database. If the two are exactly the same that prove that you are who you pretend to be.
ONE TO MANY is for IDENTIFICATION A good example of this would be within airport. Many airports today have facial recognition cameras, as you walk through the airport it will take a picture of your face and then compare the template (your face) with a database full of templates and see if there is a match between your template and the ones stored in the Database. This is for IDENTIFICATION of a person.
Some additional clarification or comments that might be helpful are: Biometrics establish authentication using specific information and comparing results to expected data. It does not perform well for identification purposes such as scanning for a person's face in a moving crowd for example.
Identification methods could include: username, user ID, account number, PIN, certificate, token, smart card, biometric device or badge.
Auditing is a process of logging or tracking what was done after the identity and
authentication process is completed.
Authorization is the rights the subject is given and is performed after the identity is
established.
Reference OIG (2007) p148, 167
Authentication in biometrics is a "one-to-one" search to verify claim to an identity made by
a person.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 38.

NEW QUESTION # 519
Which of the following centralized access control mechanisms is the least appropriate for mobile workers accessing the corporate network over analog lines?

• A. TACACS
• B. CHAP
• C. Call-back
• D. RADIUS

Answer: C

Explanation:
Explanation/Reference:
Call-back allows for a distant user connecting into a system to be called back at a number already listed in a database of trusted users. The disadvantage of this system is that the user must be at a fixed location whose phone number is known to the authentication server. Being mobile workers, users are accessing the system from multiple locations, making call-back inappropriate for them.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 44).

NEW QUESTION # 520
Which type of algorithm is considered to have the highest strength per bit of key length of any of the asymmetric algorithms?

• A. Advanced Encryption Standard (AES)
• B. Rivest, Shamir, Adleman (RSA)
• C. Elliptic Curve Cryptography (ECC)
• D. El Gamal

Answer: C

Explanation:
Explanation/Reference:
The other answers are not correct because:
"Rivest, Shamir, Adleman (RSA)" is incorrect because RSA is a "traditional" asymmetric algorithm. While it is reasonably strong, it is not considered to be as strong as ECC based systems.
"El Gamal" is incorrect because it is also a "traditional" asymmetric algorithm and not considered as strong as ECC based systems.
"Advanced Encryption Standard (AES)" is incorrect because the question asks specifically about asymmetric algorithms and AES is a symmetric algorithm.
References:
Official ISC2 Guide page: 258
All in One Third Edition page: 638
The RSA Crypto FAQ: http://www.rsa.com/rsalabs/node.asp?id=2241

NEW QUESTION # 521
Cable modems are less secure than DSL connections because cable modems are shared with other subscribers?

• A. True
• B. False

Answer: B

NEW QUESTION # 522
Which protocol makes USE of an electronic wallet on a customer's PC and sends encrypted credit card information to merchant's Web server, which digitally signs it and sends it on to its processing bank?

• A. SSH ( Secure Shell)
• B. S/MIME (Secure MIME)
• C. SSL (Secure Sockets Layer)
• D. SET (Secure Electronic Transaction)

Answer: D

Explanation:
As protocol was introduced by Visa and Mastercard to allow for more credit card transaction possibilities. It is comprised of three different pieces of software, running on the customer's PC (an electronic wallet), on the merchant's Web server and on the payment server of the merchant's bank. The credit card information is sent by the customer to the merchant's Web server, but it does not open it and instead digitally signs it and sends it to its bank's payment server for processing.
The following answers are incorrect because :
SSH (Secure Shell) is incorrect as it functions as a type of tunneling mechanism that provides terminal like access to remote computers.
S/MIME is incorrect as it is a standard for encrypting and digitally signing electronic mail
and for providing secure data transmissions.
SSL is incorrect as it uses public key encryption and provides data encryption, server
authentication, message integrity, and optional client authentication.
Reference : Shon Harris AIO v3 , Chapter-8: Cryptography , Page : 667-669

NEW QUESTION # 523
......

Use Valid New SSCP Test Notes & SSCP Valid Exam Guide: https://www.actualtestsquiz.com/SSCP-test-torrent.html

SSCP exam torrent ISC study guide: https://drive.google.com/open?id=119OT7pyh-oaYz7ff7MQCwzH3YohDmPDm