SSCP System Security Certified Practitioner (SSCP) - Practice Questions

Question 10 (Security Operation Adimnistration)

Which of the following are the steps usually followed in the development of documents such as security policy, standards and procedures?

Select an option, then click Submit answer.

○
design, development, publication, coding, and testing.
○
design, evaluation, approval, publication, and implementation.
○
initiation, evaluation, development, approval, publication, implementation, and maintenance.
○
feasibility, development, approval, implementation, and integration.
○
& KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 3, 2002, Auerbach Publications.

Question 11 (Access Control)

Which division of the Orange Book deals with discretionary protection (need-to-know)?

Select an option, then click Submit answer.

○
D
○
C
○
B
○
A

Question 12 (Cryptography)

Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to convey session keys. This protocol establishes a long-term key once, and then requires no prior communication in order to establish or exchange keys on a session-by-session basis?

Select an option, then click Submit answer.

○
Internet Security Association and Key Management Protocol (ISAKMP)
○
Simple Key-management for Internet Protocols (SKIP)
○
Diffie-Hellman Key Distribution Protocol
○
IPsec Key exchange (IKE)

Reference / correct answer:

Simple Key-management for Internet Protocols (SKIP)

RFC 2828 (Internet Security Glossary) defines Simple Key Management for Internet Protocols (SKIP) as:

A key distribution protocol that uses hybrid encryption to convey session keys that are used to encrypt data in IP packets.

SKIP is an hybrid Key distribution protocol similar to SSL, except that it establishes a long-term key once, and then requires no prior communication in order to establish or exchange keys on a session-by-session basis. Therefore, no connection setup overhead exists and new keys values are not continually generated. SKIP uses the knowledge of its own secret key or private component and the destination's public component to calculate a unique key that can only be used between them.

IKE stand for Internet Key Exchange, it makes use of ISAKMP and OAKLEY internally.

Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP. IKE uses X.509 certificates for authentication and a Diffie–Hellman key exchange to set up a shared session secret from which cryptographic keys are derived.

The following are incorrect answers:

ISAKMP is an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism.

IKE is an Internet, IPsec, key-establishment protocol (partly based on OAKLEY) that is intended for putting in place authenticated keying material for use with ISAKMP and for other security associations, such as in AH and ESP.

IPsec Key exchange (IKE) is only a detracto.

Reference(s) used for this question:

SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.

and

http://en.wikipedia.org/wiki/Simple_Key-Management_for_Internet_Protocol and

http://en.wikipedia.org/wiki/Simple_Key-Management_for_Internet_Protocol

SSCP – System Security Certified Practitioner (SSCP)