














Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
SSCP Test Questions and Answers 2024
Typology: Exams
1 / 22
This page cannot be seen from the preview
Don't miss anything!
B - DES - Data Encryption standard has a 128 bit key and is very
difficult to break.
A. True
False
B - What is the main difference between computer abuse and
computer crime?
A. Amount of
damageB. Intentions of the
perpetratorC. Method of
compromiseD. Abuse = company insider; crime = company
outsider
C - A standardized list of the most common security weaknesses and
exploits is the
A. SANS Top
10 B. CSI/FBI Computer Crime
StudyC. CVE - Common Vulnerabilities and
ExposuresD. CERT Top
C - A salami attack refers to what type of
activity?
A. Embedding or hiding data inside of a legitimate communication - a
picture, etc.
B. Hijacking a session and stealing
passwords
C. Committing computer crimes in such small doses that they almost go
unnoticed
D. Setting a program to attack a website at11:59 am on New
Year's Eve
D - Multi-partite viruses perform which
functions?
A. Infect multiple
partitionsB. Infect multiple boot
sectorsC. Infect numerous
workstationsD. Combine both boot and file virus
behavior
B - What security principle is based on the division of job responsibilities -
designedprevent to
fraud?
A. Mandatory Access
ControlB. Separation of
Duties C. Information Systems
AuditingD. Concept of Least
Privilege
C. Network
SolutionsD.
Register.comE.
InterNIC
B - Cable modems are less secure than DSL connections because cable
modemsshared are
withother
subscribers?
A. True
False
is a file system that was poorly designed and has numerous
security
flaws
E. None of the
above
Log files - Trend Analysis involves analyzing
historical
files in order
to look for patterns
ofabuse or
misuse.
D - HTTP, FTP, SMTP reside at which layer of the OSI
model?
A. Layer 1 -
PhysicalB. Layer 3 -
Network C. Layer 4 -
Transport D. Layer 7 -
ApplicationE. Layer 2 - Data
Link
D - Layer 4 in the DoD model overlaps with which layer(s) of the
OSI model?
A. Layer 7 - Application
LayerB. Layers 2, 3, & 4 - Data Link, Network, and Transport
LayersC. Layer 3 - Network
LayerD. Layers 5, 6, & 7 - Session, Presentation, and Application
Layers
B - A Security Reference Monitor relates to which DoD security
standard?
A - is the authoritative entity which lists port
assignments
HijackingC. Man In The
MiddleD. Social
Engineering E. Distributed Denial of Service
(DDoS)
Cramming - If Big Texas telephone company suddenly started billing you
forand caller call ID
forwarding
Disable - When an employee leaves the company, their network access
account should
b
e
90 - Passwords should be changed
every
days at a minimum. 90 days
is the
recommend
ed
minimum, but some resources will tell you that 30- 60 days
is ideal.
C - IKE - Internet Key Exchange is often used in conjunction with
what security standard
KerberosE. All of the
above
A - Wiretapping is an example of a passive network
attack?
A. True
False
A,C,E - What are some of the major differences of Qualitative vs.
Quantitativeof performing methods
riskanalysis? (Choose all that
apply)
A. Quantitative analysis uses numeric
valuesB. Qualitative analysis uses numeric
valuesC. Quantitative analysis is more time
consumingD. Qualitative analysis is more time
consumingE. Quantitative analysis is based on Annualized Loss Expectancy (ALE)
formulas F. Qualitative analysis is based on Annualized Loss Expectancy (ALE)
formulas
A - Which of the concepts best describes Availability in relation to computer
resources?
A. Users can gain access to any resource upon request (assuming they
have proper permission
s)B. Users can make authorized changes to
dataC. Users can be assured that the data content has not
been altered
without your permission, this practice is referred to as
A,B,C - Information Security policies should be? (Choose all
that
D. None of the concepts describes Availability
properly
E - Which form of media is handled at the Physical Layer (Layer 1)
of the OSI Reference
Model?
Ethernet
E - Instructions or code that executes on an end user's machine from a web
browserknown is
as
code.
A. Active
JavaScriptC.
MalwareD. Windows
ScriptingE.
Mobile
B - Is the person who is attempting to log on really who they say they are?
Whatacces form of
scontrol does this questions stem
from?
AuthorizationB.
AuthenticationC.
KerberosD. Mandatory Access
Control
apply
A. Written
downB. ClearlyCommunicated to all system
users C. Audited and revised
periodicallyD. None of the choices listed are
correct
A - Which layer of the OSI model handles
encryption?
A. Presentation Layer -
L6B. Application Layer -
L7C. Session Layer -
L5D. Data Link Layer -
A. True
B. False
Confidentialit
y -
relates to the concept of protecting
unauthorized data from
users.
B - Which auditing practice relates to the controlling of hardware,
software,an firmware,
d documentation to insure it has not been improperly
modified?
A. System
Control
B. Configuration
ControlC. Consequence
Assessment D. Certification /
Accreditation
A - MD5 is
a
algorith
m
A. One way
hashB.
bitD. PKI
A,B - Which of the following is an example of One-Time Password technology?
(Choose all that apply)
A. S/Key
C - How often should virus definition downloads and system virus scans be
completed?
DailyB.
MonthlyC.
WeeklyD.
Yearly
B - S/MIME was developed for the protection of what communication
mechanism(s)?
Telephones
EmailC. Wireless
devicesD. Firewalls
B - Unclassified, Private, Confidential, Secret, Top Secret, and Internal Use
Only are levels of
A - Decentralized access control allows
A. Security
ClassificationB. Data
ClassificationC. Object
Classification
D. Change Control
Classification
C - Contracting with an insurance company to cover losses due to
information security
breaches
is
known as
risk
AvoidanceB.
Reduction C.
AssignmentD.
Acceptance
C - is a Unix security scanning tool developed at
Texas A&M
universit
y.
Environmental - Security incidents fall into a number of categories such as
accidental,deliberate,
and
A. File owners to determine access
rightsB. Help Desk personnel to determine access
rightsC. IT personnel to determine access
rightsD. Security Officers to determine access
rightsE. Security Officers to delegate authority to
other users
Data Hiding - Intentionally embedding secret data into a picture or some
form of media
is known
as
Steganographyor
data
F - From a security standpoint, the product development life cycle consists
ofthe which of
following?
A. Code
ReviewB.
Certification
E. All of the
above
A,B,C - Name three types of firewalls , ,
and
(Choose
three)
A. Packet
FilteringB. Application
ProxyC. Stateful
InspectionD. Microsoft
ProxyE.
SonicWallF. Raptor
Firewall
D - This free (for personal use) program is used to encrypt and
decrypt emails.
F. None of the
above
attacks capitalize on programming errors and can allow the
originator
to
gain
additional privileges on a
machine.
Flood B. Buffer
OverflowC. Denial of
ServiceD.
CoordinatedE. Distributed Denial of
Service
C D - A good password policy uses which of the following guidelines?
(Chooseapply all that
A. Passwords should contain some form of your name
oruserid B. Passwords should always use words that can be found in a
dictionaryC. Passwords should be audited on a regular
basisD. Passwords should never be shared or written
down
B - What is the main goal of a risk management
program?
A. To develop a disaster recovery
planB. To help managers find the correct cost balance between risks and
countermeasuresC. To evaluate appropriate risk mitigation
scenariosD. To calculate ALE
formulas
E. None of the
above
The
is the most dangerous part of a virus
program.
CodeB.
PayloadC.
StrainD.
Trojan E. None of the
above
B - A one way hash converts a string of random length into a
encrypted
string.
bitB. fixed
lengthC. random
lengthD. 56
bitE. SHA
C - Although it is considered a low tech
attack
is still a very effective
way
of
gaining
unauthorized access to network
systems.
SniffingB.
EavesdroppingC. Social
EngineeringD. Shoulder
SurfingE. None of the items are
correct
B - Diffie Hellman, RSA,
and
are all examples of Public
Key
cryptograph
y?
A. SSL - Secure Sockets
LayerB. DSS - Digital Signature
StandardC.
BlowfishD. AES - Advanced Encryption
Standard
, generally considered "need to know" access is given
based on
permissions
grantedto the
user.
A. MAC - Mandatory Access
ControlB. DAC - Discretionary Access
Control C. SAC - Strategic Access
ControlD. LAC - Limited Access
Control
D. Logic Bombs supply AV engines with false information to avoid
detection
D - What is the minimum recommended length of a
security policy?
pagesB. 5
pagesC. 1
pageD. There is no minimum length - the policy length should support the
business needs
B - There
are
available service
ports
Unlimited
B - Each of the following is a valid step in handling incidents except
ContainB.
ProsecuteC.
RecoverD.
ReviewE.
Identify F. Prepare
Certificate -
is an electronically generated record that ties
a user's
ID to their public
key.
C - Which of the following is NOT and encryption
algorithm?
B - Which range defines "well known
ports?"
B - What does RADIUS stand
for?
A. Remote Access Dialup User
Systems
B. Remote Access Dial-in User
Service C. Revoke Access Deny User
Service D. Roaming Access Dial-in User
System
A - In the past, many companies had been hesitant to report
computer crimes.
A. True
B. False
C - If you the text listed below at the beginning or end of an email message,
whatit would
beanindication
of?
mQGiBDfJY1ERBADd1lBX8WlbSHj2uDt6YbMVl4Da3O1yG0exQnEwU3sKQARzs
pNB
zB2BF+ngFiy1+RSfDjfbpwz6vLHo6zQZkT2vKOfDu1e4/LqiuOLpd/6rOrmH/Mvk
A.B. AA virus
wormC. A PGP Signed
messageD. A software
error
A - Although they are accused of being one in the same, hackers and
crackersdistinctl are two
ydifferent groups with different goals pertaining to
computers.
A. True
B. False
A C D - Select three ways to deal
with risk.
AcceptanceB. Avoid /
EliminateC.
Transfer
MitigateE.
Deny
C - Digital Certificates use which
protocol?
F. None of the
above
VerisignB.
Microsoft C.
NetscapeD.
DellE. All of the entities listed could be valid Certificate
Authorities
A - It is difficult to prosecute a computer criminal if warning banners are
not deployed?
A. True
B. False
B - What is the following paragraph an example of? <<ATTN: This system is
forof the use
authorizedpersons only. If you use this system without authority, or if you abuse
yourthen authority,you
aresubject to having all of your activities on this system monitored and
recordedpersonne by system
l.>>
A. Audit Trail
BannerB. Warning
BannerC. Welcome
BannerD. Access Control
Banner
Test virus - EICAR is an example
of a
used to test AV products
introducing a without
livevirus into the
network.
is the most famous Unix password
cracking tool.
C - PGP & PEM are programs that allow users to send encrypted
messagesother. What to each
form of encryption do these programs
use?
Blowfish
F. All of the
above
A B C - Which of the following are NT Audit events? (Choose all
that apply)
A. Logon and
LogoffB. Use of User
RightsC. Security Policy
ChangeD. Registry
Tracking E. All of choices are
correct
D - The most secure method for storing backup
tapes is?
A. In a locked desk
drawer B. In the same building, but on a
differentC. In a cool floor dry
climateD. Off site in a climate controlled
areaE. In a fire proof safe inside the data center (for faster
retrieval)F. None of the
above
is a tool used by network administrators to capture
packets from a
Sniffer
networ
k.
C - The IDEA algorithm (used in
PGP) is
bits
long.
E - Which organization(s) are responsible for the timely distribution of
informationsecurity
intelligencedata
E. All of the organizations
listed
E - A password audit consists of
checking for
A. Minimum password
lengthB. Password
agingC. Password
Strength D. Blank
PasswordsE. All of the items
listed
C. Each password must have a combination of upper case, lower case,
numbers and
specia
lcharacter
s D. 6 character minimum password
length
is a form of Denial of Service attack which interrupts the TCP
handshak three way
eand leaves half open
connections.
A. DNS Recursion
C. Land
AttackD. SYN
Flooding E. Port
Scanning
A C - The following actions have been noted as providing motivation to
virus writers?
(Choose all
thatapply
Fame
FortuneC.
BoredomD.
Stupidity
PAP CHAP - The protocol sends passwords in clear text,
while
encryptspasswords. Both protocols are used by PPP (Point to Point Protocol) to
transporttraffi IP
c,
E - Which of the following are used in
Biometrics?
A. Retinal
ScanningB.
Fingerprints C. Face
RecognitionD. Voice
RecognitionE. All of the
aboveF. None of the
above
C - Smart cards are a secure alternative to which weak security
mechanism?
Biometrics
B. Public Key
EncryptionC.
PasswordsD.
Tokens
C - Information security policies are a
D - What type of software can be used to prevent, detect (and
possibly correct) malicious activities on a system?
A. Personal
FirewallB. IDS - host
basedC.
AntivirusD. All methods
listed
A. Necessary
evil
B. Waste of
timeC. Business
enablerD. Inconvenience for the end
userE. All of the answers are
correct
B - Macintosh computers are not at risk for receiving
viruses.A.
TrueB.
False
Hoaxes - Unlike like viruses and
worm,
are bogus messages that
via email spread
forwarding.
D - There are 6 types of security control
practices.
controls
management are
policies,procedures, and guidelines that usually effect the entire system. These types
ofdeal controls
withsystem auditing and
usability.
A.B. Preventive
DetectiveC.
CorrectiveD.
DirectiveE.
RecoveryF. Combination
host based, network based - Name two types of Intrusion Detection
Systems
an
d
A - Today, privacy violations are almost as serious as security
violations?
A. True
B. False
is a protocol developed by Visa and MasterCard to protect
electronic
transaction
s.