SSCP Exam Questions
1,274 real SSCP exam questions with expert-verified answers and explanations. Page 22 of 26.
- Question #1076Security Concepts and Practices
What is the main difference between computer abuse and computer crime?
Computer CrimeComputer AbuseLegal FrameworksEthics - Question #1077Security Concepts and Practices
A standardized list of the most common security weaknesses and exploits is the __________.
Vulnerability ManagementCVESecurity StandardsWeaknesses and Exploits - Question #1078Security Concepts and Practices
A salami attack refers to what type of activity?
Salami attackComputer fraudAttack typesFinancial crime - Question #1079Security Concepts and Practices
Multi-partite viruses perform which functions?
Multi-partite virusMalware typesVirus behaviorThreats - Question #1080Security Concepts and Practices
What security principle is based on the division of job responsibilities - designed to prevent fraud?
Security PrinciplesSeparation of DutiesFraud PreventionAdministrative Controls - Question #1081Network and Communications Security
________ is the authoritative entity which lists port assignments
IANAPort assignmentsNetwork protocolsNetworking fundamentals - Question #1082Network and Communications Security
Cable modems are less secure than DSL connections because cable modems are shared with other subscribers?
Network SecurityCable ModemsDSLShared Medium Security - Question #1083Network and Communications Security
____________ is a file system that was poorly designed and has numerous security flaws.
Network File System (NFS)File System SecurityProtocol VulnerabilitiesData Sharing Security - Question #1085Network and Communications Security
HTTP, FTP, SMTP reside at which layer of the OSI model?
OSI ModelApplication LayerNetwork ProtocolsCommon Protocols - Question #1086Network and Communications Security
Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Networking ModelsOSI ModelTCP/IP ModelProtocol Stacks - Question #1087Security Concepts and Practices
A Security Reference Monitor relates to which DoD security standard?
Security Reference MonitorTCSEC (Orange Book)DoD Security StandardsTrusted Computing Base - Question #1088Security Concepts and Practices
The ability to identify and audit a user and his / her actions is known as ____________.
AccountabilitySecurity PrinciplesAuditing - Question #1089Network and Communications Security
There are 5 classes of IP addresses available, but only 3 classes are in common use today, identify the three: (Choose three)
IP AddressingNetwork ProtocolsTCP/IPNetworking Fundamentals - Question #1090Incident Response and Recovery
The ultimate goal of a computer forensics specialist is to ___________________.
Digital ForensicsEvidence PreservationIncident Response - Question #1091Access Controls
One method that can reduce exposure to malicious code is to run applications as generic accounts with little or no privileges.
Least PrivilegeApplication SecurityUser AccountsMalware Prevention - Question #1094Network and Communications Security
The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?
Man-in-the-Middle (MitM)Public Key ExchangeNetwork AttacksCryptographic Attacks - Question #1098Network and Communications Security
IKE - Internet Key Exchange is often used in conjunction with what security standard?
IKEIPSECVPNNetwork Protocols - Question #1099Network and Communications Security
Wiretapping is an example of a passive network attack?
Passive attacksNetwork attacksWiretappingAttack types - Question #1100Risk Identification, Monitoring and Analysis
What are some of the major differences of Qualitative vs. Quantitative methods of performing risk analysis? (Choose all that apply)
Risk Analysis MethodsQualitative Risk AnalysisQuantitative Risk AnalysisAnnualized Loss Expectancy (ALE) - Question #1101Security Concepts and Practices
Which of the concepts best describes Availability in relation to computer resources?
AvailabilityCIA TriadInformation Security PrinciplesResource Access - Question #1102Network and Communications Security
Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
OSI ModelPhysical LayerNetworking FundamentalsEthernet - Question #1103Systems and Application Security
Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
Client-side scriptingWeb browsersApplication securityJavaScript - Question #1104Access Controls
Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
AuthenticationAccess ControlIdentificationSecurity Fundamentals - Question #1105Network and Communications Security
Which of the following is a reason to use a Firewall?
FirewallNetwork SecurityIntrusion PreventionTraffic Filtering - Question #1106Security Concepts and Practices
Which of the following is an attribute of polymorphic code?
Polymorphic malwareMalware characteristicsEvasion techniquesSystem threats - Question #1107Network and Communications Security
Flooding network ports is an example of which type of attack?
Denial of ServiceNetwork attacksPort floodingAttack types - Question #1109Risk Identification, Monitoring and Analysis
Vulnerability x Threat = RISK is an example of the _______________.
Risk ManagementRisk EquationThreat AssessmentVulnerability - Question #1110Incident Response and Recovery
Only law enforcement personnel are qualified to do computer forensic investigations.
Computer ForensicsDigital ForensicsIncident ResponseForensic Roles - Question #1111Risk Identification, Monitoring and Analysis
Countermeasures have three main objectives, what are they? (Choose all that apply)
Security ControlsCountermeasuresPrevent Detect RecoverRisk Management - Question #1113Security Concepts and Practices
An intrusion detection system is an example of what type of countermeasure?
Intrusion Detection SystemSecurity ControlsCountermeasuresDetective Controls - Question #1114Cryptography
So far, no one has been able to crack the IDEA algorithm with Brute Force.
IDEA algorithmBrute-force attacksSymmetric encryption - Question #1116Security Operations and Administration
Which auditing practice relates to the controlling of hardware, software, firmware, and documentation to insure it has not been improperly modified?
Configuration ManagementChange ControlSystem IntegrityAuditing Practices - Question #1117Cryptography
MD5 is a ___________ algorithm
MD5HashingCryptographic AlgorithmsOne-way function - Question #1118Access Controls
Which of the following is an example of One-Time Password technology? (Choose all that apply)
One-Time PasswordAuthenticationS/KeyOPIE - Question #1119Security Operations and Administration
How often should virus definition downloads and system virus scans be completed?
Antivirus managementMalware protectionSecurity hygieneEndpoint security - Question #1120Network and Communications Security
S/MIME was developed for the protection of what communication mechanism(s)?
S/MIMEEmail SecurityCryptographySecure Communication - Question #1121Security Concepts and Practices
Unclassified, Private, Confidential, Secret, Top Secret, and Internal Use Only are levels of ________________
Data classificationInformation sensitivitySecurity labels - Question #1122Risk Identification, Monitoring and Analysis
Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Risk ManagementRisk TransferRisk TreatmentCybersecurity Insurance - Question #1123Systems and Application Security
______________ is a Unix security scanning tool developed at Texas A&M university.
Unix security toolsVulnerability scanningSystem auditing - Question #1125Access Controls
Decentralized access control allows ______________________.
Access Control ModelsDecentralized Access ControlResource OwnershipAccess Rights - Question #1127Systems and Application Security
From a security standpoint, the product development life cycle consists of which of the following?
Secure Software Development Life CycleApplication SecuritySecurity TestingCertification and Accreditation - Question #1128Incident Response and Recovery
Only key members of the staff need to be educated in disaster recovery procedures.
Disaster RecoveryBusiness ContinuitySecurity AwarenessTraining - Question #1129Security Concepts and Practices
A virus is considered to be "in the ______ " if it has been reported as replicating and causing harm to computers.
MalwareVirusThreatsSecurity Terminology - Question #1130Access Controls
____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential, Top Secret, etc..
Mandatory Access Control (MAC)Access Control ModelsSensitivity LabelsInformation Classification - Question #1131Security Concepts and Practices
___________________ viruses change the code order of the strain each time they replicate to another machine.
Polymorphic virusMalware typesVirusesThreats - Question #1132Access Controls
Which major vendor adopted TACACS into its product line as a form of AAA architecture?
TACACSAAA protocolsCiscoNetwork access control - Question #1133Network and Communications Security
Name three types of firewalls __________, _______________, and _________________ (Choose three)
Firewall typesNetwork security devicesPacket filteringStateful inspection - Question #1134Cryptography
This free (for personal use) program is used to encrypt and decrypt emails.
PGPEmail encryptionCryptographic applications - Question #1135Systems and Application Security
__________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
Buffer OverflowProgramming ErrorsVulnerability ExploitationPrivilege Escalation - Question #1136Access Controls
A good password policy uses which of the following guidelines? (Choose all that apply)
Password PolicyPassword Best PracticesAccess ControlUser Authentication