New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium ISC SSCP Dumps Questions Answers

Page: 1 / 35
Total 1074 questions

Systems Security Certified Practitioner Questions and Answers

Question 1

Which of the following Intrusion Detection Systems (IDS) uses a database of attacks, known system vulnerabilities, monitoring current attempts to exploit those vulnerabilities, and then triggers an alarm if an attempt is found?

Options:

A.

Knowledge-Based ID System

B.

Application-Based ID System

C.

Host-Based ID System

D.

Network-Based ID System

Buy Now
Question 2

In the process of gathering evidence from a computer attack, a system administrator took a series of actions which are listed below. Can you identify which one of these actions has compromised the whole evidence collection process?

Options:

A.

Using a write blocker

B.

Made a full-disk image

C.

Created a message digest for log files

D.

Displayed the contents of a folder

Question 3

Which of the following usually provides reliable, real-time information without consuming network or host resources?

Options:

A.

network-based IDS

B.

host-based IDS

C.

application-based IDS

D.

firewall-based IDS

Question 4

Who should measure the effectiveness of Information System security related controls in an organization?

Options:

A.

The local security specialist

B.

The business manager

C.

The systems auditor

D.

The central security manager

Question 5

Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished:

Options:

A.

through access control mechanisms that require identification and authentication and through the audit function.

B.

through logical or technical controls involving the restriction of access to systems and the protection of information.

C.

through logical or technical controls but not involving the restriction of access to systems and the protection of information.

D.

through access control mechanisms that do not require identification and authentication and do not operate through the audit function.

Question 6

In what way can violation clipping levels assist in violation tracking and analysis?

Options:

A.

Clipping levels set a baseline for acceptable normal user errors, and violations exceeding that threshold will be recorded for analysis of why the violations occurred.

B.

Clipping levels enable a security administrator to customize the audit trail to record only those violations which are deemed to be security relevant.

C.

Clipping levels enable the security administrator to customize the audit trail to record only actions for users with access to user accounts with a privileged status.

D.

Clipping levels enable a security administrator to view all reductions in security levels which have been made to user accounts which have incurred violations.

Question 7

Attributes that characterize an attack are stored for reference using which of the following Intrusion Detection System (IDS) ?

Options:

A.

signature-based IDS

B.

statistical anomaly-based IDS

C.

event-based IDS

D.

inferent-based IDS

Question 8

Who can best decide what are the adequate technical security controls in a computer-based application system in regards to the protection of the data being used, the criticality of the data, and it's sensitivity level ?

Options:

A.

System Auditor

B.

Data or Information Owner

C.

System Manager

D.

Data or Information user

Question 9

Which of the following is the BEST way to detect software license violations?

Options:

A.

Implementing a corporate policy on copyright infringements and software use.

B.

Requiring that all PCs be diskless workstations.

C.

Installing metering software on the LAN so applications can be accessed through the metered software.

D.

Regularly scanning PCs in use to ensure that unauthorized copies of software have not been loaded on the PC.

Question 10

Which of the following is an issue with signature-based intrusion detection systems?

Options:

A.

Only previously identified attack signatures are detected.

B.

Signature databases must be augmented with inferential elements.

C.

It runs only on the windows operating system

D.

Hackers can circumvent signature evaluations.

Question 11

Several analysis methods can be employed by an IDS, each with its own strengths and weaknesses, and their applicability to any given situation should be carefully considered. There are two basic IDS analysis methods that exists. Which of the basic method is more prone to false positive?

Options:

A.

Pattern Matching (also called signature analysis)

B.

Anomaly Detection

C.

Host-based intrusion detection

D.

Network-based intrusion detection

Question 12

Which of the following are additional terms used to describe knowledge-based IDS and behavior-based IDS?

Options:

A.

signature-based IDS and statistical anomaly-based IDS, respectively

B.

signature-based IDS and dynamic anomaly-based IDS, respectively

C.

anomaly-based IDS and statistical-based IDS, respectively

D.

signature-based IDS and motion anomaly-based IDS, respectively.

Question 13

Which of the following would assist the most in Host Based intrusion detection?

Options:

A.

audit trails.

B.

access control lists.

C.

security clearances

D.

host-based authentication

Question 14

Which of the following monitors network traffic in real time?

Options:

A.

network-based IDS

B.

host-based IDS

C.

application-based IDS

D.

firewall-based IDS

Question 15

Which of the following is required in order to provide accountability?

Options:

A.

Authentication

B.

Integrity

C.

Confidentiality

D.

Audit trails

Question 16

As a result of a risk assessment, your security manager has determined that your organization needs to implement an intrusion detection system that can detect unknown attacks and can watch for unusual traffic behavior, such as a new service appearing on the network. What type of intrusion detection system would you select?

Options:

A.

Protocol anomaly based

B.

Pattern matching

C.

Stateful matching

D.

Traffic anomaly-based

Question 17

How often should a Business Continuity Plan be reviewed?

Options:

A.

At least once a month

B.

At least every six months

C.

At least once a year

D.

At least Quarterly

Question 18

Which of the following is used to monitor network traffic or to monitor host audit logs in real time to determine violations of system security policy that have taken place?

Options:

A.

Intrusion Detection System

B.

Compliance Validation System

C.

Intrusion Management System (IMS)

D.

Compliance Monitoring System

Question 19

Which of the following would NOT violate the Due Diligence concept?

Options:

A.

Security policy being outdated

B.

Data owners not laying out the foundation of data protection

C.

Network administrator not taking mandatory two-week vacation as planned

D.

Latest security patches for servers being installed as per the Patch Management process

Question 20

Which of the following questions are least likely to help in assessing controls covering audit trails?

Options:

A.

Does the audit trail provide a trace of user actions?

B.

Are incidents monitored and tracked until resolved?

C.

Is access to online logs strictly controlled?

D.

Is there separation of duties between security personnel who administer the access control function and those who administer the audit trail?

Question 21

What IDS approach relies on a database of known attacks?

Options:

A.

Signature-based intrusion detection

B.

Statistical anomaly-based intrusion detection

C.

Behavior-based intrusion detection

D.

Network-based intrusion detection

Question 22

Which of the following statements pertaining to ethical hacking is incorrect?

Options:

A.

An organization should use ethical hackers who do not sell auditing, hardware, software, firewall, hosting, and/or networking services.

B.

Testing should be done remotely to simulate external threats.

C.

Ethical hacking should not involve writing to or modifying the target systems negatively.

D.

Ethical hackers never use tools that have the potential of affecting servers or services.

Question 23

Who is responsible for providing reports to the senior management on the effectiveness of the security controls?

Options:

A.

Information systems security professionals

B.

Data owners

C.

Data custodians

D.

Information systems auditors

Question 24

What is a characteristic of using the Electronic Code Book mode of DES encryption?

Options:

A.

A given block of plaintext and a given key will always produce the same ciphertext.

B.

Repetitive encryption obscures any repeated patterns that may have been present in the plaintext.

C.

Individual characters are encoded by combining output from earlier encryption routines with plaintext.

D.

The previous DES output is used as input.

Question 25

Which of the following concerning the Rijndael block cipher algorithm is false?

Options:

A.

The design of Rijndael was strongly influenced by the design of the block cipher Square.

B.

A total of 25 combinations of key length and block length are possible

C.

Both block size and key length can be extended to multiples of 64 bits.

D.

The cipher has a variable block length and key length.

Question 26

Where parties do not have a shared secret and large quantities of sensitive information must be passed, the most efficient means of transferring information is to use Hybrid Encryption Methods. What does this mean?

Options:

A.

Use of public key encryption to secure a secret key, and message encryption using the secret key.

B.

Use of the recipient's public key for encryption and decryption based on the recipient's private key.

C.

Use of software encryption assisted by a hardware encryption accelerator.

D.

Use of elliptic curve encryption.

Question 27

What uses a key of the same length as the message where each bit or character from the plaintext is encrypted by a modular addition?

Options:

A.

Running key cipher

B.

One-time pad

C.

Steganography

D.

Cipher block chaining

Question 28

In a hierarchical PKI the highest CA is regularly called Root CA, it is also referred to by which one of the following term?

Options:

A.

Subordinate CA

B.

Top Level CA

C.

Big CA

D.

Master CA

Question 29

Which of the following algorithms does NOT provide hashing?

Options:

A.

SHA-1

B.

MD2

C.

RC4

D.

MD5

Question 30

When we encrypt or decrypt data there is a basic operation involving ones and zeros where they are compared in a process that looks something like this:

0101 0001 Plain text

0111 0011 Key stream

0010 0010 Output

What is this cryptographic operation called?

Options:

A.

Exclusive-OR

B.

Bit Swapping

C.

Logical-NOR

D.

Decryption

Question 31

Public Key Infrastructure (PKI) uses asymmetric key encryption between parties. The originator encrypts information using the intended recipient's "public" key in order to get confidentiality of the data being sent. The recipients use their own "private" key to decrypt the information. The "Infrastructure" of this methodology ensures that:

Options:

A.

The sender and recipient have reached a mutual agreement on the encryption key exchange that they will use.

B.

The channels through which the information flows are secure.

C.

The recipient's identity can be positively verified by the sender.

D.

The sender of the message is the only other person with access to the recipient's private key.

Question 32

Which of the following terms can be described as the process to conceal data into another file or media in a practice known as security through obscurity?

Options:

A.

Steganography

B.

ADS - Alternate Data Streams

C.

Encryption

D.

NTFS ADS

Question 33

What size is an MD5 message digest (hash)?

Options:

A.

128 bits

B.

160 bits

C.

256 bits

D.

128 bytes

Question 34

Which of the following is NOT an asymmetric key algorithm?

Options:

A.

RSA

B.

Elliptic Curve Cryptosystem (ECC)

C.

El Gamal

D.

Data Encryption System (DES)

Question 35

What is the maximum number of different keys that can be used when encrypting with Triple DES?

Options:

A.

1

B.

2

C.

3

D.

4

Question 36

What kind of certificate is used to validate a user identity?

Options:

A.

Public key certificate

B.

Attribute certificate

C.

Root certificate

D.

Code signing certificate

Question 37

Which of the following is less likely to be used today in creating a Virtual Private Network?

Options:

A.

L2TP

B.

PPTP

C.

IPSec

D.

L2F

Question 38

The RSA algorithm is an example of what type of cryptography?

Options:

A.

Asymmetric Key.

B.

Symmetric Key.

C.

Secret Key.

D.

Private Key.

Question 39

The Data Encryption Algorithm performs how many rounds of substitution and permutation?

Options:

A.

4

B.

16

C.

54

D.

64

Question 40

What is the name for a substitution cipher that shifts the alphabet by 13 places?

Options:

A.

Caesar cipher

B.

Polyalphabetic cipher

C.

ROT13 cipher

D.

Transposition cipher

Question 41

Which of the following would best define a digital envelope?

Options:

A.

A message that is encrypted and signed with a digital certificate.

B.

A message that is signed with a secret key and encrypted with the sender's private key.

C.

A message encrypted with a secret key attached with the message. The secret key is encrypted with the public key of the receiver.

D.

A message that is encrypted with the recipient's public key and signed with the sender's private key.

Question 42

Which of the following is NOT a property of a one-way hash function?

Options:

A.

It converts a message of a fixed length into a message digest of arbitrary length.

B.

It is computationally infeasible to construct two different messages with the same digest.

C.

It converts a message of arbitrary length into a message digest of a fixed length.

D.

Given a digest value, it is computationally infeasible to find the corresponding message.

Question 43

Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to convey session keys. This protocol establishes a long-term key once, and then requires no prior communication in order to establish or exchange keys on a session-by-session basis?

Options:

A.

Internet Security Association and Key Management Protocol (ISAKMP)

B.

Simple Key-management for Internet Protocols (SKIP)

C.

Diffie-Hellman Key Distribution Protocol

D.

IPsec Key exchange (IKE)

Question 44

Which type of algorithm is considered to have the highest strength per bit of key length of any of the asymmetric algorithms?

Options:

A.

Rivest, Shamir, Adleman (RSA)

B.

El Gamal

C.

Elliptic Curve Cryptography (ECC)

D.

Advanced Encryption Standard (AES)

Question 45

PGP uses which of the following to encrypt data?

Options:

A.

An asymmetric encryption algorithm

B.

A symmetric encryption algorithm

C.

A symmetric key distribution system

D.

An X.509 digital certificate

Question 46

The Clipper Chip utilizes which concept in public key cryptography?

Options:

A.

Substitution

B.

Key Escrow

C.

An undefined algorithm

D.

Super strong encryption

Question 47

Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished:

Options:

A.

through access control mechanisms that require identification and authentication and through the audit function.

B.

through logical or technical controls involving the restriction of access to systems and the protection of information.

C.

through logical or technical controls but not involving the restriction of access to systems and the protection of information.

D.

through access control mechanisms that do not require identification and authentication and do not operate through the audit function.

Question 48

Organizations should consider which of the following first before allowing external access to their LANs via the Internet?

Options:

A.

plan for implementing workstation locking mechanisms.

B.

plan for protecting the modem pool.

C.

plan for providing the user with his account usage information.

D.

plan for considering proper authentication options.

Question 49

In biometrics, "one-to-many" search against database of stored biometric images is done in:

Options:

A.

Authentication

B.

Identification

C.

Identities

D.

Identity-based access control

Question 50

Which of the following remote access authentication systems is the most robust?

Options:

A.

TACACS+

B.

RADIUS

C.

PAP

D.

TACACS

Question 51

The control measures that are intended to reveal the violations of security policy using software and hardware are associated with:

Options:

A.

Preventive/physical

B.

Detective/technical

C.

Detective/physical

D.

Detective/administrative

Question 52

Almost all types of detection permit a system's sensitivity to be increased or decreased during an inspection process. If the system's sensitivity is increased, such as in a biometric authentication system, the system becomes increasingly selective and has the possibility of generating:

Options:

A.

Lower False Rejection Rate (FRR)

B.

Higher False Rejection Rate (FRR)

C.

Higher False Acceptance Rate (FAR)

D.

It will not affect either FAR or FRR

Question 53

Which of the following are not Remote Access concerns?

Options:

A.

Justification for remote access

B.

Auditing of activities

C.

Regular review of access privileges

D.

Access badges

Question 54

Which of the following statements pertaining to Kerberos is TRUE?

Options:

A.

Kerberos does not address availability

B.

Kerberos does not address integrity

C.

Kerberos does not make use of Symmetric Keys

D.

Kerberos cannot address confidentiality of information

Question 55

Which of the following access control models requires security clearance for subjects?

Options:

A.

Identity-based access control

B.

Role-based access control

C.

Discretionary access control

D.

Mandatory access control

Question 56

Which of the following is NOT part of the Kerberos authentication protocol?

Options:

A.

Symmetric key cryptography

B.

Authentication service (AS)

C.

Principals

D.

Public Key

Question 57

Guards are appropriate whenever the function required by the security program involves which of the following?

Options:

A.

The use of discriminating judgment

B.

The use of physical force

C.

The operation of access control devices

D.

The need to detect unauthorized access

Question 58

What is the most critical characteristic of a biometric identifying system?

Options:

A.

Perceived intrusiveness

B.

Storage requirements

C.

Accuracy

D.

Scalability

Question 59

The Terminal Access Controller Access Control System (TACACS) employs which of the following?

Options:

A.

a user ID and static password for network access

B.

a user ID and dynamic password for network access

C.

a user ID and symmetric password for network access

D.

a user ID and asymmetric password for network access

Question 60

This is a common security issue that is extremely hard to control in large environments. It occurs when a user has more computer rights, permissions, and access than what is required for the tasks the user needs to fulfill. What best describes this scenario?

Options:

A.

Excessive Rights

B.

Excessive Access

C.

Excessive Permissions

D.

Excessive Privileges

Question 61

In biometrics, the "one-to-one" search used to verify claim to an identity made by a person is considered:

Options:

A.

Authentication

B.

Identification

C.

Auditing

D.

Authorization

Question 62

Which of the following is the most reliable, secure means of removing data from magnetic storage media such as a magnetic tape, or a cassette?

Options:

A.

Degaussing

B.

Parity Bit Manipulation

C.

Zeroization

D.

Buffer overflow

Question 63

Which of the following would assist the most in Host Based intrusion detection?

Options:

A.

audit trails.

B.

access control lists.

C.

security clearances.

D.

host-based authentication.

Question 64

Which of the following is NOT a compensating measure for access violations?

Options:

A.

Backups

B.

Business continuity planning

C.

Insurance

D.

Security awareness

Question 65

The Orange Book is founded upon which security policy model?

Options:

A.

The Biba Model

B.

The Bell LaPadula Model

C.

Clark-Wilson Model

D.

TEMPEST

Question 66

Which of the following is addressed by Kerberos?

Options:

A.

Confidentiality and Integrity

B.

Authentication and Availability

C.

Validation and Integrity

D.

Auditability and Integrity

Question 67

What is called the type of access control where there are pairs of elements that have the least upper bound of values and greatest lower bound of values?

Options:

A.

Mandatory model

B.

Discretionary model

C.

Lattice model

D.

Rule model

Question 68

Which of the following protection devices is used for spot protection within a few inches of the object, rather than for overall room security monitoring?

Options:

A.

Wave pattern motion detectors

B.

Capacitance detectors

C.

Field-powered devices

D.

Audio detectors

Question 69

Which access control model enables the OWNER of the resource to specify what subjects can access specific resources based on their identity?

Options:

A.

Discretionary Access Control

B.

Mandatory Access Control

C.

Sensitive Access Control

D.

Role-based Access Control

Question 70

Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)?

Options:

A.

192.168.42.5

B.

192.166.42.5

C.

192.175.42.5

D.

192.1.42.5

Question 71

What is defined as the manner in which the network devices are organized to facilitate communications?

Options:

A.

LAN transmission methods

B.

LAN topologies

C.

LAN transmission protocols

D.

LAN media access methods

Question 72

Which of the following standards is concerned with message handling?

Options:

A.

X.400

B.

X.500

C.

X.509

D.

X.800

Question 73

Which of the following statements pertaining to Asynchronous Transfer Mode (ATM) is false?

Options:

A.

It can be used for voice

B.

it can be used for data

C.

It carries various sizes of packets

D.

It can be used for video

Question 74

Which type of attack consists of modifying the length and fragmentation offset fields in sequential IP packets?

Options:

A.

Teardrop attack

B.

Smurf attack

C.

SYN attack

D.

Buffer overflow attack

Question 75

Which of the following is NOT a defined ISO basic task related to network management?

Options:

A.

Fault management

B.

Accounting resources

C.

Security management

D.

Communications management

Question 76

Which of the following transmission media would NOT be affected by cross talk or interference?

Options:

A.

Copper cable

B.

Radio System

C.

Satellite radiolink

D.

Fiber optic cables

Question 77

Why are coaxial cables called "coaxial"?

Options:

A.

it includes two physical channels that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running along the same axis.

B.

it includes one physical channel that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running along the same axis

C.

it includes two physical channels that carries the signal surrounded (after a layer of insulation) by another two concentric physical channels, both running along the same axis.

D.

it includes one physical channel that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running perpendicular and along the different axis

Question 78

What can a packet filtering firewall also be called?

Options:

A.

a scanning router

B.

a shielding router

C.

a sniffing router

D.

a screening router

Question 79

In a stateful inspection firewall, data packets are captured by an inspection engine that is operating at the:

Options:

A.

Network or Transport Layer.

B.

Application Layer.

C.

Inspection Layer.

D.

Data Link Layer.

Question 80

What is NOT an authentication method within IKE and IPsec?

Options:

A.

CHAP

B.

Pre shared key

C.

certificate based authentication

D.

Public key authentication

Question 81

Which of the following type of traffic can easily be filtered with a stateful packet filter by enforcing the context or state of the request?

Options:

A.

ICMP

B.

TCP

C.

UDP

D.

IP

Question 82

What layer of the ISO/OSI model do routers normally operate at?

Options:

A.

Data link layer

B.

Session layer

C.

Transport layer

D.

Network layer

Question 83

Which port does the Post Office Protocol Version 3 (POP3) make use of?

Options:

A.

110

B.

109

C.

139

D.

119

Question 84

Which of the following can best eliminate dial-up access through a Remote Access Server as a hacking vector?

Options:

A.

Using a TACACS+ server.

B.

Installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall.

C.

Setting modem ring count to at least 5.

D.

Only attaching modems to non-networked hosts.

Question 85

Which of the following is a token-passing scheme like token ring that also has a second ring that remains dormant until an error condition is detected on the primary ring?

Options:

A.

Fiber Distributed Data Interface (FDDI).

B.

Ethernet

C.

Fast Ethernet

D.

Broadband

Question 86

Which type of attack involves impersonating a user or a system?

Options:

A.

Smurfing attack

B.

Spoofing attack

C.

Spamming attack

D.

Sniffing attack

Question 87

Which of the following NAT firewall translation modes offers no protection from hacking attacks to an internal host using this functionality?

Options:

A.

Network redundancy translation

B.

Load balancing translation

C.

Dynamic translation

D.

Static translation

Question 88

Which type of attack involves hijacking a session between a host and a target by predicting the target's choice of an initial TCP sequence number?

Options:

A.

IP spoofing attack

B.

SYN flood attack

C.

TCP sequence number attack

D.

Smurf attack

Question 89

What is the primary difference between FTP and TFTP?

Options:

A.

Speed of negotiation

B.

Authentication

C.

Ability to automate

D.

TFTP is used to transfer configuration files to and from network equipment.

Question 90

What ISO/OSI layer do switches primarily operate at?

Do take note that this question makes reference to a plain vanilla switch and not one of the smart switches that is available on the market today.

Options:

A.

Physical layer

B.

Network layer

C.

Data link layer

D.

Session layer

Question 91

Which of the following media is MOST resistant to EMI interference?

Options:

A.

microwave

B.

fiber optic

C.

twisted pair

D.

coaxial cable

Question 92

What layer of the OSI/ISO model does Point-to-point tunnelling protocol (PPTP) work at?

Options:

A.

Data link layer

B.

Transport layer

C.

Session layer

D.

Network layer

Question 93

In an organization, an Information Technology security function should:

Options:

A.

Be a function within the information systems function of an organization.

B.

Report directly to a specialized business unit such as legal, corporate security or insurance.

C.

Be lead by a Chief Security Officer and report directly to the CEO.

D.

Be independent but report to the Information Systems function.

Question 94

Related to information security, integrity is the opposite of which of the following?

Options:

A.

abstraction

B.

alteration

C.

accreditation

D.

application

Question 95

Which of the following embodies all the detailed actions that personnel are required to follow?

Options:

A.

Standards

B.

Guidelines

C.

Procedures

D.

Baselines

Question 96

Memory management in TCSEC levels B3 and A1 operating systems may utilize "data hiding". What does this mean?

Options:

A.

System functions are layered, and none of the functions in a given layer can access data outside that layer.

B.

Auditing processes and their memory addresses cannot be accessed by user processes.

C.

Only security processes are allowed to write to ring zero memory.

D.

It is a form of strong encryption cipher.

Question 97

Why does compiled code pose more of a security risk than interpreted code?

Options:

A.

Because malicious code can be embedded in compiled code and be difficult to detect.

B.

If the executed compiled code fails, there is a chance it will fail insecurely.

C.

Because compilers are not reliable.

D.

There is no risk difference between interpreted code and compiled code.

Question 98

A trusted system does NOT involve which of the following?

Options:

A.

Enforcement of a security policy.

B.

Sufficiency and effectiveness of mechanisms to be able to enforce a security policy.

C.

Assurance that the security policy can be enforced in an efficient and reliable manner.

D.

Independently-verifiable evidence that the security policy-enforcing mechanisms are sufficient and effective.

Question 99

According to private sector data classification levels, how would salary levels and medical information be classified?

Options:

A.

Public.

B.

Internal Use Only.

C.

Restricted.

D.

Confidential.

Question 100

Which of the following is the MOST important aspect relating to employee termination?

Options:

A.

The details of employee have been removed from active payroll files.

B.

Company property provided to the employee has been returned.

C.

User ID and passwords of the employee have been deleted.

D.

The appropriate company staff are notified about the termination.

Question 101

What can be described as an imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?

Options:

A.

The security kernel

B.

The reference monitor

C.

The security perimeter

D.

The reference perimeter

Question 102

Which of the following can be used as a covert channel?

Options:

A.

Storage and timing.

B.

Storage and low bits.

C.

Storage and permissions.

D.

Storage and classification.

Question 103

A Security Kernel is defined as a strict implementation of a reference monitor mechanism responsible for enforcing a security policy. To be secure, the kernel must meet three basic conditions, what are they?

Options:

A.

Confidentiality, Integrity, and Availability

B.

Policy, mechanism, and assurance

C.

Isolation, layering, and abstraction

D.

Completeness, Isolation, and Verifiability

Question 104

Which of the following is NOT an administrative control?

Options:

A.

Logical access control mechanisms

B.

Screening of personnel

C.

Development of policies, standards, procedures and guidelines

D.

Change control procedures

Question 105

Preservation of confidentiality within information systems requires that the information is not disclosed to:

Options:

A.

Authorized person

B.

Unauthorized persons or processes.

C.

Unauthorized persons.

D.

Authorized persons and processes

Question 106

What can best be defined as high-level statements, beliefs, goals and objectives?

Options:

A.

Standards

B.

Policies

C.

Guidelines

D.

Procedures

Question 107

Making sure that the data has not been changed unintentionally, due to an accident or malice is:

Options:

A.

Integrity.

B.

Confidentiality.

C.

Availability.

D.

Auditability.

Question 108

A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?

Options:

A.

Covert channel

B.

Overt channel

C.

Opened channel

D.

Closed channel

Question 109

Which of the following would best describe the difference between white-box testing and black-box testing?

Options:

A.

White-box testing is performed by an independent programmer team.

B.

Black-box testing uses the bottom-up approach.

C.

White-box testing examines the program internal logical structure.

D.

Black-box testing involves the business units

Question 110

The information security staff's participation in which of the following system development life cycle phases provides maximum benefit to the organization?

Options:

A.

project initiation and planning phase

B.

system design specifications phase

C.

development and documentation phase

D.

in parallel with every phase throughout the project

Question 111

Making sure that only those who are supposed to access the data can access is which of the following?

Options:

A.

confidentiality.

B.

capability.

C.

integrity.

D.

availability.

Question 112

Which of the following is used in database information security to hide information?

Options:

A.

Inheritance

B.

Polyinstantiation

C.

Polymorphism

D.

Delegation

Question 113

Which of the following phases of a system development life-cycle is most concerned with maintaining proper authentication of users and processes to ensure appropriate access control decisions?

Options:

A.

Development/acquisition

B.

Implementation

C.

Operation/Maintenance

D.

Initiation

Question 114

As per the Orange Book, what are two types of system assurance?

Options:

A.

Operational Assurance and Architectural Assurance.

B.

Design Assurance and Implementation Assurance.

C.

Architectural Assurance and Implementation Assurance.

D.

Operational Assurance and Life-Cycle Assurance.

Question 115

Which of the following test makes sure the modified or new system includes appropriate access controls and does not introduce any security holes that might compromise other systems?

Options:

A.

Recovery testing

B.

Security testing

C.

Stress/volume testing

D.

Interface testing

Question 116

Java is not:

Options:

A.

Object-oriented.

B.

Distributed.

C.

Architecture Specific.

D.

Multithreaded.

Question 117

What best describes a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own bank account?

Options:

A.

Data fiddling

B.

Data diddling

C.

Salami techniques

D.

Trojan horses

Question 118

What do the ILOVEYOU and Melissa virus attacks have in common?

Options:

A.

They are both denial-of-service (DOS) attacks.

B.

They have nothing in common.

C.

They are both masquerading attacks.

D.

They are both social engineering attacks.

Question 119

In computing what is the name of a non-self-replicating type of malware program containing malicious code that appears to have some useful purpose but also contains code that has a malicious or harmful purpose imbedded in it, when executed, carries out actions that are unknown to the person installing it, typically causing loss or theft of data, and possible system harm.

Options:

A.

virus

B.

worm

C.

Trojan horse.

D.

trapdoor

Question 120

What is malware that can spread itself over open network connections?

Options:

A.

Worm

B.

Rootkit

C.

Adware

D.

Logic Bomb

Question 121

The high availability of multiple all-inclusive, easy-to-use hacking tools that do NOT require much technical knowledge has brought a growth in the number of which type of attackers?

Options:

A.

Black hats

B.

White hats

C.

Script kiddies

D.

Phreakers

Question 122

Virus scanning and content inspection of SMIME encrypted e-mail without doing any further processing is:

Options:

A.

Not possible

B.

Only possible with key recovery scheme of all user keys

C.

It is possible only if X509 Version 3 certificates are used

D.

It is possible only by "brute force" decryption

Question 123

Which of the following computer crime is MORE often associated with INSIDERS?

Options:

A.

IP spoofing

B.

Password sniffing

C.

Data diddling

D.

Denial of service (DOS)

Question 124

Which virus category has the capability of changing its own code, making it harder to detect by anti-virus software?

Options:

A.

Stealth viruses

B.

Polymorphic viruses

C.

Trojan horses

D.

Logic bombs

Question 125

Crackers today are MOST often motivated by their desire to:

Options:

A.

Help the community in securing their networks.

B.

Seeing how far their skills will take them.

C.

Getting recognition for their actions.

D.

Gaining Money or Financial Gains.

Question 126

Which of the following technologies is a target of XSS or CSS (Cross-Site Scripting) attacks?

Options:

A.

Web Applications

B.

Intrusion Detection Systems

C.

Firewalls

D.

DNS Servers

Question 127

Which of the following virus types changes some of its characteristics as it spreads?

Options:

A.

Boot Sector

B.

Parasitic

C.

Stealth

D.

Polymorphic

Question 128

Which of the following assertions is NOT true about pattern matching and anomaly detection in intrusion detection?

Options:

A.

Anomaly detection tends to produce more data

B.

A pattern matching IDS can only identify known attacks

C.

Stateful matching scans for attack signatures by analyzing individual packets instead of traffic streams

D.

An anomaly-based engine develops baselines of normal traffic activity and throughput, and alerts on deviations from these baselines

Question 129

Which of the following is NOT a transaction redundancy implementation?

Options:

A.

on-site mirroring

B.

Electronic Vaulting

C.

Remote Journaling

D.

Database Shadowing

Question 130

Which of the following results in the most devastating business interruptions?

Options:

A.

Loss of Hardware/Software

B.

Loss of Data

C.

Loss of Communication Links

D.

Loss of Applications

Question 131

Which of the following backup method must be made regardless of whether Differential or Incremental methods are used?

Options:

A.

Full Backup Method.

B.

Incremental backup method.

C.

Supplemental backup method.

D.

Tape backup method.

Question 132

Which one of the following is NOT one of the outcomes of a vulnerability assessment?

Options:

A.

Quantative loss assessment

B.

Qualitative loss assessment

C.

Formal approval of BCP scope and initiation document

D.

Defining critical support areas

Question 133

A prolonged complete loss of electric power is a:

Options:

A.

brownout

B.

blackout

C.

surge

D.

fault

Question 134

Which of the following could be BEST defined as the likelihood of a threat agent taking advantage of a vulnerability?

Options:

A.

A risk

B.

A residual risk

C.

An exposure

D.

A countermeasure

Question 135

All of the following can be considered essential business functions that should be identified when creating a Business Impact Analysis (BIA) except one. Which of the following would not be considered an essential element of the BIA but an important TOPIC to include within the BCP plan:

Options:

A.

IT Network Support

B.

Accounting

C.

Public Relations

D.

Purchasing

Question 136

Which element must computer evidence have to be admissible in court?

Options:

A.

It must be relevant.

B.

It must be annotated.

C.

It must be printed.

D.

It must contain source code.

Question 137

Which backup method only copies files that have been recently added or changed and also leaves the archive bit unchanged?

Options:

A.

Full backup method

B.

Incremental backup method

C.

Fast backup method

D.

Differential backup method

Question 138

Devices that supply power when the commercial utility power system fails are called which of the following?

Options:

A.

power conditioners

B.

uninterruptible power supplies

C.

power filters

D.

power dividers

Page: 1 / 35
Total 1074 questions