ISC SSCP Exam Questions

Web Applications

XSS or Cross-Site Scripting is a threat to web applications where malicious
code is placed on a website that attacks the use using their existing authenticated session
status.
Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are
injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks
occur when an attacker uses a web application to send malicious code, generally in the
form of a browser side script, to a different end user. Flaws that allow these attacks to
succeed are quite widespread and occur anywhere a web application uses input from a
user in the output it generates without validating or encoding it.
An attacker can use XSS to send a malicious script to an unsuspecting user. The end
user’s browser has no way to know that the script should not be trusted, and will execute
the script. Because it thinks the script came from a trusted source, the malicious script can
access any cookies, session tokens, or other sensitive information retained by your
browser and used with that site. These scripts can even rewrite the content of the HTML
page.
Mitigation:
Configure your IPS - Intrusion Prevention System to detect and suppress this traffic.
Input Validation on the web application to normalize inputted data.
Set web apps to bind session cookies to the IP Address of the legitimate user and only
permit that IP Address to use that cookie.
See the XSS (Cross Site Scripting) Prevention Cheat Sheet
See the Abridged XSS Prevention Cheat Sheet
See the DOM based XSS Prevention Cheat Sheet
See the OWASP Development Guide article on Phishing.
See the OWASP Development Guide article on Data Validation. The following answers are incorrect:
Intrusion Detection Systems: Sorry. IDS Systems aren't usually the target of XSS attacks
but a properly-configured IDS/IPS can "detect and report on malicious string and suppress
the TCP connection in an attempt to mitigate the threat.
Firewalls: Sorry. Firewalls aren't usually the target of XSS attacks.
DNS Servers: Same as above, DNS Servers aren't usually targeted in XSS attacks but
they play a key role in the domain name resolution in the XSS attack process.
The following reference(s) was used to create this question:
CCCure Holistic Security+ CBT and Curriculum
and
https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29

Script kiddies

As script kiddies are low to moderately skilled hackers using available scripts
and tools to easily launch attacks against victims.
The other answers are incorrect because :
Black hats is incorrect as they are malicious , skilled hackers.
White hats is incorrect as they are security professionals.
Phreakers is incorrect as they are telephone/PBX (private branch exchange) hackers.
Reference : Shon Harris AIO v3 , Chapter 12: Operations security , Page : 830

Salami techniques

Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide,
McGraw-Hill/Osborne, 2001, Page 644.

Trojan horse.

A trojan horse is any code that appears to have some useful purpose but
also contains code that has a malicious or harmful purpose imbedded in it. A Trojan often
also includes a trapdoor as a means to gain access to a computer system bypassing
security controls.
Wikipedia defines it as:
A Trojan horse, or Trojan, in computing is a non-self-replicating type of malware program containing malicious code that, when executed, carries out actions determined by the
nature of the Trojan, typically causing loss or theft of data, and possible system harm. The
term is derived from the story of the wooden horse used to trick defenders of Troy into
taking concealed warriors into their city in ancient Greece, because computer Trojans often
employ a form of social engineering, presenting themselves as routine, useful, or
interesting in order to persuade victims to install them on their computers.
The following answers are incorrect:
virus. Is incorrect because a Virus is a malicious program and is does not appear to be
harmless, it's sole purpose is malicious intent often doing damage to a system. A computer
virus is a type of malware that, when executed, replicates by inserting copies of itself
(possibly modified) into other computer programs, data files, or the boot sector of the hard
drive; when this replication succeeds, the affected areas are then said to be "infected".
worm. Is incorrect because a Worm is similiar to a Virus but does not require user
intervention to execute. Rather than doing damage to the system, worms tend to selfpropagate
and devour the resources of a system. A computer worm is a standalone
malware computer program that replicates itself in order to spread to other computers.
Often, it uses a computer network to spread itself, relying on security failures on the target
computer to access it. Unlike a computer virus, it does not need to attach itself to an
existing program. Worms almost always cause at least some harm to the network, even if
only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a
targeted computer.
trapdoor. Is incorrect because a trapdoor is a means to bypass security by hiding an entry
point into a system. Trojan Horses often have a trapdoor imbedded in them.
References:
http://en.wikipedia.org/wiki/Trojan_horse_%28computing%29
and
http://en.wikipedia.org/wiki/Computer_virus
and
http://en.wikipedia.org/wiki/Computer_worm
and
http://en.wikipedia.org/wiki/Backdoor_%28computing%29 

Gaining Money or Financial Gains.

A few years ago the best choice for this question would have been seeing
how far their skills can take them. Today this has changed greatly, most crimes committed
are financially motivated.
Profit is the most widespread motive behind all cybercrimes and, indeed, most crimeseveryone
wants to make money. Hacking for money or for free services includes a
smorgasbord of crimes such as embezzlement, corporate espionage and being a “hacker
for hire”. Scams are easier to undertake but the likelihood of success is much lower.
Money-seekers come from any lifestyle but those with persuasive skills make better con
artists in the same way as those who are exceptionally tech-savvy make better “hacks for
hire”.
"White hats" are the security specialists (as opposed to Black Hats) interested in helping
the community in securing their networks. They will test systems and network with the
owner authorization.
A Black Hat is someone who uses his skills for offensive purpose. They do not seek
authorization before they attempt to comprise the security mechanisms in place.
"Grey Hats" are people who sometimes work as a White hat and other times they will work as a "Black Hat", they have not made up their mind yet as to which side they prefer to be.
The following are incorrect answers:
All the other choices could be possible reasons but the best one today is really for financial
gains.
References used for this question:
http://library.thinkquest.org/04oct/00460/crimeMotives.html
and
http://www.informit.com/articles/article.aspx?p=1160835
and
http://www.aic.gov.au/documents/1/B/A/%7B1BA0F612-613A-494D-B6C5-
06938FE8BB53%7Dhtcb006.pdf