The information security staff's participation in which of the following system development life cycle phases provides maximum benefit to the organization?
A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
Who of the following is responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data?
The control of communications test equipment should be clearly addressed by security policy for which of the following reasons?
Who is responsible for initiating corrective measures and capabilities used when there are security violations?
Which of the following would be best suited to oversee the development of an information security policy?
Which of the following best corresponds to the type of memory addressing where the address location that is specified in the program instruction contains the address of the final desired location?
Which of the following embodies all the detailed actions that personnel are required to follow?
Which of the following is less likely to be included in the change control sub-phase of the maintenance phase of a software product?
A security evaluation report and an accreditation statement are produced in which of the following phases of the system development life cycle?
Buffer overflow and boundary condition errors are subsets of which of the following?
What is called a system that is capable of detecting that a fault has occurred and has the ability to correct the fault or operate around it?
The viewing of recorded events after the fact using a closed-circuit TV camera is considered a
Which type of attack involves the alteration of a packet at the IP level to convince a system that it is communicating with a known entity in order to gain access to a system?
During which phase of an IT system life cycle are security requirements developed?
Which of the following is NOT a defined ISO basic task related to network management?
Which of the following elements of telecommunications is not used in assuring confidentiality?
In SSL/TLS protocol, what kind of authentication is supported when you establish a secure session between a client and a server?
Which of the following service is a distributed database that translate host name to IP address to IP address to host name?
A packet containing a long string of NOP's followed by a command is usually indicative of what?
Before the advent of classless addressing, the address 128.192.168.16 would have been considered part of:
The IP header contains a protocol field. If this field contains the value of 17, what type of data is contained within the ip datagram?
Which of the following is a tool often used to reduce the risk to a local area network (LAN) that has external connections by filtering Ingress and Egress traffic?
What ensures that the control mechanisms correctly implement the security policy for the entire life cycle of an information system?
Which of the following is an IDS that acquires data and defines a "normal" usage profile for the network or host?
Which of the following usually provides reliable, real-time information without consuming network or host resources?
The session layer provides a logical persistent connection between peer hosts. Which of the following is one of the modes used in the session layer to establish this connection?
What is the essential difference between a self-audit and an independent audit?
Who should measure the effectiveness of Information System security related controls in an organization?
The fact that a network-based IDS reviews packets payload and headers enable which of the following?
Which of the following is NOT a fundamental component of an alarm in an intrusion detection system?
In the process of gathering evidence from a computer attack, a system administrator took a series of actions which are listed below. Can you identify which one of these actions has compromised the whole evidence collection process?
Which of the following is NOT a valid reason to use external penetration service firms rather than corporate resources?
Which one of the following statements about the advantages and disadvantages of network-based Intrusion detection systems is true
Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished:
A timely review of system access audit records would be an example of which of the basic security functions?
Attributes that characterize an attack are stored for reference using which of the following Intrusion Detection System (IDS) ?
At which OSI/ISO layer is an encrypted authentication between a client software package and a firewall performed?
Which protocol is NOT implemented in the Network layer of the OSI Protocol Stack?
Which of the following would assist the most in Host Based intrusion detection?
Which one of the following authentication mechanisms creates a problem for mobile users?
The typical computer fraudsters are usually persons with which of the following characteristics?
What can be defined as a batch process dumping backup data through communications lines to a server at an alternate location?
Which of the following tape formats can be used to backup data systems in addition to its original intended audio uses?
In addition to the Legal Department, with what company function must the collection of physical evidence be coordinated if an employee is suspected?
Which virus category has the capability of changing its own code, making it harder to detect by anti-virus software?
Virus scanning and content inspection of SMIME encrypted e-mail without doing any further processing is:
Which of the following technologies is a target of XSS or CSS (Cross-Site Scripting) attacks?
The high availability of multiple all-inclusive, easy-to-use hacking tools that do NOT require much technical knowledge has brought a growth in the number of which type of attackers?
In computing what is the name of a non-self-replicating type of malware program containing malicious code that appears to have some useful purpose but also contains code that has a malicious or harmful purpose imbedded in it, when executed, carries out actions that are unknown to the person installing it, typically causing loss or theft of data, and possible system harm.
Which of the following virus types changes some of its characteristics as it spreads?
What best describes a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own bank account?
The primary purpose for using one-way hashing of user passwords within a password file is which of the following?
In a known plaintext attack, the cryptanalyst has knowledge of which of the following?
Where parties do not have a shared secret and large quantities of sensitive information must be passed, the most efficient means of transferring information is to use Hybrid Encryption Methods. What does this mean?
What enables users to validate each other's certificate when they are certified under different certification hierarchies?
Which of the following cryptographic attacks describes when the attacker has a copy of the plaintext and the corresponding ciphertext?
Which of the following protocols that provide integrity and authentication for IPSec, can also provide non-repudiation in IPSec?
Which security model ensures that actions that take place at a higher security level do not affect actions that take place at a lower level?
Which one of the following is usually not a benefit resulting from the use of firewalls?
How can an individual/person best be identified or authenticated to prevent local masquarading attacks?
The three classic ways of authenticating yourself to the computer security software are by something you know, by something you have, and by something:
Who developed one of the first mathematical models of a multilevel-security computer system?
In which of the following security models is the subject's clearance compared to the object's classification such that specific rules can be applied to control how the subject-to-object interactions take place?
In biometric identification systems, the parts of the body conveniently available for identification are:
Which of the following is the most reliable authentication method for remote access?
What is considered the most important type of error to avoid for a biometric access control system?
What refers to legitimate users accessing networked services that would normally be restricted to them?
Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished:
A network-based vulnerability assessment is a type of test also referred to as:
Controls like guards and general steps to maintain building security, securing of server rooms or laptops, the protection of cables, and usage of magnetic switches on doors and windows are some of the examples of:
Organizations should consider which of the following first before allowing external access to their LANs via the Internet?
Controlling access to information systems and associated networks is necessary for the preservation of their:
ISC 2 Credentials | SSCP Questions Answers | SSCP Test Prep | Systems Security Certified Practitioner Questions PDF | SSCP Online Exam | SSCP Practice Test | SSCP PDF | SSCP Test Questions | SSCP Study Material | SSCP Exam Preparation | SSCP Valid Dumps | SSCP Real Questions | ISC 2 Credentials SSCP Exam Questions