SSCP Exam Questions
1,274 real SSCP exam questions with expert-verified answers and explanations. Page 26 of 26.
- Question #1316Security Concepts and Practices
Which of the following criteria is used to determine the proper classification of a data object? (Choose three)
Data ClassificationData SecurityInformation Asset ManagementData Lifecycle - Question #1317Systems and Application Security
Volatile memory is referred to as ROM.
Volatile memoryNon-volatile memoryROMRAM - Question #1318Systems and Application Security
Define the term tuple.
Database conceptsRelational databasesTupleData structures - Question #1319Systems and Application Security
While there are many different models for IT system life cycle most contain five unique phases. Which of the following would be the first phase?
System Life CycleIT System AcquisitionSecurity Architecture - Question #1320Risk Identification, Monitoring and Analysis
Risk can be totally eliminated through planning, control, procedures, and insurance.<br>(True / False)
Risk ManagementRisk EliminationResidual RiskInformation Security Principles - Question #1321Systems and Application Security
While there are many different models for IT system life cycle, most contain five unique phases. Which of the following would be the last phase?
System Life CycleDisposal PhaseAsset Management - Question #1322Risk Identification, Monitoring and Analysis
Total risk is defined as:
Risk ManagementRisk CalculationThreatsVulnerabilities - Question #1323Risk Identification, Monitoring and Analysis
The amount of risk remaining after security controls have been applied is referred to as:
Residual riskRisk managementSecurity controlsInformation security concepts - Question #1324Security Operations and Administration
Penetration testing involves three steps. Identify the three steps below:<br>(Choose three)
Penetration testing phasesReconnaissanceExploitationPost-exploitation - Question #1325Security Operations and Administration
Penetration testing involves three steps. At which step should an approve penetration test stop?
Penetration TestingPentest PhasesSecurity AssessmentVulnerability Exploitation - Question #1326Security Concepts and Practices
The Trusted Computer Security Evaluation Criteria book (TCSEC) is also referred to as:
TCSECOrange BookSecurity ModelsEvaluation Criteria - Question #1327Security Concepts and Practices
The Trusted Computer Security Evaluation Criteria book (TCSEC) defines two types of assurance. What are they? (Choose two)
TCSECAssurance TypesSecurity ModelsTrusted Systems - Question #1328Security Concepts and Practices
A _________ is an information path that is not normally used for communication within a computer system. It is not protected by the any of the systems security mechanisms.
Covert channelInformation leakageSecurity mechanisms bypass - Question #1329Security Concepts and Practices
Information Security policies should be __________________? (Choose all that apply)
Information Security PoliciesPolicy ManagementPolicy CommunicationPolicy Review - Question #1330Network and Communications Security
Which layer of the OSI model handles encryption?
OSI ModelPresentation LayerEncryptionNetwork Protocols - Question #1331Network and Communications Security
EDI (Electronic Data Interchange) differs from e-Commerce in that ___________________.
EDIe-CommerceComputer-to-Computer CommunicationBusiness-to-Business - Question #1332Cryptography
RSA has all of the following characteristics except?
RSAAsymmetric cryptographyDigital signaturesCryptographic algorithms - Question #1333Security Concepts and Practices
What distinguishes a hacker / cracker from a phreak?
Cybersecurity TerminologyThreat ActorsPhreakingHacker Types - Question #1334Risk Identification, Monitoring and Analysis
Identifying specific attempts to penetrate systems is the function of the _______________.
Intrusion DetectionSecurity MonitoringThreat Detection - Question #1335Security Concepts and Practices
A boot sector virus goes to work when what event takes place?
Boot sector virusMalwareSystem startupVirus types - Question #1336Network and Communications Security
_________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
SET protocolElectronic transactionsPayment security - Question #1337Risk Identification, Monitoring and Analysis
Which of the following are Unix / Linux based security tools?
Security ToolsLinux SecurityVulnerability ScanningFile Integrity Monitoring - Question #1338Network and Communications Security
Layer 4 of the OSI model corresponds to which layer of the DoD model?
OSI ModelDoD ModelNetwork LayersModel Comparison - Question #1339Security Concepts and Practices
The standard of __________ states that a certain level of integrity and information protection levels will be maintained.
Due CareLegal and Regulatory ComplianceSecurity GovernanceInformation Protection