SSCP Exam Questions
1,274 real SSCP exam questions with expert-verified answers and explanations. Page 23 of 26.
- Question #1137Risk Identification, Monitoring and Analysis
What is the main goal of a risk management program?
Risk ManagementCost-Benefit AnalysisSecurity Program Goals - Question #1138Security Concepts and Practices
The __________ is the most dangerous part of a virus program.
MalwareVirusPayload - Question #1139Cryptography
A one way hash converts a string of random length into a _______________ encrypted string.
Hash functionsCryptography basicsData integrityFixed-length output - Question #1140Security Concepts and Practices
Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Social EngineeringLow-tech attacksHuman elementUnauthorized access - Question #1141Cryptography
Diffie Hellman, RSA, and ___________ are all examples of Public Key cryptography?
Public Key CryptographyAsymmetric AlgorithmsDigital SignaturesCryptographic Standards - Question #1142Access Controls
___________, generally considered "need to know" access is given based on permissions granted to the user.
Access Control ModelsDACDiscretionary Access ControlUser Permissions - Question #1143Security Concepts and Practices
What are the main goals of an information security program? (Choose all that apply)
Information Security GoalsCIA TriadConfidentialityIntegrityAvailability - Question #1144Access Controls
The ability to adjust access control to the exact amount of permission necessary is called ______________.
Access ControlGranularityPermissions - Question #1145Risk Identification, Monitoring and Analysis
Which one of these formulas is used in Quantitative risk analysis?
Quantitative Risk AnalysisSLERisk ManagementRisk Calculation - Question #1146Security Concepts and Practices
Integrity = ______________
IntegrityCIA TriadData IntegrityInformation Security Principles - Question #1147Network and Communications Security
A true network security audit does include an audit for modems?
Network security auditModem securityVulnerability identificationAudit scope - Question #1148Security Concepts and Practices
What is the main difference between a logic bomb and a stealth virus? (Choose all that apply)
MalwareVirusesLogic BombsEvasion Techniques - Question #1149Security Concepts and Practices
What is the minimum recommended length of a security policy?
Security PoliciesPolicy ManagementSecurity GovernanceBusiness Needs - Question #1150Network and Communications Security
There are ______ available service ports
Service PortsTCP/UDP PortsNetworking Fundamentals - Question #1151Incident Response and Recovery
Each of the following is a valid step in handling incidents except ____________
Incident ResponseIncident Handling LifecycleIncident Management - Question #1153Cryptography
Which of the following is NOT and encryption algorithm?
CryptographyEncryption AlgorithmsHash FunctionsCryptographic Protocols - Question #1154Network and Communications Security
Which range defines "well known ports?
Well-known portsTCP/UDPNetworking protocolsPort numbers - Question #1155Access Controls
What does RADIUS stand for?
RADIUSAAA protocolsAuthentication - Question #1156Incident Response and Recovery
In the past, many companies had been hesitant to report computer crimes.
Cybercrime reportingOrganizational behaviorIncident response challenges - Question #1157Cryptography
If you the text listed below at the beginning or end of an email message, what would it be anindication of? mQGiBDfJY1ERBADd1lBX8WlbSHj2uDt6YbMVl4Da3O1yG0exQnEwU3sKQARzspNB zB2BF+n...
PGPDigital SignaturesEmail SecurityCryptography Basics - Question #1158Security Concepts and Practices
Although they are accused of being one in the same, hackers and crackers are two distinctly different groups with different goals pertaining to computers.
hacker definitionscracker definitionscybersecurity terminologyethical hacking concepts - Question #1159Risk Identification, Monitoring and Analysis
Select three ways to deal with risk.
Risk ManagementRisk ResponseRisk Treatment Strategies - Question #1160Cryptography
Digital Certificates use which protocol?
Digital CertificatesX.509PKICryptography Standards - Question #1161Systems and Application Security
What happens if this registry value is set to 1? HKLM\System\CurrentControlSet\Control\Lsa\CrashonAuditFail
Windows SecurityAudit LoggingSystem Hardening - Question #1163Security Concepts and Practices
In a Public Key Infrastructure (PKI), what is the role of a directory server?
PKIDirectory ServerCertificatesPublic Key Infrastructure - Question #1164Network and Communications Security
Which of the following is currently used in conjunction with most Internet-based certificates to provide continuous authentication?
SSL/TLSCertificatesNetwork ProtocolsAuthentication - Question #1165Cryptography
Encryption ciphers that use the same key to encrypt and decrypt are called?
Symmetric encryptionEncryption ciphersCryptography fundamentals - Question #1166Cryptography
A digital signature is made with?
Digital SignaturesAsymmetric CryptographyPrivate KeyHashing - Question #1167Network and Communications Security
What protocol is typically used to login to a remote machine and execute commands?
SSHRemote Access ProtocolsNetwork ProtocolsSecure Communication - Question #1168Cryptography
Which of the following organizations can be a valid Certificate Authority (CA)?
Certificate Authority (CA)Public Key Infrastructure (PKI)Digital CertificatesTrust Management - Question #1169Security Concepts and Practices
It is difficult to prosecute a computer criminal if warning banners are not deployed?
Warning BannersLegal ImplicationsComputer Crime ProsecutionUnauthorized Access - Question #1170Security Concepts and Practices
What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority, or if you abuse your authori...
Warning BannersSystem BannersSecurity ControlsLegal Precedence - Question #1172Access Controls
__________ is the most famous Unix password cracking tool.
Password crackingUnix securitySecurity toolsAuthentication - Question #1173Cryptography
PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
PGPPEMAsymmetric EncryptionRSA - Question #1174Security Operations and Administration
Which of the following are NT Audit events? (Choose all that apply)
Security AuditingEvent LoggingWindows SecurityAudit Events - Question #1175Incident Response and Recovery
The most secure method for storing backup tapes is?
Backup storageDisaster RecoveryOff-site storagePhysical security - Question #1177Cryptography
The IDEA algorithm (used in PGP) is _______ bits long.
IDEA algorithmBlock cipherKey lengthCryptography basics - Question #1178Security Concepts and Practices
Which organization(s) are responsible for the timely distribution of information security intelligence data?
Security IntelligenceSecurity OrganizationsThreat IntelligenceInformation Sharing - Question #1179Access Controls
A password audit consists of checking for ____________?
Password AuditPassword PolicyAccess ControlSecurity Auditing - Question #1181Risk Identification, Monitoring and Analysis
What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
Residual RiskRisk ManagementCountermeasuresVulnerability Management - Question #1182Risk Identification, Monitoring and Analysis
Risk assessment deals with constant monitoring?
Risk assessmentRisk monitoringRisk management process - Question #1183Security Concepts and Practices
Countermeasures address security concerns in which of the following categories?
Security objectivesInformation protectionSecurity principlesCountermeasures - Question #1184Incident Response and Recovery
Which of these virus incidents did not occur in 1999? (Choose all that apply)
malwarevirus incidentssecurity history - Question #1185Security Concepts and Practices
Companies can now be sued for privacy violations just as easily as they can be sued for security compromises.
Data Privacy LawsLegal LiabilityRegulatory ComplianceInformation Governance - Question #1186Access Controls
Passfilt.dll enforces which of the following? (Choose all that apply)
Password PolicyPassword ComplexityWindows SecurityPassfilt.dll - Question #1187Network and Communications Security
_________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
Denial of Service (DoS)SYN FloodingTCP/IP ProtocolNetwork Attacks - Question #1188Security Concepts and Practices
The following actions have been noted as providing motivation to virus writers? (Choose all that apply)
Threat actorsMalware motivationsCybercrime - Question #1190Access Controls
Which of the following are used in Biometrics?
BiometricsAuthenticationIdentificationBiometric factors - Question #1191Access Controls
Smart cards are a secure alternative to which weak security mechanism?
Smart cardsAuthentication factorsPasswordsAccess control - Question #1192Systems and Application Security
What type of software can be used to prevent, detect (and possibly correct) malicious activities on a system?
Host SecurityEndpoint ProtectionSecurity SoftwareMalware Protection