SSCP

®

Systems Security Certified
Practitioner
Study Guide

George B. Murphy


Development Editor: Tom Cirtin
Technical Editors: Brian D. McCarthy and John Gilleland
Production Editor: Christine O’Connor
Copy Editor: Judy Flynn
Editorial Manager: Mary Beth Wakefield
Production Manager: Kathleen Wisor
Associate Publisher: Jim Minatel

Media Supervising Producer: Richard Graves
Book Designers: Judy Fung and Bill Gibson
Proofreader: Kim Wimpsett
Indexer: Ted Laux
Project Coordinator, Cover: Brent Savage
Cover Designer: Wiley
Cover Image: ©Getty Images Inc./Jeremy Woodhouse

Copyright © 2015 by John Wiley & Sons, Inc., Indianapolis, Indiana
Published simultaneously in Canada

ISBN: 978-1-119-05965-3
ISBN: 978-1-119-05968-4 (ebk.)
ISBN: 978-1-119-05995-0 (ebk.)
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means,
electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108
of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization
through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA
01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008,
or online at />Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with
respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including
without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or
promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is
sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services.
If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to
in this work as a citation and/or a potential source of further information does not mean that the author or the publisher
endorses the information the organization or Web site may provide or recommendations it may make. Further, readers
should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was
written and when it is read.
For general information on our other products and services or to obtain technical support, please contact our Customer Care
Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.
Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such
as a CD or DVD that is not included in the version you purchased, you may download this material at . For more information about Wiley products, visit www.wiley.com.
Library of Congress Control Number: 2015947763
TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley &
Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission.
SSCP, the SSCP logo, and the (ISC)2 logo are registered trademarks or service marks of the International Information Systems Security Certification Consortium. All other trademarks are the property of their respective owners. John Wiley &
Sons, Inc. is not associated with any product or vendor mentioned in this book.
10 9 8 7 6 5 4 3 2 1
Disclaimer: Wiley Publishing, Inc., in association with (ISC)2 ®, has prepared this study guide for general information
and for use as training for the Official (ISC)2 SSCP ® CBK® and not as legal or operational advice. This is a study guide

only, and does not imply that any questions or topics from this study guide will appear on the actual (ISC)2 SSCP ® certification examination. The study guide was not prepared with writers or editors associated with developing the (ISC)2 ®
SSCP ® certification examination. The study guide may contain errors and omissions. (ISC)2 ® does not guarantee a passing score on the exam or provide any assurance or guarantee relating to the use of this study guide and preparing for the
(ISC)2 ® SSCP ® certification examination.
The users of the Official SSCP ®: Systems Security Certified Practitioner Study Guide agree that Wiley Publishing, Inc. and
(ISC)2 ® are not liable for any indirect, special, incidental, or consequential damages up to and including negligence that may
arise from use of these materials. Under no circumstances, including negligence, shall Wiley Publishing Inc. or (ISC)2 ®, its
officers, directors, agents, author or anyone else involved in creating, producing or distributing these materials be liable for
any direct, indirect, incidental, special or consequential damages that may result from the use of this study guide.


Attacks on organizations’ information assets and infrastructure continue to escalate
while attackers refi ne and improve their tactics. The best way to combat these assaults
starts with qualified information security staff armed with proven technical skills and
practical security knowledge. Practitioners who have proven hands-on technical ability would do well to include the (ISC)2 Systems Security Certified Practitioner (SSCP ®)
credential in their arsenal of tools to competently handle day-to-day responsibilities
and secure their organization’s data and IT infrastructure.
The SSCP certification affi rms the breadth and depth of practical security knowledge
expected of those in hands-on operational IT roles. The SSCP provides industry-leading confi rmation of a practitioner’s ability to implement, monitor and administer policies and procedures that ensure data confidentiality, integrity and availability (CIA).
Reflecting the most relevant topics in our ever-changing field, this new SSCP Study Guide is a learning tool for
(ISC)2 certification exam candidates. This comprehensive study guide of the seven SSCP domains draws from a
global body of knowledge, and prepares you to join thousands of practitioners worldwide who have obtained
the (ISC)2 SSCP credential. The SSCP Study Guide will help facilitate the practical knowledge you need to
assure a strong security posture for your organization’s daily operations.
As the information security industry continues to transition, and cybersecurity becomes a global focus, the
SSCP Common Body of Knowledge (CBK®) is even more relevant to the challenges faced by today’s frontline
information security practitioner. While our Official Guides to the CBK are the authoritative references, the
new study guides are focused on educating the reader in preparation for exams. As an ANSI accredited certification body under the ISO/IEC 17024 standard, (ISC)2 does not teach the SSCP exam. Rather, we strive to
generate or endorse content that teaches the SSCP’s CBK. Candidates who have a strong understanding of the
CBK are best prepared for success with the exam and within the profession.
Advancements in technology bring about the need for updates, and we work to ensure that our content is always

relevant to the industry. (ISC)2 is breaking new ground by partnering with Wiley, a recognized industry-leading
brand. Developing a partnership with renowned content provider Wiley allows (ISC)2 to grow its offerings on
the scale required to keep our content fresh and aligned with the constantly changing environment. The power
of combining the expertise of our two organizations benefits certification candidates and the industry alike.
For more than 26 years, (ISC)2 has been recognized worldwide as a leader in the field of information security
education and certification. Earning an (ISC)2 credential also puts you in great company with a global network
of professionals who echo (ISC)2’s focus to inspire a safe a secure cyber world.
Congratulations on taking the fi rst step toward earning your certification. Good luck with your studies!
Regards,

David P. Shearer
CEO
(ISC)2

ffi rs.indd 09/18/2015 Page iii



To my beautiful wife, Cathy—thank you for your patience, understanding,
and especially your encouragement. You are and always will be my angel.
With much love.



Acknowledgments
It’s always amazing how many people are involved in the production of a book like this.
Everyone involved deserves a world of thanks for all of their hard work and efforts. I especially want to thank Carol Long, who was executive acquisitions editor for Wiley & Sons
when we started this project. I genuinely appreciate the opportunity that she afforded me.
I also owe so much to many others, especially Tom Cirtin, for keeping everything on track,
as well as Christine O’Connor, who tied together all of the production efforts. I want to

thank Jim Minatel for herding all of the cats and keeping it all running. Many thanks to
Judy Flynn for her tireless efforts in making sure all of the copy worked, as well as the
entire team of layout editors, graphic design folks, and others, all of whom provided their
expertise to make this project come together. I would like to express a big thanks to Brian
McCarthy for his knowledge and his wonderful work as technical editor. I would also like
to express my appreciation to both Mike Siok and Willie Williams for their friendship and
inspiration through a great many projects over the years. They have always been there to
lend an ear and offer encouragement. I want to recognize Chuck Easttom for giving me my
break into the world of publishing a few years ago. And, I want to especially thank all of
the wonderful folks at (ISC)2 for their ongoing assistance in this and many other projects.
Thank you all very much.



About the Author
George (Buzz) Murphy, CISSP, SSCP, CASP, is a public speaker, corporate trainer, author,
and cybersecurity evangelist who, over the past three decades, has touched the lives of
thousands of adult learners around the world through hundreds of speaking and training
events covering a variety of technical and cybersecurity topics. A former Dell technology
training executive and U.S. Army IT networking security instructor, he has addressed
audiences at national conferences, major corporations, and educational institutions, including Princeton University, and he has trained network and cybersecurity operators for the
U.S. military branches, various U.S. government security agencies, and foreign military
personnel.
As a military data center manager in Europe, he held a top-secret security clearance in
both U.S. and NATO intelligence and through the years has earned 26 IT and cybersecurity certifications from such prestigious organizations as (ISC)2 , CompTIA, PMI, and
Microsoft. He is an (ISC)2 Authorized Instructor specializing in CISSP and Cloud Security
certification training. He has authored, coauthored, and contributed to more than a dozen
books on a wide range of topics, including network engineering, industrial technology, and
IT security, and recently served as technical editor for the (ISC)2 CCFP – Certifi ed Cyber
Forensics Professional Certification Guide by Chuck Easttom (McGraw Hill, 2014) as well

as for the recent publication CASP: CompTIA Advanced Security Practitioner Study Guide
by Michael Greg (Sybex, 2014).



About the Technical Editor
Brian D. McCarthy, founder and director of 327 Solutions, Inc., has been involved in
placement, consulting, and training since 1992. Brian is an entrepreneur, IT trainer,
operations leader, certification expert, recruiter, instructional designer, sales executive,
formally trained project manager (PMP), and e-learning guru. He has more than 20 years
of talent development expertise, has been working in building technical competency for
decades, and has held multiple positions in operations, training facilitation, and sales
with increasing responsibility for building a world-class national network of performance
experts. Brian has worked hand in hand with the Department of Defense to enable information assurance compliance for cybersecurity workers (8570.1-M / 8140). He also has
experience working with cutting-edge e-learning, workshops, immersive environments,
gamification/contest design, method-of-action 3D animations, LMS tracking, portal systems, and other learning assets to accelerate world-class corporate teams.



Contents at a Glance
Introduction

xxv

Assessment Test
Chapter 1

xxxi
Information Security: The Systems Security
Certified Practitioner Certification


1

Chapter 2

Security Basics: A Foundation

27

Chapter 3

Domain 1: Access Controls

61

Chapter 4

Domain 2: Security Operations and Administration

121

Chapter 5

Domain 3: Risk Identification, Monitoring,
and Analysis

181

Chapter 6


Domain 4: Incident Response and Recovery

223

Chapter 7

Domain 5: Cryptography

261

Chapter 8

Domain 6: Networks and Communications

317

Chapter 9

Domain 7: Systems and Application Security

389

Appendix A

Answers to Written Labs

465

Appendix B


Answers to Review Questions

473

Appendix C

Diagnostic Tools

487

Index

511



Contents
Introduction

xxv

Assessment Test
Chapter

Chapter

1

2


xxxi
Information Security: The Systems Security
Certified Practitioner Certification

1

About the (ISC)2 Organization
(ISC)2 History
Organizational Structure and Programs
Exams, Testing, and Certification
Certification Qualification: The SSCP Common
Body of Knowledge
After Passing the Exam
Certification Maintenance
Types of IT Certifications?
About the Systems Security Certified
Practitioner Certification
How Do I Use My SSCP Knowledge on the Job?
The SSCP Exam
Preparing for the Exam
Booking the Exam
Taking the Exam
Summary
Exam Essentials

12
15
17
17
21

22
25
25

Security Basics: A Foundation

27

The Development of Security Techniques
Understanding Security Terms and Concepts
The Problem (Opportunity) and the Solution
Evolution of Items
Security Foundation Concepts
CIA Triad
Primary Security Categories
Access Control
Nonrepudiation
Risk
Prudent Man, Due Diligence, and Due Care
User Security Management
Least Privilege
AAA
Mandatory Vacation

28
29
29
31
38
38

39
40
42
42
44
44
45
45
46

2
3
3
6
6
8
9
10


xvi

Chapter

Contents

3

Separation of Duties
M of N Requirement

Two-Man Rule
Job Rotation
Geographic Access Control
Temporal Access Control, Time of Day Control
Privacy
Transparency
Implicit Deny
Personal Device (BYOD)
Privilege Management, Privilege Life Cycle
Participating in Security Awareness Education
Types of Security Awareness Education Programs
Working with Human Resources and Stakeholders
Senior Executives
Customers, Vendors, and Extranet Users Security
Awareness Programs
Summary
Exam Essentials
Written Lab
Review Questions

46
46
47
48
48
48
49
49
50
51

51
52
52
53
53

Domain 1: Access Controls

61

What Are Controls?
What Should Be Protected?
Why Control Access?
Types of Access Controls
Physical Access Controls
Logical Access Controls
Administrative Access Controls
Identification
Authentication
Factors of Authentication
Single-Factor Authentication
Multifactor Authentication
Token-Based Access Controls
System-Level Access Controls
Discretionary Access Control (DAC)
Nondiscretionary Access Control
Mandatory Access Control
Administering Mandatory Access Control
Trusted Systems
Mandatory Access Control Architecture Models


62
63
64
67
67
68
69
70
72
74
84
84
85
86
86
87
87
89
90
91

54
54
55
56
57


Contents


Chapter

Chapter

4

5

xvii

Account-Level Access Control
Session-Level Access Control
View-Based Access Control
Data-Level Access Control
Contextual- or Content-Based Access Control
Physical Data and Printed Media Access Control
Assurance of Accountability
Manage Internetwork Trust Architectures
Cloud-Based Security
Summary
Exam Essentials
Written Lab
Review Questions

94
104
104
105
106

106
107
108
111
113
114
115
116

Domain 2: Security Operations and
Administration

121

Security Administration Concepts and Principles
Security Equation
Security Policies and Practices
Data Management Policies
Data States
Information Life Cycle Management
Information Classification Policy
Endpoint Device Security
Endpoint Health Compliance
Endpoint Defense
Endpoint Device Policy
Security Education and Awareness Training
Employee Security Training Policy
Employee Security Training program
Business Continuity Planning
Developing a Business Continuity Plan

Disaster Recovery Plans
Summary
Exam Essentials
Written Lab
Review Questions

122
123
124
143
144
144
144
148
148
149
149
150
153
154
157
160
165
173
174
175
176

Domain 3: Risk Identification, Monitoring,
and Analysis


181

Understanding the Risk Management Process
Defining Risk
Risk Management Process

183
183
184


xviii

Contents

Risk Management Frameworks and Guidance for
Managing Risks
ISO/IEC 27005
NIST Special Publication 800-37 Revision 1
NIST Special Publication 800-39
Risk Analysis and Risk Assessment
Risk Analysis
Risk Assessments
Managing Risks
Treatment Plan
Risk Treatment
Risk Treatment Schedule
Risk Register
Risk Visibility and Reporting

Enterprise Risk Management
Continuous Monitoring
Security Operations Center
Threat Intelligence
Analyzing Monitoring Results
Security Analytics, Metrics, and Trends
Event Data Analysis
Visualization
Communicating Findings
Summary
Exam Essentials
Written Lab
Review Questions
Chapter

6

191
191
192
194
194
195
199
202
202
202
203
205
207

207
208
209
210
211
212
213
214
215
216
217
218
219

Domain 4: Incident Response and Recovery

223

Event and Incident Handling Policy
Standards
Procedures
Guidelines
Creating and Maintaining an Incident Response Plan
Law Enforcement and Media Communication
Building in Incident Response Team
Incident Response Records
Security Event Information
Incident Response Containment and Restoration
Implementation of Countermeasures
Understanding and Supporting Forensic Investigations

Incident Scene
Volatility of Evidence

224
225
225
226
226
229
231
232
233
233
235
235
236
237


Contents

Forensic Principles
Chain of Custody
Proper Investigation and Analysis of Evidence
Interpretation and Reporting Assessment Results
Understanding and Supporting the Business Continuity
Plan and the Disaster Recovery Plan
Emergency Response Plans and Procedures
Business Continuity Planning
Disaster Recovery Planning

Interim or Alternate Processing Strategies
Restoration Planning
Backup and Redundancy Implementation
Business Continuity Plan and Disaster Recovery Plan
Testing and Drills
Summary
Exam Essentials
Written Lab
Review Questions
Chapter

Chapter

7

8

xix

237
238
238
239
240
240
240
242
245
247
247

252
253
254
255
256

Domain 5: Cryptography

261

Concepts and Requirements of Cryptography
Terms and Concepts Used in Cryptography
Cryptographic Systems and Technology
Data Classification and Regulatory Requirements
Public Key Infrastructure and Certificate Management
Key Management
Key Generation
Key Distribution
Key Encrypting Keys
Key Retrieval
Secure Protocols
IPsec
Summary
Exam Essentials
Written Lab
Review Questions

263
263
272

297
299
303
303
303
304
304
306
306
311
311
313
314

Domain 6: Networks and Communications

317

Network Models
TCP/IP and OSI Reference Models
Network Design Topographies
Network Topology Models
Network Connection Models

318
319
330
330
334



xx

Contents

Media Access Models
Ports and Protocols
Ports
Common Protocols
Converged Network Communications
Network Monitoring and Control
Continuous Monitoring
Network Monitors
Managing Network Logs
Access Control Protocols and Standards
Remote Network Access Control
Remote User Authentication Services
RADIUS
TACACS/TACACS+/XTACACS
Local User Authentication Services
LDAP
Kerberos
Single Sign-On
Network Segmentation
Subnetting
Virtual Local Area Networks
Demilitarized Zones
Network Address Translation
Securing Devices
MAC Filtering and Limiting

Disabling Unused Ports
Security Posture
Firewall and Proxy Implementation
Firewalls
Firewall Rules
Network Routers and Switches
Routers
Switches
Intrusion Detection and Prevention Devices
Intrusion Detection Systems
Intrusion Prevention Systems
Wireless Intrusion Prevention Systems
Comparing Intrusion Detection Systems and Intrusion
Prevention Systems
Spam Filter to Prevent Email Spam
Telecommunications Remote Access
Network Access Control
Wireless & Cellular Technologies
IEEE 802.11x Wireless Protocols

335
336
336
338
340
341
341
341
342
343

343
346
347
347
348
348
348
350
351
352
353
353
354
355
356
356
356
357
357
359
361
361
363
363
364
364
365
366
368
368

368
369
370


Contents

WEP/WPA/WPA2
Wireless Networks
Cellular Network
WiMAX
Wireless MAN
Wireless WAN
Wireless LAN
Wireless Mesh Network
Bluetooth
Wireless Network Attacks
Wireless Access Points
Traffic Shaping Techniques and Devices
Quality of Service
Summary
Exam Essentials
Written Lab
Review Questions
Chapter

9

Domain 7: Systems and Application Security
Understand Malicious Code and Apply Countermeasures

Malicious Code Terms and Concepts
Managing Spam to Avoid Malware
Cookies and Attachments
Malicious Code Countermeasures
Malicious Add-Ons
Java Applets
ActiveX
User Threats and Endpoint Device Security
General Workstation Security
Physical Security
Securing Mobile Devices and Mobile
Device Management
Understand and Apply Cloud Security
Cloud Concepts and Cloud Security
Cloud Deployment Model Security
Cloud Service Model Security
Cloud Management Security
Cloud Legal and Privacy Concepts
Cloud Virtualization Security
Secure Data Warehouse and
Big Data Environments
Data Warehouse and Big Data Deployment and Operations
Securing the Data Warehouse and Data Environment

xxi

371
373
375
375

376
377
377
377
377
378
378
381
381
382
383
384
385
389
390
393
401
402
405
409
409
410
410
411
416
426
428
429
434
436

438
442
449
449
450
451


xxii

Contents

Secure Software-Defined Networks and Virtual Environments 451
Software-Defined Networks
452
Security Benefits and Challenges of Virtualization
455
Summary
457
Exam Essentials
458
Written Lab
459
Review Questions
460
Appendix

Appendix

Appendix


A

B

C

Answers to Written Labs

465

Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9

466
466
467
468
468
469
470
471

Answers to Review Questions


473

Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9

474
475
476
478
479
481
483
484

Diagnostic Tools
Microsoft Baseline Security Analyzer
Using the Tool
Microsoft Password Checker
Using the Tool
Internet Explorer Phishing and Malicious Software Filter
Using the Tool
Manage Internet Cookies
Using the Tool

Observing Logs with Event Viewer
Using the Tool
Viewing a Digital Certificate
Using the Tool
Monitoring PC Activities with Windows Performance Monitor
Using the Tool

487
488
488
491
491
492
493
494
494
495
495
497
497
500
500


Contents

Analyzing Error Messages in Event Viewer
Using the Tool
Calculate Hash Values
Using the Tool

Index

xxiii

504
504
508
509
511