ISC2 SSCP Exam - Topic 11 Question 19 Discussion

Actual exam question for ISC2's SSCP exam

Question #: 19
Topic #: 11

[All SSCP Questions]

Which of the following can best eliminate dial-up access through a Remote Access Server as a hacking vector?

AUsing a TACACS+ server.

BInstalling the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall.

CSetting modem ring count to at least 5.

DOnly attaching modems to non-networked hosts.

Show Suggested Answer

Suggested Answer: B

Containing the dial-up problem is conceptually easy: by installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall, any access to internal resources through the RAS can be filtered as would any other connection coming from the Internet.

The use of a TACACS+ Server by itself cannot eliminate hacking.

Setting a modem ring count to 5 may help in defeating war-dialing hackers who look for modem by dialing long series of numbers.

Attaching modems only to non-networked hosts is not practical and would not prevent these hosts from being hacked.

Source: STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000, Chapter 2: Hackers.

by Cecily at May 06, 2022, 08:21 PM

Limited Time Offer

25%

Off

Get Premium SSCP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Filiberto

4 months ago

D seems a bit extreme, but I see the point.

upvoted 0 times

...

Ashlee

4 months ago

Wait, are we really still talking about dial-up?

upvoted 0 times

...

Tracie

4 months ago

C is just a band-aid solution.

upvoted 0 times

...

Belen

4 months ago

I disagree, A could work too.

upvoted 0 times

...

Tamala

5 months ago

B is definitely the best option here.

upvoted 0 times

...

Tonja

5 months ago

I recall that keeping modems off the network is a solid practice, but I wonder if that’s practical for all situations.

upvoted 0 times

...

Rosendo

5 months ago

I practiced a question similar to this, and I feel like setting the modem ring count could help, but I doubt it’s enough on its own.

upvoted 0 times

...

Sylvie

5 months ago

I think option B sounds familiar; it might be a good way to limit access, but I’m not entirely convinced it’s the best solution.

upvoted 0 times

...

Rose

5 months ago

I remember something about TACACS+ being more about authentication, but I'm not sure if it directly addresses dial-up vulnerabilities.

upvoted 0 times

...

Tonette

5 months ago

Hmm, I'm a little unsure about this one. Should the behavior analyst really avoid getting involved in interpersonal relationships? That doesn't seem very helpful. Maybe option D, setting up a social skills training program, could be a good approach.

upvoted 0 times

...

Katy

5 months ago

I think the key here is understanding how firewall NAT rules function. I'll need to carefully think through the process to determine if the statement is true or false.

upvoted 0 times

...

Stanton

5 months ago

I think I saw a practice question about continuous improvement being a key criterion. That might make option B viable.

upvoted 0 times

...

Jenelle

5 months ago

Okay, let me think this through step-by-step. The question is asking which character matches the end of a line in a regular expression. Looking at the options, C seems like the most logical choice since the $ symbol is commonly used for that purpose. I'll go with C.

upvoted 0 times

...