SSCP Exam Questions
1,274 real SSCP exam questions with expert-verified answers and explanations. Page 18 of 26.
- Question #868Network and Communications Security
What is the main characteristic of a bastion host?
Bastion HostSystem HardeningNetwork Security Architecture - Question #869Network and Communications Security
Which of the following statements pertaining to packet switching is incorrect?
Packet SwitchingNetworking FundamentalsData Transmission - Question #870Network and Communications Security
All hosts on an IP network have a logical ID called a(n):
IP addressingNetworking fundamentalsLogical addressing - Question #871Network and Communications Security
Each data packet is assigned the IP address of the sender and the IP address of the:
IP addressingNetwork packetsData transmission - Question #872Network and Communications Security
How long are IPv4 addresses?
IPv4 addressingNetwork protocolsNetwork fundamentalsTCP/IP - Question #873Network and Communications Security
Which of the following is used to find the Media Access Control address (MAC) that matches with a known Internet Protocol (IP) address?
Networking ProtocolsARPIP AddressingMAC Addressing - Question #874Network and Communications Security
Address Resolution Protocol (ARP) interrogates the network by sending out a?
ARPBroadcastNetwork ProtocolsData Link Layer - Question #875Network and Communications Security
When a station communicates on the network for the first time, which of the following protocol would search for and find the Internet Protocol (IP) address that matches with a know...
Networking ProtocolsAddress ResolutionRARPTCP/IP Model - Question #876Network and Communications Security
Which of the following protocols' primary function is to send messages between network devices regarding the health of the network?
Network protocolsICMPNetwork health - Question #877Network and Communications Security
What is the primary reason why some sites choose not to implement Trivial File Transfer Protocol (TFTP)?
TFTPNetwork Protocol SecuritySecurity RisksVulnerabilities - Question #878Network and Communications Security
Why is Network File System (NFS) used?
NFSNetwork ProtocolsFile SharingDistributed File Systems - Question #879Network and Communications Security
Which protocol is used to send email?
Email ProtocolsSMTPNetworking FundamentalsApplication Layer Protocols - Question #880Network and Communications Security
What enables a workstation to boot without requiring a hard or floppy disk drive?
Network ProtocolsBootPDiskless SystemsNetwork Booting - Question #881Access Controls
A potential problem related to the physical installation of the Iris Scanner in regards to the usage of the iris pattern within a biometric system is:
BiometricsIris ScannerPhysical InstallationEnvironmental Factors - Question #882Access Controls
In Mandatory Access Control, sensitivity labels attached to object contain what information?
Mandatory Access Control (MAC)Sensitivity LabelsAccess Control ModelsData Classification - Question #883Access Controls
What are the components of an object's sensitivity label?
Sensitivity LabelsData ClassificationAccess ControlMandatory Access Control - Question #884Access Controls
What does it mean to say that sensitivity labels are "incomparable"?
Sensitivity LabelsAccess Control ModelsInformation ClassificationMulti-level Security - Question #887Access Controls
What is Kerberos?
KerberosAuthentication ProtocolTrusted Third Party - Question #888Access Controls
The three classic ways of authenticating yourself to the computer security software are by something you know, by something you have, and by something:
Authentication factorsBiometricsMulti-factor authentication (MFA) - Question #889Risk Identification, Monitoring and Analysis
A timely review of system access audit records would be an example of which of the basic security functions?
Security functionsDetectionAudit logsSecurity monitoring - Question #890Access Controls
A confidential number used as an authentication factor to verify a user's identity is called a:
Authentication FactorsPINIdentity VerificationAuthentication - Question #892Access Controls
Which of the following is not a logical control when implementing logical access security?
Logical Access ControlsPhysical ControlsAccess Control TypesSecurity Controls - Question #893Access Controls
Which one of the following authentication mechanisms creates a problem for mobile users?
AuthenticationMobile SecurityIP AddressingAccess Control - Question #895Access Controls
Which of the following is addressed by Kerberos?
KerberosAuthenticationConfidentialityIntegrity - Question #896Access Controls
Kerberos is vulnerable to replay in which of the following circumstances?
KerberosAuthentication ProtocolsReplay AttacksVulnerabilities - Question #897Access Controls
Like the Kerberos protocol, SESAME is also subject to which of the following?
KerberosSESAMEAuthentication ProtocolsPassword Attacks - Question #898Access Controls
RADIUS incorporates which of the following services?
RADIUSAuthenticationAccess ControlAAA - Question #899Access Controls
Which of the following protects a password from eavesdroppers and supports the encryption of communication?
CHAPAuthentication ProtocolsPassword ProtectionEavesdropping Prevention - Question #900Access Controls
The Terminal Access Controller Access Control System (TACACS) employs which of the following?
TACACSAuthenticationAccess ControlStatic Passwords - Question #901Risk Identification, Monitoring and Analysis
Which of the following is most relevant to determining the maximum effective cost of access control?
Security EconomicsAsset ValuationCost-Benefit AnalysisAccess Control Justification - Question #902Access Controls
Which of the following is NOT a factor related to Access Control?
Access ControlCIA TriadSecurity PrinciplesInformation Security Fundamentals - Question #903Security Concepts and Practices
Which of the following is most appropriate to notify an external user that session monitoring is being conducted?
User notificationSession monitoringSecurity bannersLegal compliance - Question #904Access Controls
Which of the following pairings uses technology to enforce access control policies?
Security ControlsAccess Control TypesPreventive ControlsTechnical Controls - Question #905Access Controls
Access control is the collection of mechanisms that permits managers of a system to exercise a directing or restraining influence over the behavior, use, and content of a system. I...
Access Control ConceptsAccess Control PurposeSecurity Controls - Question #906Access Controls
Access Control techniques do not include which of the following choices?
Access Control ModelsDACMACLattice-based Access Control - Question #907Access Controls
Which of the following biometric characteristics cannot be used to uniquely authenticate an individual's identity?
BiometricsAuthenticationIdentity Verification - Question #908Access Controls
Which of the following offers advantages such as the ability to use stronger passwords, easier password administration, one set of credential, and faster resource access?
Single Sign-On (SSO)Access ManagementAuthenticationCredential Management - Question #909Access Controls
Which of the following describes the major disadvantage of many Single Sign-On (SSO) implementations?
Single Sign-On (SSO)Access ControlAuthenticationSecurity Risks - Question #910Access Controls
Which of the following is implemented through scripts or smart agents that replays the users multiple log-ins against authentication servers to verify a user's identity which permi...
Single Sign-OnAuthenticationAccess ControlIdentity Management - Question #911Access Controls
Which of the following is a trusted, third party authentication protocol that was developed under Project Athena at MIT?
KerberosAuthentication protocolThird-party authenticationMIT Project Athena - Question #912Access Controls
Which of the following is NOT true of the Kerberos protocol?
KerberosAuthenticationSymmetric CryptographyAccess Control Protocols - Question #913Access Controls
Access Control techniques do not include which of the following?
Access Control ModelsRole-Based Access ControlMandatory Access Control - Question #914Access Controls
Which of the following statements relating to the Bell-LaPadula security model is FALSE (assuming the Strong Star property is not being used) ?
Bell-LaPadulaSecurity ModelsConfidentialityMandatory Access Control - Question #915Systems and Application Security
Which of the following logical access exposures INVOLVES CHANGING data before, or as it is entered into the computer?
Data diddlingLogical access exposuresData integrity threatsMalicious data manipulation - Question #916Access Controls
When a biometric system is used, which error type deals with the possibility of GRANTING access to impostors who should be REJECTED?
BiometricsFalse Acceptance Rate (FAR)Error TypesAccess Control Systems - Question #917Security Concepts and Practices
Which of the following is the FIRST step in protecting data's confidentiality?
Data ClassificationConfidentialitySecurity FundamentalsAsset Identification - Question #918Incident Response and Recovery
Which of the following questions is less likely to help in assessing an organization's contingency planning controls?
Contingency PlanningDisaster Recovery PlanningBusiness Continuity PlanningMedia Handling - Question #919Incident Response and Recovery
When a possible intrusion into your organization's information system has been detected, which of the following actions should be performed first?
Incident ResponseIncident AnalysisIntrusion DetectionScope Determination - Question #920Incident Response and Recovery
When first analyzing an intrusion that has just been detected and confirming that it is a true positive, which of the following actions should be done as a first step if you wish t...
Incident ResponseDigital ForensicsEvidence PreservationOrder of Volatility - Question #921Incident Response and Recovery
In order to be able to successfully prosecute an intruder:
Chain of CustodyDigital ForensicsLegal EvidenceIncident Handling