SSCP Exam Questions
1,274 real SSCP exam questions with expert-verified answers and explanations. Page 24 of 26.
- Question #1193Security Concepts and Practices
Information security policies are a ___________________.
Information Security PoliciesSecurity GovernanceBusiness AlignmentRisk Management - Question #1194Systems and Application Security
Macintosh computers are not at risk for receiving viruses.
MalwareOperating System SecuritySecurity AwarenessVulnerabilities - Question #1196Security Concepts and Practices
There are 6 types of security control practices. ___________ controls are management policies, procedures, and guidelines that usually effect the entire system. These types of cont...
Security ControlsDirective ControlsSecurity PoliciesControl Types - Question #1198Security Concepts and Practices
Today, privacy violations are almost as serious as security violations?
Privacy implicationsSecurity vs. PrivacyLegal and regulatory impactCompliance - Question #1199Network and Communications Security
Which of the following defines session hijacking?
Session hijackingNetwork attacksSecurity definitions - Question #1200Security Concepts and Practices
Which of the following is NOT a characteristic of Computer Virus Hoax?
Computer HoaxMalwareThreat TypesSocial Engineering - Question #1201Incident Response and Recovery
Computer evidence may have a higher burden of proof. Typical challenges include, all except:
Digital ForensicsComputer EvidenceEvidence HandlingLegal Aspects of Security - Question #1202Incident Response and Recovery
When gathering digital evidence it is very important to do the following: (Choose all that apply)
Digital forensicsEvidence collectionChain of custodyForensic imaging - Question #1203Security Concepts and Practices
A security policy is a rigid set of rules that must be followed explicitly in order to be effective.
Security PolicyPolicy CharacteristicsPolicy Effectiveness - Question #1204Systems and Application Security
BIND should be disabled on which of the following?
BINDDNS SecuritySystem HardeningAttack Surface Reduction - Question #1205Network and Communications Security
IPSEC resides at which layer of the OSI model?
IPsecOSI ModelNetwork LayerNetwork Security - Question #1206Cryptography
DES, 3DES, Blowfish, and AES are all examples of what type of cryptography?
Symmetric CryptographySecret Key AlgorithmsEncryption Types - Question #1207Access Controls
Your ATM card is a form of two-factor authentication for what reason?
Two-factor authenticationAuthentication factorsSomething you haveSomething you know - Question #1209Risk Identification, Monitoring and Analysis
BIA - Business Impact Analysis deals strictly with financial assessment of a loss in relation to business operations?
Business Impact Analysis (BIA)Risk ManagementBusiness Continuity PlanningDisaster Recovery Planning - Question #1210Network and Communications Security
Of the protocols list, which one is connection oriented?
Network ProtocolsTCP/IP ModelConnection-orientedTransport Layer - Question #1212Network and Communications Security
Corporate networks are safer if an end user connects through a VPN connection?
VPNNetwork SecurityRemote AccessSecurity Controls - Question #1214Security Concepts and Practices
___________ programs decrease the number of security incidents, educate users about procedures, and can potentially reduce losses.
Security AwarenessUser EducationIncident PreventionSecurity Training - Question #1215Network and Communications Security
What reference model describes computer communication services and protocols in a layered approach?
OSI ModelNetworking ProtocolsLayered ArchitectureCommunication Models - Question #1216Security Concepts and Practices
Government categories of data classification include which of the following? (Choose all that apply)
Data ClassificationGovernment Classification LevelsInformation Security Policies - Question #1217Security Operations and Administration
In the DoD accreditation process a __________ is the formal entity which ensures that information systems meet a certain criteria for secure operation. Once approved these machines...
DoD accreditationDAACertification and Accreditation (C&A)Risk Management Framework (RMF) - Question #1218Systems and Application Security
TCPWrappers is an example of which type of security tool?
TCPWrappersHost-based securityIntrusion Detection Systems (IDS)Access Control - Question #1219Network and Communications Security
Trin00 is an example of what type of attack?
DDoSBotnetAttack toolsMalware - Question #1220Security Concepts and Practices
Inference attacks involve ___________________________.
Inference attacksInformation security attacksData privacy threats - Question #1221Risk Identification, Monitoring and Analysis
Of the following, which is NOT a risk assessment system?
Risk Assessment ModelsRisk Analysis MethodologiesInformation Security Risk - Question #1222Systems and Application Security
Heuristic scanning in antivirus software is designed to catch 100% of all known and unknownvirus technologies.
Antivirus softwareHeuristic scanningMalware detectionSecurity limitations - Question #1223Cryptography
The main difference between MD5 and SHA is what?
Cryptographic HashesMD5SHAHash Output Size - Question #1224Systems and Application Security
The most important component of antivirus software is the _______________?
Antivirus softwareMalware detectionEndpoint securitySecurity controls - Question #1226Network and Communications Security
Sending an ICMP packet greater than 64Kb is an example of what type of attack?
Ping of DeathDenial of ServiceNetwork AttacksICMP - Question #1227Risk Identification, Monitoring and Analysis
Which of the following steps are involved in a basic risk assessment?
Risk assessmentRisk management processThreat identificationAsset identification - Question #1230Network and Communications Security
Echo, chargen, finger, and bootp are all examples of?
Network servicesLegacy protocolsAttack surface reductionVulnerability management - Question #1231Network and Communications Security
The ___________ protocol converts IP addresses (logical) to MAC Addresses (physical)
ARPNetworking ProtocolsAddress ResolutionIP and MAC addresses - Question #1232Risk Identification, Monitoring and Analysis
What are the two most critical aspects of risk analysis? (Choose two)
Risk AnalysisAsset IdentificationThreat IdentificationRisk Management Fundamentals - Question #1233Systems and Application Security
A program that intentionally leaves a security hole or covert method of access is referred to as a ___________.
MalwareBackdoorSecurity vulnerabilitiesCovert access - Question #1235Security Concepts and Practices
Which of the following is NOT an administrative control?
Security ControlsAdministrative ControlsPhysical SecurityControl Types - Question #1237Systems and Application Security
What is a big difference between Java Applets and Active X controls?
Java AppletsActiveX ControlsApplication SecuritySecurity Sandbox - Question #1238Security Concepts and Practices
Which method of password cracking takes the most time and effort?
Password CrackingBrute Force AttackPassword SecurityAttack Methods - Question #1239Access Controls
Words appearing in the English dictionary are not considered to be good passwords, but words appearing in the French, Spanish, Italian, and Japanese dictionaries are not considered...
Password securityDictionary attacksPassword strengthAccess controls - Question #1240Risk Identification, Monitoring and Analysis
Accreditation grants permission to operate a system freely since all risk has been eliminated.
AccreditationRisk ManagementResidual RiskSystem Operation - Question #1241Incident Response and Recovery
Which of the following is not an element of a business continuity plan?
Business Continuity PlanningBCP elementsDisaster RecoveryOrganizational Resilience - Question #1242Network and Communications Security
AH - Authentication Header is used in what industry standard protocol?
IPsecAuthentication Header (AH)Network SecuritySecurity Protocols - Question #1243Security Concepts and Practices
___________________ is ultimately responsible for security and privacy violations.
Organizational responsibilitySecurity governanceAccountabilitySenior management - Question #1245Risk Identification, Monitoring and Analysis
When compiling a risk assessment report, which of the following items should be included? (Choose all that apply)
Risk AssessmentRisk ReportVulnerability AnalysisQuantitative Risk - Question #1246Risk Identification, Monitoring and Analysis
According to the annual CSI/FBI Computer Crime report, which group commits the most computer crimes?
Insider threatComputer crime statisticsThreat actorsRisk identification - Question #1247Network and Communications Security
The SubSeven Trojan has been known to exploit which service ports?
MalwareTrojanNetwork PortsVulnerability Exploitation - Question #1248Systems and Application Security
The NT Event Viewer holds which of the following types of logs?
Event ViewerLogging typesWindows securitySystem monitoring - Question #1250Incident Response and Recovery
When a security violation occurs, what important information should be logged? (Choose all that apply)
Security loggingIncident responseEvent loggingForensic data - Question #1251Security Concepts and Practices
A ______________ is a means, method, or program to neutralize a threat or vulnerability.
CountermeasuresThreatsVulnerabilitiesSecurity Controls - Question #1252Security Concepts and Practices
If a sender is unable to deny having sent an electronic transmission, this concept is known as___________________
Non-repudiationSecurity servicesInformation Security Principles - Question #1253Incident Response and Recovery
The CERT (Computer Emergency Response Team) was created in response to what famous security problem?
CERTMorris WormCybersecurity HistoryIncident Response - Question #1254Access Controls
The NT password cracking program L0pht is capable of pulling passwords from the registry?
Password CrackingWindows SecurityL0phtCrackRegistry Security