Free Access to ISC.SSCP.v2022-07-27.q281 with Valid Practice Test (Page 9)

Question 36

Which of the following DoD Model layer provides non-repudiation services?

A.network layer.
B.application layer.
C.transport layer.
D.data link layer.

Question 37

Which of the following is an issue with signature-based intrusion detection systems?

A.Only previously identified attack signatures are detected.
B.Signature databases must be augmented with inferential elements.
C.It runs only on the windows operating system
D.Hackers can circumvent signature evaluations.

Question 38

Which of the following are additional terms used to describe knowledge-based IDS and behavior-based IDS?

A.signature-based IDS and statistical anomaly-based IDS, respectively
B.signature-based IDS and dynamic anomaly-based IDS, respectively
C.anomaly-based IDS and statistical-based IDS, respectively
D.signature-based IDS and motion anomaly-based IDS, respectively.

Question 39

Which of the following Kerberos components holds all users' and services' cryptographic keys?

A.The Key Distribution Service
B.The Authentication Service
C.The Key Distribution Center
D.The Key Granting Service

Question 40

Which of the following is a CHARACTERISTIC of a decision support system (DSS) in regards to Threats and Risks Analysis?

A.DSS is aimed at solving highly structured problems.
B.DSS emphasizes flexibility in the decision making approach of users.
C.DSS supports only structured decision-making tasks.
D.DSS combines the use of models with non-traditional data access and retrieval functions.

Correct Answer: B

DSS emphasizes flexibility in the decision-making approach of users. It is
aimed at solving less structured problems, combines the use of models and analytic
techniques with traditional data access and retrieval functions and supports semi-structured
decision-making tasks.
DSS is sometimes referred to as the Delphi Method or Delphi Technique:
The Delphi technique is a group decision method used to ensure that each member gives
an honest opinion of what he or she thinks the result of a particular threat will be. This
avoids a group of individuals feeling pressured to go along with others' thought processes
and enables them to participate in an independent and anonymous way. Each member of
the group provides his or her opinion of a certain threat and turns it in to the team that is
performing the analysis. The results are compiled and distributed to the group members,
who then write down their comments anonymously and return them to the analysis group.
The comments are compiled and redistributed for more comments until a consensus is
formed. This method is used to obtain an agreement on cost, loss values, and probabilities
of occurrence without individuals having to agree verbally.
Here is the ISC2 book coverage of the subject:
One of the methods that uses consensus relative to valuation of information is the
consensus/modified Delphi method. Participants in the valuation exercise are asked to
comment anonymously on the task being discussed. This information is collected and
disseminated to a participant other than the original author. This participant comments
upon the observations of the original author. The information gathered is discussed in a
public forum and the best course is agreed upon by the group (consensus).
EXAM TIP:
The DSS is what some of the books are referring to as the Delphi Method or Delphi
Technique. Be familiar with both terms for the purpose of the exam.
The other answers are incorrect:
'DSS is aimed at solving highly structured problems' is incorrect because it is aimed at
solving less structured problems.
'DSS supports only structured decision-making tasks' is also incorrect as it supports semi-
structured decision-making tasks.
'DSS combines the use of models with non-traditional data access and retrieval functions'
is also incorrect as it combines the use of models and analytic techniques with traditional
data access and retrieval functions.
Reference(s) used for this question:
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (p. 91). McGraw-Hill.
Kindle Edition.
and
Schneiter, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition :
Information Security Governance and Risk Management ((ISC)2 Press) (Kindle Locations
1424-1426). Auerbach Publications. Kindle Edition.

Question 36

Question 37

Question 38

Question 39

Question 40

Download PDF File