Winter Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtreat

SSCP Systems Security Certified Practitioner Questions and Answers

Questions 4

The information security staff's participation in which of the following system development life cycle phases provides maximum benefit to the organization?

Options:

A.

project initiation and planning phase

B.

system design specifications phase

C.

development and documentation phase

D.

in parallel with every phase throughout the project

Buy Now
Questions 5

Why does compiled code pose more of a security risk than interpreted code?

Options:

A.

Because malicious code can be embedded in compiled code and be difficult to detect.

B.

If the executed compiled code fails, there is a chance it will fail insecurely.

C.

Because compilers are not reliable.

D.

There is no risk difference between interpreted code and compiled code.

Buy Now
Questions 6

A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?

Options:

A.

Covert channel

B.

Overt channel

C.

Opened channel

D.

Closed channel

Buy Now
Questions 7

Who of the following is responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data?

Options:

A.

Business and functional managers

B.

IT Security practitioners

C.

System and information owners

D.

Chief information officer

Buy Now
Questions 8

What does "System Integrity" mean?

Options:

A.

The software of the system has been implemented as designed.

B.

Users can't tamper with processes they do not own.

C.

Hardware and firmware have undergone periodic testing to verify that they are functioning properly.

D.

Design specifications have been verified against the formal top-level specification.

Buy Now
Questions 9

Which of the following statements pertaining to protection rings is false?

Options:

A.

They provide strict boundaries and definitions on what the processes that work within each ring can access.

B.

Programs operating in inner rings are usually referred to as existing in a privileged mode.

C.

They support the CIA triad requirements of multitasking operating systems.

D.

They provide users with a direct access to peripherals

Buy Now
Questions 10

The control of communications test equipment should be clearly addressed by security policy for which of the following reasons?

Options:

A.

Test equipment is easily damaged.

B.

Test equipment can be used to browse information passing on a network.

C.

Test equipment is difficult to replace if lost or stolen.

D.

Test equipment must always be available for the maintenance personnel.

Buy Now
Questions 11

Who is responsible for initiating corrective measures and capabilities used when there are security violations?

Options:

A.

Information systems auditor

B.

Security administrator

C.

Management

D.

Data owners

Buy Now
Questions 12

Which of the following would be best suited to oversee the development of an information security policy?

Options:

A.

System Administrators

B.

End User

C.

Security Officers

D.

Security administrators

Buy Now
Questions 13

Step-by-step instructions used to satisfy control requirements is called a:

Options:

A.

policy

B.

standard

C.

guideline

D.

procedure

Buy Now
Questions 14

Which of the following best corresponds to the type of memory addressing where the address location that is specified in the program instruction contains the address of the final desired location?

Options:

A.

Direct addressing

B.

Indirect addressing

C.

Indexed addressing

D.

Program addressing

Buy Now
Questions 15

Which of the following embodies all the detailed actions that personnel are required to follow?

Options:

A.

Standards

B.

Guidelines

C.

Procedures

D.

Baselines

Buy Now
Questions 16

Which of the following is less likely to be included in the change control sub-phase of the maintenance phase of a software product?

Options:

A.

Estimating the cost of the changes requested

B.

Recreating and analyzing the problem

C.

Determining the interface that is presented to the user

D.

Establishing the priorities of requests

Buy Now
Questions 17

A security evaluation report and an accreditation statement are produced in which of the following phases of the system development life cycle?

Options:

A.

project initiation and planning phase

B.

system design specification phase

C.

development & documentation phase

D.

acceptance phase

Buy Now
Questions 18

Buffer overflow and boundary condition errors are subsets of which of the following?

Options:

A.

Race condition errors.

B.

Access validation errors.

C.

Exceptional condition handling errors.

D.

Input validation errors.

Buy Now
Questions 19

What is called a system that is capable of detecting that a fault has occurred and has the ability to correct the fault or operate around it?

Options:

A.

A fail safe system

B.

A fail soft system

C.

A fault-tolerant system

D.

A failover system

Buy Now
Questions 20

Which of the following can be used as a covert channel?

Options:

A.

Storage and timing.

B.

Storage and low bits.

C.

Storage and permissions.

D.

Storage and classification.

Buy Now
Questions 21

Whose role is it to assign classification level to information?

Options:

A.

Security Administrator

B.

User

C.

Owner

D.

Auditor

Buy Now
Questions 22

The viewing of recorded events after the fact using a closed-circuit TV camera is considered a

Options:

A.

Preventative control.

B.

Detective control

C.

Compensating control

D.

Corrective control

Buy Now
Questions 23

Which type of attack involves the alteration of a packet at the IP level to convince a system that it is communicating with a known entity in order to gain access to a system?

Options:

A.

TCP sequence number attack

B.

IP spoofing attack

C.

Piggybacking attack

D.

Teardrop attack

Buy Now
Questions 24

How long are IPv4 addresses?

Options:

A.

32 bits long.

B.

64 bits long.

C.

128 bits long.

D.

16 bits long.

Buy Now
Questions 25

During which phase of an IT system life cycle are security requirements developed?

Options:

A.

Operation

B.

Initiation

C.

Functional design analysis and Planning

D.

Implementation

Buy Now
Questions 26

Which of the following is NOT a defined ISO basic task related to network management?

Options:

A.

Fault management

B.

Accounting resources

C.

Security management

D.

Communications management

Buy Now
Questions 27

Which of the following elements of telecommunications is not used in assuring confidentiality?

Options:

A.

Network security protocols

B.

Network authentication services

C.

Data encryption services

D.

Passwords

Buy Now
Questions 28

In SSL/TLS protocol, what kind of authentication is supported when you establish a secure session between a client and a server?

Options:

A.

Peer-to-peer authentication

B.

Only server authentication (optional)

C.

Server authentication (mandatory) and client authentication (optional)

D.

Role based authentication scheme

Buy Now
Questions 29

Which of the following is the core of fiber optic cables made of?

Options:

A.

PVC

B.

Glass fibers

C.

Kevlar

D.

Teflon

Buy Now
Questions 30

Which of the following service is a distributed database that translate host name to IP address to IP address to host name?

Options:

A.

DNS

B.

FTP

C.

SSH

D.

SMTP

Buy Now
Questions 31

What type of cable is used with 100Base-TX Fast Ethernet?

Options:

A.

Fiber-optic cable

B.

Category 3 or 4 unshielded twisted-pair (UTP).

C.

Category 5 unshielded twisted-pair (UTP).

D.

RG-58 cable.

Buy Now
Questions 32

Which type of attack involves impersonating a user or a system?

Options:

A.

Smurfing attack

B.

Spoofing attack

C.

Spamming attack

D.

Sniffing attack

Buy Now
Questions 33

How would an IP spoofing attack be best classified?

Options:

A.

Session hijacking attack

B.

Passive attack

C.

Fragmentation attack

D.

Sniffing attack

Buy Now
Questions 34

Which of the following services relies on UDP?

Options:

A.

FTP

B.

Telnet

C.

DNS

D.

SMTP

Buy Now
Questions 35

Domain Name Service is a distributed database system that is used to map:

Options:

A.

Domain Name to IP addresses.

B.

MAC addresses to domain names.

C.

MAC Address to IP addresses.

D.

IP addresses to MAC Addresses.

Buy Now
Questions 36

In the UTP category rating, the tighter the wind:

Options:

A.

the higher the rating and its resistance against interference and crosstalk.

B.

the slower the rating and its resistance against interference and attenuation.

C.

the shorter the rating and its resistance against interference and attenuation.

D.

the longer the rating and its resistance against interference and attenuation.

Buy Now
Questions 37

Which of the following protocols operates at the session layer (layer 5)?

Options:

A.

RPC

B.

IGMP

C.

LPD

D.

SPX

Buy Now
Questions 38

A packet containing a long string of NOP's followed by a command is usually indicative of what?

Options:

A.

A syn scan.

B.

A half-port scan.

C.

A buffer overflow attack.

D.

A packet destined for the network's broadcast address.

Buy Now
Questions 39

Before the advent of classless addressing, the address 128.192.168.16 would have been considered part of:

Options:

A.

a class A network.

B.

a class B network.

C.

a class C network.

D.

a class D network.

Buy Now
Questions 40

ICMP and IGMP belong to which layer of the OSI model?

Options:

A.

Datagram Layer.

B.

Network Layer.

C.

Transport Layer.

D.

Data Link Layer.

Buy Now
Questions 41

The IP header contains a protocol field. If this field contains the value of 17, what type of data is contained within the ip datagram?

Options:

A.

TCP.

B.

ICMP.

C.

UDP.

D.

IGMP.

Buy Now
Questions 42

Which of the following statements is NOT true of IPSec Transport mode?

Options:

A.

It is required for gateways providing access to internal systems

B.

Set-up when end-point is host or communications terminates at end-points

C.

If used in gateway-to-host communication, gateway must act as host

D.

When ESP is used for the security protocol, the hash is only applied to the upper layer protocols contained in the packet

Buy Now
Questions 43

Which of the following is a tool often used to reduce the risk to a local area network (LAN) that has external connections by filtering Ingress and Egress traffic?

Options:

A.

a firewall.

B.

dial-up.

C.

passwords.

D.

fiber optics.

Buy Now
Questions 44

What ensures that the control mechanisms correctly implement the security policy for the entire life cycle of an information system?

Options:

A.

Accountability controls

B.

Mandatory access controls

C.

Assurance procedures

D.

Administrative controls

Buy Now
Questions 45

Which of the following is an IDS that acquires data and defines a "normal" usage profile for the network or host?

Options:

A.

Statistical Anomaly-Based ID

B.

Signature-Based ID

C.

dynamical anomaly-based ID

D.

inferential anomaly-based ID

Buy Now
Questions 46

Which of the following usually provides reliable, real-time information without consuming network or host resources?

Options:

A.

network-based IDS

B.

host-based IDS

C.

application-based IDS

D.

firewall-based IDS

Buy Now
Questions 47

The session layer provides a logical persistent connection between peer hosts. Which of the following is one of the modes used in the session layer to establish this connection?

Options:

A.

Full duplex

B.

Synchronous

C.

Asynchronous

D.

Half simplex

Buy Now
Questions 48

What is the essential difference between a self-audit and an independent audit?

Options:

A.

Tools used

B.

Results

C.

Objectivity

D.

Competence

Buy Now
Questions 49

Which of the following is most likely to be useful in detecting intrusions?

Options:

A.

Access control lists

B.

Security labels

C.

Audit trails

D.

Information security policies

Buy Now
Questions 50

Who should measure the effectiveness of Information System security related controls in an organization?

Options:

A.

The local security specialist

B.

The business manager

C.

The systems auditor

D.

The central security manager

Buy Now
Questions 51

The fact that a network-based IDS reviews packets payload and headers enable which of the following?

Options:

A.

Detection of denial of service

B.

Detection of all viruses

C.

Detection of data corruption

D.

Detection of all password guessing attacks

Buy Now
Questions 52

Which of the following is NOT a fundamental component of an alarm in an intrusion detection system?

Options:

A.

Communications

B.

Enunciator

C.

Sensor

D.

Response

Buy Now
Questions 53

In the process of gathering evidence from a computer attack, a system administrator took a series of actions which are listed below. Can you identify which one of these actions has compromised the whole evidence collection process?

Options:

A.

Using a write blocker

B.

Made a full-disk image

C.

Created a message digest for log files

D.

Displayed the contents of a folder

Buy Now
Questions 54

Which of the following is NOT a valid reason to use external penetration service firms rather than corporate resources?

Options:

A.

They are more cost-effective

B.

They offer a lack of corporate bias

C.

They use highly talented ex-hackers

D.

They ensure a more complete reporting

Buy Now
Questions 55

A host-based IDS is resident on which of the following?

Options:

A.

On each of the critical hosts

B.

decentralized hosts

C.

central hosts

D.

bastion hosts

Buy Now
Questions 56

Which one of the following statements about the advantages and disadvantages of network-based Intrusion detection systems is true

Options:

A.

Network-based IDSs are not vulnerable to attacks.

B.

Network-based IDSs are well suited for modern switch-based networks.

C.

Most network-based IDSs can automatically indicate whether or not an attack was successful.

D.

The deployment of network-based IDSs has little impact upon an existing network.

Buy Now
Questions 57

Which of the following tools is NOT likely to be used by a hacker?

Options:

A.

Nessus

B.

Saint

C.

Tripwire

D.

Nmap

Buy Now
Questions 58

Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished:

Options:

A.

through access control mechanisms that require identification and authentication and through the audit function.

B.

through logical or technical controls involving the restriction of access to systems and the protection of information.

C.

through logical or technical controls but not involving the restriction of access to systems and the protection of information.

D.

through access control mechanisms that do not require identification and authentication and do not operate through the audit function.

Buy Now
Questions 59

A timely review of system access audit records would be an example of which of the basic security functions?

Options:

A.

avoidance

B.

deterrence

C.

prevention

D.

detection

Buy Now
Questions 60

Attributes that characterize an attack are stored for reference using which of the following Intrusion Detection System (IDS) ?

Options:

A.

signature-based IDS

B.

statistical anomaly-based IDS

C.

event-based IDS

D.

inferent-based IDS

Buy Now
Questions 61

Which of the following is NOT an advantage that TACACS+ has over TACACS?

Options:

A.

Event logging

B.

Use of two-factor password authentication

C.

User has the ability to change his password

D.

Ability for security tokens to be resynchronized

Buy Now
Questions 62

At which OSI/ISO layer is an encrypted authentication between a client software package and a firewall performed?

Options:

A.

Network layer

B.

Session layer

C.

Transport layer

D.

Data link layer

Buy Now
Questions 63

Which protocol is NOT implemented in the Network layer of the OSI Protocol Stack?

Options:

A.

hyper text transport protocol

B.

Open Shortest Path First

C.

Internet Protocol

D.

Routing Information Protocol

Buy Now
Questions 64

What IDS approach relies on a database of known attacks?

Options:

A.

Signature-based intrusion detection

B.

Statistical anomaly-based intrusion detection

C.

Behavior-based intrusion detection

D.

Network-based intrusion detection

Buy Now
Questions 65

Which of the following is required in order to provide accountability?

Options:

A.

Authentication

B.

Integrity

C.

Confidentiality

D.

Audit trails

Buy Now
Questions 66

Which of the following would assist the most in Host Based intrusion detection?

Options:

A.

audit trails.

B.

access control lists.

C.

security clearances

D.

host-based authentication

Buy Now
Questions 67

Which of the following would NOT violate the Due Diligence concept?

Options:

A.

Security policy being outdated

B.

Data owners not laying out the foundation of data protection

C.

Network administrator not taking mandatory two-week vacation as planned

D.

Latest security patches for servers being installed as per the Patch Management process

Buy Now
Questions 68

Which one of the following authentication mechanisms creates a problem for mobile users?

Options:

A.

Mechanisms based on IP addresses

B.

Mechanism with reusable passwords

C.

one-time password mechanism.

D.

challenge response mechanism.

Buy Now
Questions 69

Hierarchical Storage Management (HSM) is commonly employed in:

Options:

A.

very large data retrieval systems

B.

very small data retrieval systems

C.

shorter data retrieval systems

D.

most data retrieval systems

Buy Now
Questions 70

The typical computer fraudsters are usually persons with which of the following characteristics?

Options:

A.

They have had previous contact with law enforcement

B.

They conspire with others

C.

They hold a position of trust

D.

They deviate from the accepted norms of society

Buy Now
Questions 71

Which type of attack would a competitive intelligence attack best classify as?

Options:

A.

Business attack

B.

Intelligence attack

C.

Financial attack

D.

Grudge attack

Buy Now
Questions 72

What can be defined as a batch process dumping backup data through communications lines to a server at an alternate location?

Options:

A.

Remote journaling

B.

Electronic vaulting

C.

Data clustering

D.

Database shadowing

Buy Now
Questions 73

The first step in the implementation of the contingency plan is to perform:

Options:

A.

A firmware backup

B.

A data backup

C.

An operating systems software backup

D.

An application software backup

Buy Now
Questions 74

What does "residual risk" mean?

Options:

A.

The security risk that remains after controls have been implemented

B.

Weakness of an assets which can be exploited by a threat

C.

Risk that remains after risk assessment has has been performed

D.

A security risk intrinsic to an asset being audited, where no mitigation has taken place.

Buy Now
Questions 75

Failure of a contingency plan is usually:

Options:

A.

A technical failure.

B.

A management failure.

C.

Because of a lack of awareness.

D.

Because of a lack of training.

Buy Now
Questions 76

Which of the following is covered under Crime Insurance Policy Coverage?

Options:

A.

Inscribed, printed and Written documents

B.

Manuscripts

C.

Accounts Receivable

D.

Money and Securities

Buy Now
Questions 77

Which of the following tape formats can be used to backup data systems in addition to its original intended audio uses?

Options:

A.

Digital Video Tape (DVT).

B.

Digital Analog Tape (DAT).

C.

Digital Voice Tape (DVT).

D.

Digital Audio Tape (DAT).

Buy Now
Questions 78

Which of the following is NOT a common backup method?

Options:

A.

Full backup method

B.

Daily backup method

C.

Incremental backup method

D.

Differential backup method

Buy Now
Questions 79

In addition to the Legal Department, with what company function must the collection of physical evidence be coordinated if an employee is suspected?

Options:

A.

Human Resources

B.

Industrial Security

C.

Public Relations

D.

External Audit Group

Buy Now
Questions 80

Which of the following computer crime is MORE often associated with INSIDERS?

Options:

A.

IP spoofing

B.

Password sniffing

C.

Data diddling

D.

Denial of service (DOS)

Buy Now
Questions 81

Which virus category has the capability of changing its own code, making it harder to detect by anti-virus software?

Options:

A.

Stealth viruses

B.

Polymorphic viruses

C.

Trojan horses

D.

Logic bombs

Buy Now
Questions 82

What do the ILOVEYOU and Melissa virus attacks have in common?

Options:

A.

They are both denial-of-service (DOS) attacks.

B.

They have nothing in common.

C.

They are both masquerading attacks.

D.

They are both social engineering attacks.

Buy Now
Questions 83

Virus scanning and content inspection of SMIME encrypted e-mail without doing any further processing is:

Options:

A.

Not possible

B.

Only possible with key recovery scheme of all user keys

C.

It is possible only if X509 Version 3 certificates are used

D.

It is possible only by "brute force" decryption

Buy Now
Questions 84

Crackers today are MOST often motivated by their desire to:

Options:

A.

Help the community in securing their networks.

B.

Seeing how far their skills will take them.

C.

Getting recognition for their actions.

D.

Gaining Money or Financial Gains.

Buy Now
Questions 85

Java is not:

Options:

A.

Object-oriented.

B.

Distributed.

C.

Architecture Specific.

D.

Multithreaded.

Buy Now
Questions 86

Which of the following technologies is a target of XSS or CSS (Cross-Site Scripting) attacks?

Options:

A.

Web Applications

B.

Intrusion Detection Systems

C.

Firewalls

D.

DNS Servers

Buy Now
Questions 87

The high availability of multiple all-inclusive, easy-to-use hacking tools that do NOT require much technical knowledge has brought a growth in the number of which type of attackers?

Options:

A.

Black hats

B.

White hats

C.

Script kiddies

D.

Phreakers

Buy Now
Questions 88

What is malware that can spread itself over open network connections?

Options:

A.

Worm

B.

Rootkit

C.

Adware

D.

Logic Bomb

Buy Now
Questions 89

In computing what is the name of a non-self-replicating type of malware program containing malicious code that appears to have some useful purpose but also contains code that has a malicious or harmful purpose imbedded in it, when executed, carries out actions that are unknown to the person installing it, typically causing loss or theft of data, and possible system harm.

Options:

A.

virus

B.

worm

C.

Trojan horse.

D.

trapdoor

Buy Now
Questions 90

Which of the following virus types changes some of its characteristics as it spreads?

Options:

A.

Boot Sector

B.

Parasitic

C.

Stealth

D.

Polymorphic

Buy Now
Questions 91

Cryptography does NOT help in:

Options:

A.

Detecting fraudulent insertion.

B.

Detecting fraudulent deletion.

C.

Detecting fraudulent modification.

D.

Detecting fraudulent disclosure.

Buy Now
Questions 92

What best describes a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own bank account?

Options:

A.

Data fiddling

B.

Data diddling

C.

Salami techniques

D.

Trojan horses

Buy Now
Questions 93

Which of the following can best define the "revocation request grace period"?

Options:

A.

The period of time allotted within which the user must make a revocation request upon a revocation reason

B.

Minimum response time for performing a revocation by the CA

C.

Maximum response time for performing a revocation by the CA

D.

Time period between the arrival of a revocation request and the publication of the revocation information

Buy Now
Questions 94

A one-way hash provides which of the following?

Options:

A.

Confidentiality

B.

Availability

C.

Integrity

D.

Authentication

Buy Now
Questions 95

The primary purpose for using one-way hashing of user passwords within a password file is which of the following?

Options:

A.

It prevents an unauthorized person from trying multiple passwords in one logon attempt.

B.

It prevents an unauthorized person from reading the password.

C.

It minimizes the amount of storage required for user passwords.

D.

It minimizes the amount of processing time used for encrypting passwords.

Buy Now
Questions 96

Which of the following binds a subject name to a public key value?

Options:

A.

A public-key certificate

B.

A public key infrastructure

C.

A secret key infrastructure

D.

A private key certificate

Buy Now
Questions 97

Which of the following is true about Kerberos?

Options:

A.

It utilizes public key cryptography.

B.

It encrypts data after a ticket is granted, but passwords are exchanged in plain text.

C.

It depends upon symmetric ciphers.

D.

It is a second party authentication system.

Buy Now
Questions 98

In a known plaintext attack, the cryptanalyst has knowledge of which of the following?

Options:

A.

the ciphertext and the key

B.

the plaintext and the secret key

C.

both the plaintext and the associated ciphertext of several messages

D.

the plaintext and the algorithm

Buy Now
Questions 99

Which of the following is not an example of a block cipher?

Options:

A.

Skipjack

B.

IDEA

C.

Blowfish

D.

RC4

Buy Now
Questions 100

What is the main problem of the renewal of a root CA certificate?

Options:

A.

It requires key recovery of all end user keys

B.

It requires the authentic distribution of the new root CA certificate to all PKI participants

C.

It requires the collection of the old root CA certificates from all the users

D.

It requires issuance of the new root CA certificate

Buy Now
Questions 101

Which of the following is NOT a symmetric key algorithm?

Options:

A.

Blowfish

B.

Digital Signature Standard (DSS)

C.

Triple DES (3DES)

D.

RC5

Buy Now
Questions 102

Which of the following protects Kerberos against replay attacks?

Options:

A.

Tokens

B.

Passwords

C.

Cryptography

D.

Time stamps

Buy Now
Questions 103

Which of the following is best provided by symmetric cryptography?

Options:

A.

Confidentiality

B.

Integrity

C.

Availability

D.

Non-repudiation

Buy Now
Questions 104

Where parties do not have a shared secret and large quantities of sensitive information must be passed, the most efficient means of transferring information is to use Hybrid Encryption Methods. What does this mean?

Options:

A.

Use of public key encryption to secure a secret key, and message encryption using the secret key.

B.

Use of the recipient's public key for encryption and decryption based on the recipient's private key.

C.

Use of software encryption assisted by a hardware encryption accelerator.

D.

Use of elliptic curve encryption.

Buy Now
Questions 105

What enables users to validate each other's certificate when they are certified under different certification hierarchies?

Options:

A.

Cross-certification

B.

Multiple certificates

C.

Redundant certification authorities

D.

Root certification authorities

Buy Now
Questions 106

Which of the following cryptographic attacks describes when the attacker has a copy of the plaintext and the corresponding ciphertext?

Options:

A.

known plaintext

B.

brute force

C.

ciphertext only

D.

chosen plaintext

Buy Now
Questions 107

Which of the following issues is not addressed by digital signatures?

Options:

A.

nonrepudiation

B.

authentication

C.

data integrity

D.

denial-of-service

Buy Now
Questions 108

Which of the following statements pertaining to link encryption is false?

Options:

A.

It encrypts all the data along a specific communication path.

B.

It provides protection against packet sniffers and eavesdroppers.

C.

Information stays encrypted from one end of its journey to the other.

D.

User information, header, trailers, addresses and routing data that are part of the packets are encrypted.

Buy Now
Questions 109

What is the primary role of cross certification?

Options:

A.

Creating trust between different PKIs

B.

Build an overall PKI hierarchy

C.

set up direct trust to a second root CA

D.

Prevent the nullification of user certificates by CA certificate revocation

Buy Now
Questions 110

What kind of encryption is realized in the S/MIME-standard?

Options:

A.

Asymmetric encryption scheme

B.

Password based encryption scheme

C.

Public key based, hybrid encryption scheme

D.

Elliptic curve based encryption

Buy Now
Questions 111

Which of the following statements pertaining to stream ciphers is correct?

Options:

A.

A stream cipher is a type of asymmetric encryption algorithm.

B.

A stream cipher generates what is called a keystream.

C.

A stream cipher is slower than a block cipher.

D.

A stream cipher is not appropriate for hardware-based encryption.

Buy Now
Questions 112

Which of the following protocols that provide integrity and authentication for IPSec, can also provide non-repudiation in IPSec?

Options:

A.

Authentication Header (AH)

B.

Encapsulating Security Payload (ESP)

C.

Secure Sockets Layer (SSL)

D.

Secure Shell (SSH-2)

Buy Now
Questions 113

What is the key size of the International Data Encryption Algorithm (IDEA)?

Options:

A.

64 bits

B.

128 bits

C.

160 bits

D.

192 bits

Buy Now
Questions 114

What is NOT an authentication method within IKE and IPsec?

Options:

A.

CHAP

B.

Pre shared key

C.

certificate based authentication

D.

Public key authentication

Buy Now
Questions 115

Which security model ensures that actions that take place at a higher security level do not affect actions that take place at a lower level?

Options:

A.

The Bell-LaPadula model

B.

The information flow model

C.

The noninterference model

D.

The Clark-Wilson model

Buy Now
Questions 116

Which one of the following is usually not a benefit resulting from the use of firewalls?

Options:

A.

reduces the risks of external threats from malicious hackers.

B.

prevents the spread of viruses.

C.

reduces the threat level on internal system.

D.

allows centralized management and control of services.

Buy Now
Questions 117

How can an individual/person best be identified or authenticated to prevent local masquarading attacks?

Options:

A.

UserId and password

B.

Smart card and PIN code

C.

Two-factor authentication

D.

Biometrics

Buy Now
Questions 118

The three classic ways of authenticating yourself to the computer security software are by something you know, by something you have, and by something:

Options:

A.

you need.

B.

non-trivial

C.

you are.

D.

you can get.

Buy Now
Questions 119

Who developed one of the first mathematical models of a multilevel-security computer system?

Options:

A.

Diffie and Hellman.

B.

Clark and Wilson.

C.

Bell and LaPadula.

D.

Gasser and Lipner.

Buy Now
Questions 120

Which of the following is NOT part of the Kerberos authentication protocol?

Options:

A.

Symmetric key cryptography

B.

Authentication service (AS)

C.

Principals

D.

Public Key

Buy Now
Questions 121

In which of the following security models is the subject's clearance compared to the object's classification such that specific rules can be applied to control how the subject-to-object interactions take place?

Options:

A.

Bell-LaPadula model

B.

Biba model

C.

Access Matrix model

D.

Take-Grant model

Buy Now
Questions 122

Degaussing is used to clear data from all of the following medias except:

Options:

A.

Floppy Disks

B.

Read-Only Media

C.

Video Tapes

D.

Magnetic Hard Disks

Buy Now
Questions 123

In biometric identification systems, the parts of the body conveniently available for identification are:

Options:

A.

neck and mouth

B.

hands, face, and eyes

C.

feet and hair

D.

voice and neck

Buy Now
Questions 124

Which of the following is the most reliable authentication method for remote access?

Options:

A.

Variable callback system

B.

Synchronous token

C.

Fixed callback system

D.

Combination of callback and caller ID

Buy Now
Questions 125

What is considered the most important type of error to avoid for a biometric access control system?

Options:

A.

Type I Error

B.

Type II Error

C.

Combined Error Rate

D.

Crossover Error Rate

Buy Now
Questions 126

Kerberos is vulnerable to replay in which of the following circumstances?

Options:

A.

When a private key is compromised within an allotted time window.

B.

When a public key is compromised within an allotted time window.

C.

When a ticket is compromised within an allotted time window.

D.

When the KSD is compromised within an allotted time window.

Buy Now
Questions 127

What refers to legitimate users accessing networked services that would normally be restricted to them?

Options:

A.

Spoofing

B.

Piggybacking

C.

Eavesdropping

D.

Logon abuse

Buy Now
Questions 128

Which of the following is NOT a system-sensing wireless proximity card?

Options:

A.

magnetically striped card

B.

passive device

C.

field-powered device

D.

transponder

Buy Now
Questions 129

Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished:

Options:

A.

through access control mechanisms that require identification and authentication and through the audit function.

B.

through logical or technical controls involving the restriction of access to systems and the protection of information.

C.

through logical or technical controls but not involving the restriction of access to systems and the protection of information.

D.

through access control mechanisms that do not require identification and authentication and do not operate through the audit function.

Buy Now
Questions 130

Which of the following is NOT a form of detective administrative control?

Options:

A.

Rotation of duties

B.

Required vacations

C.

Separation of duties

D.

Security reviews and audits

Buy Now
Questions 131

Which of the following is not a physical control for physical security?

Options:

A.

lighting

B.

fences

C.

training

D.

facility construction materials

Buy Now
Questions 132

Which is the last line of defense in a physical security sense?

Options:

A.

people

B.

interior barriers

C.

exterior barriers

D.

perimeter barriers

Buy Now
Questions 133

A network-based vulnerability assessment is a type of test also referred to as:

Options:

A.

An active vulnerability assessment.

B.

A routing vulnerability assessment.

C.

A host-based vulnerability assessment.

D.

A passive vulnerability assessment.

Buy Now
Questions 134

Which of the following is the WEAKEST authentication mechanism?

Options:

A.

Passphrases

B.

Passwords

C.

One-time passwords

D.

Token devices

Buy Now
Questions 135

Controls like guards and general steps to maintain building security, securing of server rooms or laptops, the protection of cables, and usage of magnetic switches on doors and windows are some of the examples of:

Options:

A.

Administrative controls

B.

Logical controls

C.

Technical controls

D.

Physical controls

Buy Now
Questions 136

Which of the following is true about Kerberos?

Options:

A.

It utilizes public key cryptography.

B.

It encrypts data after a ticket is granted, but passwords are exchanged in plain text.

C.

It depends upon symmetric ciphers.

D.

It is a second party authentication system.

Buy Now
Questions 137

Organizations should consider which of the following first before allowing external access to their LANs via the Internet?

Options:

A.

plan for implementing workstation locking mechanisms.

B.

plan for protecting the modem pool.

C.

plan for providing the user with his account usage information.

D.

plan for considering proper authentication options.

Buy Now
Questions 138

Controlling access to information systems and associated networks is necessary for the preservation of their:

Options:

A.

Authenticity, confidentiality and availability

B.

Confidentiality, integrity, and availability.

C.

integrity and availability.

D.

authenticity,confidentiality, integrity and availability.

Buy Now
Exam Code: SSCP
Exam Name: Systems Security Certified Practitioner
Last Update: Dec 4, 2024
Questions: 1074
SSCP pdf

SSCP PDF

$29.75  $84.99
SSCP Engine

SSCP Testing Engine

$35  $99.99
SSCP PDF + Engine

SSCP PDF + Testing Engine

$47.25  $134.99