ISC2 SSCP Practice Questions on iPad

jonwinterburnjonwinterburn Member Posts: 161 ■■■■□□□□□□
So today I decided to buy all 4 SSCP practice question packs in the official ISC2 iPad app ($4.99 per pack, 25 questions per pack).

Has anyone else used these? I did the first 25 paid for questions and I've found 2 so far that I think are wrong. Or perhaps I'm totally wrong. You decide:

1. Transport Layer Security (TLS) adds security to which layer of the OSI model?
a. Application Layer
b. Application Layer
c. Session Layer
d. Transport Layer

Yes, you read that right. They put Application Layer for a and b. I chose Transport Layer, because it's in the name, Shon Harris tells us that for the exam, TLS is on the transport layer. The answer and explanation was: Despite the way TLS is named, it adds security at the Presentation Layer of the OSI stack, because it was named from the Transport Layer of the TCP/IP model.

First off, Presentation Layer wasn't available as a choice! Secondly, the explanation makes no sense to me.

2. Which of the following is a remote access technology?
a. IPSec
b. RADIUS
c. SSL
d. SSH

I chose RADIUS. The answer was SSH, because: SSH is a remote access mechanism used primarily to remotely administer systems.

Whilst that is correct, both RADIUS and SSH are protocols and although they do both provide remote access, I would have thought that the best answer would be RADIUS. What do you think?

Comments

  • JaxinJaxin Member Posts: 7 ■□□□□□□□□□
    For the first question, see this thread on the topic: http://www.techexams.net/forums/isc-sscp-cissp/101590-ssl-transport-layer-application-layer.htmlFor second question, I would have answered SSH. RADIUS gives authentication and authorization, but not remote access. SSH is the only answer on that list that allows one to issue commands on the target system. SSH can even utilize RADIUS for it's authorization and authentication... but SSH is still the technology that gives the actual remote access, not RADIUS.
  • EasyPeezyEasyPeezy Member Posts: 111 ■■■□□□□□□□
    Transport Layer Security (TLS) and Secure Sockets Layer (SSL) are both Presentation layer protocols… The clue was in what it does rather than the name. I believe there might have been something wrong with the formatting of the answers. Some test engines in an attempt to juggle the answers round totally screw it up. I have seen questions like:

    Jane Doe threw a big 19th birthday party at the weekend. She rocked the night at the beach with all her friends. Who is Jane Doe?
    A. Both A and B
    B. None of the above
    C. A 19 year old
    D. A girl

    Remote Access technologies are suites that give you direct access to manipulate a remote machine as though you were on it. Think RDP, DoToMyPC, TeamViewer, and SSH or cause.

    IPSec builds an end to end connection, SSL secures, RADIUS (Remote Authentication Dial-In User Service) as the name indicates is an authentication service.
  • jvrlopezjvrlopez Member Posts: 913 ■■■■□□□□□□
    How would you rate the rest of the questions? EP was right on with the breakdown for the questions.

    Saw a question at work on a training exam that read something along the lines of...

    "Which of the following are tools used here in the analysis shop?"

    A) True
    B) False
    And so you touch this limit, something happens and you suddenly can go a little bit further. With your mind power, your determination, your instinct, and the experience as well, you can fly very high. ~Ayrton Senna
  • jonwinterburnjonwinterburn Member Posts: 161 ■■■■□□□□□□
    I stand corrected. You're right of course; I made the classic mistake of not reading the questions properly. I'm used to Microsoft's testing, which I find clearer. With ISC2, it seems you must read each question closely to see the context they're being asked in.

    With regards to the other questions, they were all fine bar two. One had a typo and the other told me I had the wrong answer (digital certificate) and that the right answer was digital certificate! I do hope the real questions in the exam are accurate, because frankly I'm not impressed with ISC2 thus far. First the CISSP CBK 3rd edition is riddled with typos and errors, then these questions with a few errors.

    What is good is I've realised just how much I don't know, or more accurately, how much I haven't mastered. 15 years in IT with a ton of hands on experience and yet here I am struggling with basics like TLS. Well, that's why I'm doing SSCP then CISSP - to fill in the gaps and cement my knowledge.

    Thanks for your helpful comments.
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    RADIUS is Remote Authentication Dial In User Service. I don't know what that item's author's definition of "remote access" is, but I've only ever used RADIUS for remote access, usually over a modem. Maybe the author believes that RADIUS is only occasionally used for remote access, while SSH is always used for remote access--one answer being more correct than the other.
Sign In or Register to comment.