ISC SSCP System Security Certified Practitioner (SSCP) 30 Q&A
Version DEMO
http://www.selfexamprep.com/sscp.htm
Important Note, Please Read Carefully Other prep2pass products A) Offline Testing engine Use the offline Testing engine product topractice the questions in an exam environment. Build a foundation of knowledge which will be useful also after passing the exam. Latest Version We are constantly reviewing our products. New material is added and old material is revised. Free updates are available for 90 days after the purchase. You should check your member zone at prep2pass and update 3-4 days before the scheduled exam date. Here is the procedure to get the latest version: 1.Go towww.prep2pass.com 2.Click on Log in 3.The latest versions of all purchased products are downloadable from here. Just click the links. For most updates,it is enough just to print the new questions at the end of the new version, not the whole document. Feedback If you spot a possible improvement then please let us know. We always interested in improving product quality. Feedback should be send to feedback@prep2pass.com. You should include the following: Exam number, version, page number, question number, and your login Email. Our experts will answer your mail promptly. Copyright Each iPAD file is a green exe file. if we find out that a particular iPAD Viewer file is being distributed by you, prep2pass reserves the right to take legal action against you according to the International Copyright Laws. Explanations This product does not include explanations at the moment. If you are interested in providing explanations for this exam, please contact feedback@prep2pass.com.
Leading the way in IT testing and certification tools, www.SelfExamPrep.com
-2-
www.prep2pass.com Q: 1 DES - Data Encryption standard has a 128 bit key and is very difficult to break. A. True B. False
Answer: B www.prep2pass.com Q: 2 What is the main difference between computer abuse and computer crime? A. B. C. D.
Amount of damage Intentions of the perpetrator Method of compromise Abuse = company insider; crime = company outsider
Answer: B www.prep2pass.com Q: 3 A standardized list of the most common security weaknesses and exploits is the __________. A. B. C. D.
SANS Top 10 CSI/FBI Computer Crime Study CVE - Common Vulnerabilities and Exposures CERT Top 10
Answer: C www.prep2pass.com Q: 4 A salami attack refers to what type of activity? A. B. C. D.
Embedding or hiding data inside of a legitimate communication - a picture, etc. Hijacking a session and stealing passwords Committing computer crimes in such small doses that they almost go unnoticed Setting a program to attack a website at 11:59 am on New Year's Eve
Leading the way in IT testing and certification tools, www.SelfExamPrep.com
-3-
Answer: C www.prep2pass.com Q: 5 Multi-partite viruses perform which functions? A. B. C. D.
Infect multiple partitions Infect multiple boot sectors Infect numerous workstations Combine both boot and file virus behavior
Answer: D www.prep2pass.com Q: 6 What security principle is based on the division of job responsibilities - designed to prevent fraud? A. B. C. D.
Mandatory Access Control Separation of Duties Information Systems Auditing Concept of Least Privilege
Answer: B www.prep2pass.com Q: 7 _____ is the authoritative entity which lists port assignments A. B. C. D. E.
IANA ISSA Network Solutions Register.com InterNIC
Answer: A www.prep2pass.com Q: 8 Cable modems are less secure than DSL connections because cable modems are shared with other subscribers? A. True B. False Leading the way in IT testing and certification tools, www.SelfExamPrep.com
-4-
Answer: B www.prep2pass.com Q: 9 ____________ is a file system that was poorly designed and has numerous security flaws. A. B. C. D. E.
NTS RPC TCP NFS None of the above
Answer: D www.prep2pass.com Q: 10 Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
Answer: Check prep2pass eEngine, Download from Member Center www.prep2pass.com Q: 11 HTTP, FTP, SMTP reside at which layer of the OSI model? A. B. C. D. E.
Layer 1 - Physical Layer 3 - Network Layer 4 - Transport Layer 7 - Application Layer 2 - Data Link
Answer: D www.prep2pass.com Q: 12 Layer 4 in the DoD model overlaps with which layer(s) of the OSI model? A. Layer 7 - Application Layer B. Layers 2, 3, & 4 - Data Link, Network, and Transport Layers C. Layer 3 - Network Layer Leading the way in IT testing and certification tools, www.SelfExamPrep.com
-5-
D. Layers 5, 6, & 7 - Session, Presentation, and Application Layers
Answer: D www.prep2pass.com Q: 13 A Security Reference Monitor relates to which DoD security standard? A. B. C. D. E.
LC3 C2 D1 L2TP None of the items listed
Answer: B www.prep2pass.com Q: 14 The ability to identify and audit a user and his / her actions is known as ____________. A. B. C. D. E.
Journaling Auditing Accessibility Accountability Forensics
Answer: D www.prep2pass.com Q: 15 There are 5 classes of IP addresses available, but only 3 classes are in common use today, identify the three: (Choose three) A. B. C. D. E.
Class A: 1-126 Class B: 128-191 Class C: 192-223 Class D: 224-255 Class E: 0.0.0.0 - 127.0.0.1
Answer: A, B, C
Leading the way in IT testing and certification tools, www.SelfExamPrep.com
-6-
www.prep2pass.com Q: 16 The ultimate goal of a computer forensics specialist is to ___________________. A. B. C. D.
Testify in court as an expert witness Preserve electronic evidence and protect it from any alteration Protect the company's reputation Investigate the computer crime
Answer: B www.prep2pass.com Q: 17 One method that can reduce exposure to malicious code is to run applications as generic accounts with little or no privileges. A. True B. False
Answer: A www.prep2pass.com Q: 18 ______________ is a major component of an overall risk management program.
Answer: Check prep2pass eEngine, Download from Member Center www.prep2pass.com Q: 19 An attempt to break an encryption algorithm is called _____________.
Answer: Check prep2pass eEngine, Download from Member Center www.prep2pass.com Q: 20 The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack? A. B. C. D.
Spoofing Hijacking Man In The Middle Social Engineering Leading the way in IT testing and certification tools, www.SelfExamPrep.com
-7-
E. Distributed Denial of Service (DDoS)
Answer: C www.prep2pass.com Q: 21 If Big Texastelephone company suddenly started billing you for caller ID and call forwarding without your permission, this practice is referred to as __________________.
Answer: Check prep2pass eEngine, Download from Member Center www.prep2pass.com Q: 22 When an employee leaves the company, their network access account should be __________?
Answer: Check prep2pass eEngine, Download from Member Center www.prep2pass.com Q: 23 Passwords should be changed every ________ days at a minimum. 90 days is the recommended minimum, but some resources will tell you that 30-60 days is ideal.
Answer: Check prep2pass eEngine, Download from Member Center www.prep2pass.com Q: 24 IKE - Internet Key Exchange is often used in conjunction with what security standard? A. B. C. D. E.
SSL OPSEC IPSEC Kerberos All of the above
Leading the way in IT testing and certification tools, www.SelfExamPrep.com
-8-
Answer: C www.prep2pass.com Q: 25 Wiretapping is an example of a passive network attack? A. True B. False
Answer: A www.prep2pass.com Q: 26 What are some of the major differences of Qualitative vs. Quantitative methods of performing risk analysis? (Choose all that apply) A. B. C. D. E. F.
Quantitative analysis uses numeric values Qualitative analysis uses numeric values Quantitative analysis is more time consuming Qualitative analysis is more time consuming Quantitative analysis is based on Annualized Loss Expectancy (ALE) formulas Qualitative analysis is based on Annualized Loss Expectancy (ALE) formulas
Answer: A, C, E www.prep2pass.com Q: 27 Which of the concepts best describes Availability in relation to computer resources? A. Users can gain access to any resource upon request (assuming they have proper permissions) B. Users can make authorized changes to data C. Users can be assured that the data content has not been altered D. None of the concepts describes Availability properly
Answer: A www.prep2pass.com Q: 28 Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model? A. MAC B. L2TP Leading the way in IT testing and certification tools, www.SelfExamPrep.com
-9-
C. SSL D. HTTP E. Ethernet
Answer: E www.prep2pass.com Q: 29 Instructions or code that executes on an end user's machine from a web browser is known as __________ code. A. B. C. D. E.
Active X JavaScript Malware Windows Scripting Mobile
Answer: E www.prep2pass.com Q: 30 Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from? A. B. C. D.
Authorization Authentication Kerberos Mandatory Access Control
Answer: B
Leading the way in IT testing and certification tools, www.SelfExamPrep.com
- 10 -