Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

SSCP Test Questions and Answers 2024, Exams of Computer Science

SSCP Test Questions and Answers 2024

Typology: Exams

2024/2025

Available from 09/19/2024

BEST-TUTOR.
BEST-TUTOR. 🇺🇸

3.3

(13)

6.1K documents

1 / 22

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
SSCP Test Questions and Answers 2024
B - DES - Data Encryption standard has a 128 bit key and is very
difficult to break.
A. True
B.
False
B - What is the main difference between computer abuse and
computer crime?
A. Amount of
damage
B. Intentions of the
perpetratorC. Method of
compromise
D. Abuse = company insider; crime = company
outsider
C - A standardized list of the most common security weaknesses and
exploits is the
.
A. SANS Top
10
B. CSI/FBI Computer Crime
Study
C. CVE - Common Vulnerabilities and
Exposures
D. CERT Top
10
C - A salami attack refers to what type of
activity?
A. Embedding or hiding data inside of a legitimate communication - a
picture, etc.
B. Hijacking a session and stealing
passwords
C. Committing computer crimes in such small doses that they almost go
unnoticed
D. Setting a program to attack a website at11:59 am on New
Year's Eve
D - Multi-partite viruses perform which
functions?
A. Infect multiple
partitions
B. Infect multiple boot
sectors
C. Infect numerous
workstations
D. Combine both boot and file virus
behavior
B - What security principle is based on the division of job responsibilities -
designed to
prevent
fraud?
A. Mandatory Access
Control
B. Separation of
Duties
C. Information Systems
Auditing
D. Concept of Least
Privilege
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16

Partial preview of the text

Download SSCP Test Questions and Answers 2024 and more Exams Computer Science in PDF only on Docsity!

SSCP Test Questions and Answers 2024

B - DES - Data Encryption standard has a 128 bit key and is very

difficult to break.

A. True

B.

False

B - What is the main difference between computer abuse and

computer crime?

A. Amount of

damageB. Intentions of the

perpetratorC. Method of

compromiseD. Abuse = company insider; crime = company

outsider

C - A standardized list of the most common security weaknesses and

exploits is the

A. SANS Top

10 B. CSI/FBI Computer Crime

StudyC. CVE - Common Vulnerabilities and

ExposuresD. CERT Top

C - A salami attack refers to what type of

activity?

A. Embedding or hiding data inside of a legitimate communication - a

picture, etc.

B. Hijacking a session and stealing

passwords

C. Committing computer crimes in such small doses that they almost go

unnoticed

D. Setting a program to attack a website at11:59 am on New

Year's Eve

D - Multi-partite viruses perform which

functions?

A. Infect multiple

partitionsB. Infect multiple boot

sectorsC. Infect numerous

workstationsD. Combine both boot and file virus

behavior

B - What security principle is based on the division of job responsibilities -

designedprevent to

fraud?

A. Mandatory Access

ControlB. Separation of

Duties C. Information Systems

AuditingD. Concept of Least

Privilege

A. IANA

B. ISSA

C. Network

SolutionsD.

Register.comE.

InterNIC

B - Cable modems are less secure than DSL connections because cable

modemsshared are

withother

subscribers?

A. True

B.

False

D

is a file system that was poorly designed and has numerous

security

flaws

A. NTS

B. RPC

C. TCP

D. NFS

E. None of the

above

Log files - Trend Analysis involves analyzing

historical

files in order

to look for patterns

ofabuse or

misuse.

D - HTTP, FTP, SMTP reside at which layer of the OSI

model?

A. Layer 1 -

PhysicalB. Layer 3 -

Network C. Layer 4 -

Transport D. Layer 7 -

ApplicationE. Layer 2 - Data

Link

D - Layer 4 in the DoD model overlaps with which layer(s) of the

OSI model?

A. Layer 7 - Application

LayerB. Layers 2, 3, & 4 - Data Link, Network, and Transport

LayersC. Layer 3 - Network

LayerD. Layers 5, 6, & 7 - Session, Presentation, and Application

Layers

B - A Security Reference Monitor relates to which DoD security

standard?

A.

LC

A - is the authoritative entity which lists port

assignments

B.

HijackingC. Man In The

MiddleD. Social

Engineering E. Distributed Denial of Service

(DDoS)

Cramming - If Big Texas telephone company suddenly started billing you

forand caller call ID

forwarding

Disable - When an employee leaves the company, their network access

account should

b

e

90 - Passwords should be changed

every

days at a minimum. 90 days

is the

recommend

ed

minimum, but some resources will tell you that 30- 60 days

is ideal.

C - IKE - Internet Key Exchange is often used in conjunction with

what security standard

?A. SSL

B. OPSEC

C. IPSEC

D.

KerberosE. All of the

above

A - Wiretapping is an example of a passive network

attack?

A. True

B.

False

A,C,E - What are some of the major differences of Qualitative vs.

Quantitativeof performing methods

riskanalysis? (Choose all that

apply)

A. Quantitative analysis uses numeric

valuesB. Qualitative analysis uses numeric

valuesC. Quantitative analysis is more time

consumingD. Qualitative analysis is more time

consumingE. Quantitative analysis is based on Annualized Loss Expectancy (ALE)

formulas F. Qualitative analysis is based on Annualized Loss Expectancy (ALE)

formulas

A - Which of the concepts best describes Availability in relation to computer

resources?

A. Users can gain access to any resource upon request (assuming they

have proper permission

s)B. Users can make authorized changes to

dataC. Users can be assured that the data content has not

been altered

without your permission, this practice is referred to as

A,B,C - Information Security policies should be? (Choose all

that

D. None of the concepts describes Availability

properly

E - Which form of media is handled at the Physical Layer (Layer 1)

of the OSI Reference

Model?

A. MAC

B. L2TP

C. SSL

D.

HTTPE.

Ethernet

E - Instructions or code that executes on an end user's machine from a web

browserknown is

as

code.

A. Active

XB.

JavaScriptC.

MalwareD. Windows

ScriptingE.

Mobile

B - Is the person who is attempting to log on really who they say they are?

Whatacces form of

scontrol does this questions stem

from?

A.

AuthorizationB.

AuthenticationC.

KerberosD. Mandatory Access

Control

apply

A. Written

downB. ClearlyCommunicated to all system

users C. Audited and revised

periodicallyD. None of the choices listed are

correct

A - Which layer of the OSI model handles

encryption?

A. Presentation Layer -

L6B. Application Layer -

L7C. Session Layer -

L5D. Data Link Layer -

L

A. True

B. False

Confidentialit

y -

relates to the concept of protecting

unauthorized data from

users.

B - Which auditing practice relates to the controlling of hardware,

software,an firmware,

d documentation to insure it has not been improperly

modified?

A. System

Control

B. Configuration

ControlC. Consequence

Assessment D. Certification /

Accreditation

A - MD5 is

a

algorith

m

A. One way

hashB.

3DESC. 192

bitD. PKI

A,B - Which of the following is an example of One-Time Password technology?

(Choose all that apply)

A. S/Key

B. OPIE

C.

LC3D.

MD

C - How often should virus definition downloads and system virus scans be

completed?

A.

DailyB.

MonthlyC.

WeeklyD.

Yearly

B - S/MIME was developed for the protection of what communication

mechanism(s)?

A.

Telephones

B.

EmailC. Wireless

devicesD. Firewalls

B - Unclassified, Private, Confidential, Secret, Top Secret, and Internal Use

Only are levels of

A - Decentralized access control allows

A. Security

ClassificationB. Data

ClassificationC. Object

Classification

D. Change Control

Classification

C - Contracting with an insurance company to cover losses due to

information security

breaches

is

known as

risk

A.

AvoidanceB.

Reduction C.

AssignmentD.

Acceptance

C - is a Unix security scanning tool developed at

Texas A&M

universit

y.

A. COPS

B. SATAN

C. TIGER

D. AGGIE

E. SNIFFER

Environmental - Security incidents fall into a number of categories such as

accidental,deliberate,

and

A. File owners to determine access

rightsB. Help Desk personnel to determine access

rightsC. IT personnel to determine access

rightsD. Security Officers to determine access

rightsE. Security Officers to delegate authority to

other users

Data Hiding - Intentionally embedding secret data into a picture or some

form of media

is known

as

Steganographyor

data

F - From a security standpoint, the product development life cycle consists

ofthe which of

following?

A. Code

ReviewB.

Certification

E. All of the

above

A,B,C - Name three types of firewalls , ,

and

(Choose

three)

A. Packet

FilteringB. Application

ProxyC. Stateful

InspectionD. Microsoft

ProxyE.

SonicWallF. Raptor

Firewall

D - This free (for personal use) program is used to encrypt and

decrypt emails.

A. SHA-

1 B.

MD5C. DES

D. PGP

E. 3DES

F. None of the

above

B

attacks capitalize on programming errors and can allow the

originator

to

gain

additional privileges on a

machine.

A. SYN

Flood B. Buffer

OverflowC. Denial of

ServiceD.

CoordinatedE. Distributed Denial of

Service

C D - A good password policy uses which of the following guidelines?

(Chooseapply all that

A. Passwords should contain some form of your name

oruserid B. Passwords should always use words that can be found in a

dictionaryC. Passwords should be audited on a regular

basisD. Passwords should never be shared or written

down

B - What is the main goal of a risk management

program?

A. To develop a disaster recovery

planB. To help managers find the correct cost balance between risks and

countermeasuresC. To evaluate appropriate risk mitigation

scenariosD. To calculate ALE

formulas

E. None of the

above

B -

The

is the most dangerous part of a virus

program.

A.

CodeB.

PayloadC.

StrainD.

Trojan E. None of the

above

B - A one way hash converts a string of random length into a

encrypted

string.

A. 192

bitB. fixed

lengthC. random

lengthD. 56

bitE. SHA

F.

MD

C - Although it is considered a low tech

attack

is still a very effective

way

of

gaining

unauthorized access to network

systems.

A.

SniffingB.

EavesdroppingC. Social

EngineeringD. Shoulder

SurfingE. None of the items are

correct

B - Diffie Hellman, RSA,

and

are all examples of Public

Key

cryptograph

y?

A. SSL - Secure Sockets

LayerB. DSS - Digital Signature

StandardC.

BlowfishD. AES - Advanced Encryption

Standard

B

, generally considered "need to know" access is given

based on

permissions

grantedto the

user.

A. MAC - Mandatory Access

ControlB. DAC - Discretionary Access

Control C. SAC - Strategic Access

ControlD. LAC - Limited Access

Control

D. Logic Bombs supply AV engines with false information to avoid

detection

D - What is the minimum recommended length of a

security policy?

A. 200

pagesB. 5

pagesC. 1

pageD. There is no minimum length - the policy length should support the

business needs

B - There

are

available service

ports

A.

65535 B.

C.

1024 D. 1-

1024 E.

Unlimited

B - Each of the following is a valid step in handling incidents except

A.

ContainB.

ProsecuteC.

RecoverD.

ReviewE.

Identify F. Prepare

Certificate -

A

is an electronically generated record that ties

a user's

ID to their public

key.

C - Which of the following is NOT and encryption

algorithm?

A. DES

B. 3DES

C. SSL

D.

MD5E. SHA-

B - Which range defines "well known

ports?"

A. 0-

1024 B. 0-

1023 C. 1-

D. 1024-

B - What does RADIUS stand

for?

A. Remote Access Dialup User

Systems

B. Remote Access Dial-in User

Service C. Revoke Access Deny User

Service D. Roaming Access Dial-in User

System

A - In the past, many companies had been hesitant to report

computer crimes.

A. True

B. False

C - If you the text listed below at the beginning or end of an email message,

whatit would

beanindication

of?

mQGiBDfJY1ERBADd1lBX8WlbSHj2uDt6YbMVl4Da3O1yG0exQnEwU3sKQARzs

pNB

zB2BF+ngFiy1+RSfDjfbpwz6vLHo6zQZkT2vKOfDu1e4/LqiuOLpd/6rOrmH/Mvk

A.B. AA virus

wormC. A PGP Signed

messageD. A software

error

A - Although they are accused of being one in the same, hackers and

crackersdistinctl are two

ydifferent groups with different goals pertaining to

computers.

A. True

B. False

A C D - Select three ways to deal

with risk.

A.

AcceptanceB. Avoid /

EliminateC.

Transfer

D.

MitigateE.

Deny

C - Digital Certificates use which

protocol?

A.

X.

B.

X.

C.

X.

D.

X.

E.

X.

F. None of the

above

A.

VerisignB.

Microsoft C.

NetscapeD.

DellE. All of the entities listed could be valid Certificate

Authorities

A - It is difficult to prosecute a computer criminal if warning banners are

not deployed?

A. True

B. False

B - What is the following paragraph an example of? <<ATTN: This system is

forof the use

authorizedpersons only. If you use this system without authority, or if you abuse

yourthen authority,you

aresubject to having all of your activities on this system monitored and

recordedpersonne by system

l.>>

A. Audit Trail

BannerB. Warning

BannerC. Welcome

BannerD. Access Control

Banner

Test virus - EICAR is an example

of a

used to test AV products

introducing a without

livevirus into the

network.

D

is the most famous Unix password

cracking tool.

A. SNIFF

B. ROOT

C.

NMAP

D. CRACK

E. JOLT

C - PGP & PEM are programs that allow users to send encrypted

messagesother. What to each

form of encryption do these programs

use?

A. DES

B.

3DES

C. RSA

D.

3RSA

E.

Blowfish

F. All of the

above

A B C - Which of the following are NT Audit events? (Choose all

that apply)

A. Logon and

LogoffB. Use of User

RightsC. Security Policy

ChangeD. Registry

Tracking E. All of choices are

correct

D - The most secure method for storing backup

tapes is?

A. In a locked desk

drawer B. In the same building, but on a

differentC. In a cool floor dry

climateD. Off site in a climate controlled

areaE. In a fire proof safe inside the data center (for faster

retrieval)F. None of the

above

is a tool used by network administrators to capture

packets from a

Sniffer

networ

k.

C - The IDEA algorithm (used in

PGP) is

bits

long.

A.

56 B.

158 C.

D.

E - Which organization(s) are responsible for the timely distribution of

informationsecurity

intelligencedata

A. CERT

B. SANS

C. CERIAS

D. COAST

E. All of the organizations

listed

E - A password audit consists of

checking for

A. Minimum password

lengthB. Password

agingC. Password

Strength D. Blank

PasswordsE. All of the items

listed

C. Each password must have a combination of upper case, lower case,

numbers and

specia

lcharacter

s D. 6 character minimum password

length

D

is a form of Denial of Service attack which interrupts the TCP

handshak three way

eand leaves half open

connections.

A. DNS Recursion

B. NMAP

C. Land

AttackD. SYN

Flooding E. Port

Scanning

A C - The following actions have been noted as providing motivation to

virus writers?

(Choose all

thatapply

A.

Fame

B.

FortuneC.

BoredomD.

Stupidity

PAP CHAP - The protocol sends passwords in clear text,

while

encryptspasswords. Both protocols are used by PPP (Point to Point Protocol) to

transporttraffi IP

c,

E - Which of the following are used in

Biometrics?

A. Retinal

ScanningB.

Fingerprints C. Face

RecognitionD. Voice

RecognitionE. All of the

aboveF. None of the

above

C - Smart cards are a secure alternative to which weak security

mechanism?

A.

Biometrics

B. Public Key

EncryptionC.

PasswordsD.

Tokens

C - Information security policies are a

D - What type of software can be used to prevent, detect (and

possibly correct) malicious activities on a system?

A. Personal

FirewallB. IDS - host

basedC.

AntivirusD. All methods

listed

A. Necessary

evil

B. Waste of

timeC. Business

enablerD. Inconvenience for the end

userE. All of the answers are

correct

B - Macintosh computers are not at risk for receiving

viruses.A.

TrueB.

False

Hoaxes - Unlike like viruses and

worm,

are bogus messages that

via email spread

forwarding.

D - There are 6 types of security control

practices.

controls

management are

policies,procedures, and guidelines that usually effect the entire system. These types

ofdeal controls

withsystem auditing and

usability.

A.B. Preventive

DetectiveC.

CorrectiveD.

DirectiveE.

RecoveryF. Combination

host based, network based - Name two types of Intrusion Detection

Systems

an

d

A - Today, privacy violations are almost as serious as security

violations?

A. True

B. False

D

is a protocol developed by Visa and MasterCard to protect

electronic

transaction

s.