SSCP Topic 2
Question #: 41
Topic #: 2
Which of the following is not one of the three goals of Integrity addressed by the Clark-Wilson model?
A. Prevention of the modification of information by unauthorized users.
B. Prevention of the unauthorized or unintentional modification of information by authorized users.
C. Preservation of the internal and external consistency.
D. Prevention of the modification of information by authorized users.
Selected Answer: D
Question #: 41
Topic #: 1
Which of the following is NOT a technique used to perform a penetration test?
A. traffic padding
B. scanning and probing
C. war dialing
D. sniffing
Selected Answer: D
Question #: 41
Topic #: 3
Which conceptual approach to intrusion detection system is the most common?
A. Behavior-based intrusion detection
B. Knowledge-based intrusion detection
C. Statistical anomaly-based intrusion detection
D. Host-based intrusion detection
Selected Answer: C
Question #: 42
Topic #: 2
External consistency ensures that the data stored in the database is:
A. in-consistent with the real world.
B. remains consistant when sent from one system to another.
C. consistent with the logical world.
D. consistent with the real world.
Selected Answer: B
Question #: 43
Topic #: 3
In order to enable users to perform tasks and duties without having to go through extra steps it is important that the security controls and mechanisms that are in place have a degree of?
A. Complexity
B. Non-transparency
C. Transparency
D. Simplicity
Selected Answer: D
Question #: 44
Topic #: 2
Which of the following is the MOST important aspect relating to employee termination?
A. The details of employee have been removed from active payroll files.
B. Company property provided to the employee has been returned.
C. User ID and passwords of the employee have been deleted.
D. The appropriate company staff are notified about the termination.
Selected Answer: C
Question #: 45
Topic #: 6
In which layer of the OSI Model are connection-oriented protocols located in the TCP/IP suite of protocols?
A. Transport layer
B. Application layer
C. Physical layer
D. Network layer
Selected Answer: B
Question #: 46
Topic #: 1
Which of the following division is defined in the TCSEC (Orange Book) as minimal protection?
A. Division D
B. Division C
C. Division B
D. Division A
Selected Answer: A
Question #: 47
Topic #: 3
The viewing of recorded events after the fact using a closed-circuit TV camera is considered a
A. Preventative control.
B. Detective control
C. Compensating control
D. Corrective control B
Selected Answer: B
Question #: 47
Topic #: 1
Which of the following was developed by the National Computer Security Center (NCSC) for the US Department of Defense ?
A. TCSEC
B. ITSEC
C. DIACAP
D. NIACAP
Selected Answer: A
Question #: 53
Topic #: 6
Communications and network security relates to transmission of which of the following?
A. voice
B. voice and multimedia
C. data and multimedia
D. voice, data and multimedia
Selected Answer: C
Question #: 54
Topic #: 6
One of the following statements about the differences between PPTP and L2TP is NOT true
A. PPTP can run only on top of IP networks.
B. PPTP is an encryption protocol and L2TP is not.
C. L2TP works well with all firewalls and network devices that perform NAT.
D. L2TP supports AAA servers C
Selected Answer: C
Question #: 55
Topic #: 4
A weakness or lack of a safeguard, which may be exploited by a threat, causing harm to the information systems or networks is called a ?
A. Vulnerability
B. Risk
C. Threat
D. Overflow
Selected Answer: A
Question #: 56
Topic #: 4
What is called the probability that a threat to an information system will materialize?
A. Threat
B. Risk
C. Vulnerability
D. Hole
Selected Answer: B
Question #: 56
Topic #: 3
What setup should an administrator use for regularly testing the strength of user passwords?
A. A networked workstation so that the live password database can easily be accessed by the cracking program.
B. A networked workstation so the password database can easily be copied locally and processed by the cracking program.
C. A standalone workstation on which the password database is copied and processed by the cracking program.
D. A password-cracking program is unethical; therefore it should not be used. C
Selected Answer: C
Question #: 60
Topic #: 6
Which of the following methods of providing telecommunications continuity involves the use of an alternative media?
A. Alternative routing
B. Diverse routing
C. Long haul network diversity
D. Last mile circuit protection
Selected Answer: D
Question #: 61
Topic #: 1
To control access by a subject (an active entity such as individual or process) to an object (a passive entity such as a file) involves setting up:
A. Access Rules
B. Access Matrix
C. Identification controls
D. Access terminal
Selected Answer: A
Question #: 62
Topic #: 4
Another example of Computer Incident Response Team (CIRT) activities is:
A. Management of the netware logs, including collection, retention, review, and analysis of data
B. Management of the network logs, including collection and analysis of data
C. Management of the network logs, including review and analysis of data
D. Management of the network logs, including collection, retention, review, and analysis of data
Selected Answer: C
Question #: 62
Topic #: 1
Rule-Based Access Control (RuBAC) access is determined by rules. Such rules would fit within what category of access control ?
A. Discretionary Access Control (DAC)
B. Mandatory Access control (MAC)
C. Non-Discretionary Access Control (NDAC)
D. Lattice-based Access control C
Selected Answer: C
Question #: 64
Topic #: 1
Which access control type has a central authority that determine to what objects the subjects have access to and it is based on role or on the organizational security policy?
A. Mandatory Access Control
B. Discretionary Access Control
C. Non-Discretionary Access Control
D. Rule-based Access control
Selected Answer: C
Question #: 64
Topic #: 4
Which of the following backup methods is primarily run when time and tape space permits, and is used for the system archive or baselined tape sets?
A. full backup method.
B. incremental backup method.
C. differential backup method.
D. tape backup method.
Selected Answer: D
Question #: 65
Topic #: 5
What can be defined as an instance of two different keys generating the same ciphertext from the same plaintext?
A. Key collision
B. Key clustering
C. Hashing
D. Ciphertext collision
Selected Answer: D
Question #: 65
Topic #: 2
Which of the following is a CHARACTERISTIC of a decision support system (DSS) in regards to Threats and Risks Analysis?
A. DSS is aimed at solving highly structured problems.
B. DSS emphasizes flexibility in the decision making approach of users.
C. DSS supports only structured decision-making tasks.
D. DSS combines the use of models with non-traditional data access and retrieval functions.
Selected Answer: D
Question #: 67
Topic #: 1
Which of the following control pairings include: organizational policies and procedures, pre-employment background checks, strict hiring practices, employment agreements, employee termination procedures, vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior awareness, and sign-up procedures to obtain access to information systems and networks?
A. Preventive/Administrative Pairing
B. Preventive/Technical Pairing
C. Preventive/Physical Pairing
D. Detective/Administrative Pairing
Selected Answer: A
Question #: 68
Topic #: 2
What would BEST define a covert channel?
A. An undocumented backdoor that has been left by a programmer in an operating system
B. An open system port that should be closed.
C. A communication channel that allows transfer of information in a manner that violates the system’s security policy.
D. A trojan horse.
Selected Answer: C
Question #: 69
Topic #: 6
Secure Shell (SSH-2) supports authentication, compression, confidentiality, and integrity, SSH is commonly used as a secure alternative to all of the following protocols below except:
A. telnet
B. rlogin
C. RSH
D. HTTPS
Selected Answer: A
Question #: 70
Topic #: 1
What are called user interfaces that limit the functions that can be selected by a user?
A. Constrained user interfaces
B. Limited user interfaces
C. Mini user interfaces
D. Unlimited user interfaces
Selected Answer: B
Question #: 71
Topic #: 1
What would be the name of a Logical or Virtual Table dynamically generated to restrict the information a user can access in a database?
A. Database Management system
B. Database views
C. Database security
D. Database shadowing
Selected Answer: B
Question #: 73
Topic #: 4
Hierarchical Storage Management (HSM) is commonly employed in:
A. very large data retrieval systems
B. very small data retrieval systems
C. shorter data retrieval systems
D. most data retrieval systems A
Selected Answer: A
Question #: 74
Topic #: 1
A central authority determines what subjects can have access to certain objects based on the organizational security policy is called:
A. Mandatory Access Control
B. Discretionary Access Control
C. Non-Discretionary Access Control
D. Rule-based Access control
Selected Answer: A
Question #: 74
Topic #: 2
Which of the following is responsible for MOST of the security issues?
A. Outside espionage
B. Hackers
C. Personnel
D. Equipment failure
Selected Answer: C
Question #: 75
Topic #: 1
What is called the act of a user professing an identity to a system, usually in the form of a log-on ID?
A. Authentication
B. Identification
C. Authorization
D. Confidentiality
Selected Answer: B
Question #: 76
Topic #: 1
What is called the verification that the user’s claimed identity is valid and is usually implemented through a user password at log-on time?
A. Authentication
B. Identification
C. Integrity
D. Confidentiality
Selected Answer: A
Question #: 76
Topic #: 5
Which of the following protects Kerberos against replay attacks?
A. Tokens
B. Passwords
C. Cryptography
D. Time stamps D
Selected Answer: D
Question #: 77
Topic #: 1
Which one of the following factors is NOT one on which Authentication is based?
A. Type 1. Something you know, such as a PIN or password
B. Type 2. Something you have, such as an ATM card or smart card
C. Type 3. Something you are (based upon one or more intrinsic physical or behavioral traits), such as a fingerprint or retina scan
D. Type 4. Something you are, such as a system administrator or security administrator
Selected Answer: D
Question #: 78
Topic #: 1
Which type of password provides maximum security because a new password is required for each new log-on?
A. One-time or dynamic password
B. Congnitive password
C. Static password
D. Passphrase
Selected Answer: A
Question #: 79
Topic #: 1
What is called a password that is the same for each log-on session?
A. “one-time password”
B. “two-time password”
C. static password
D. dynamic password
Selected Answer: C
Question #: 81
Topic #: 1
Which of the following would be true about Static password tokens?
A. The owner identity is authenticated by the token
B. The owner will never be authenticated by the token.
C. The owner will authenticate himself to the system.
D. The token does not authenticates the token owner but the system.
Selected Answer: B
