Independence Day Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

ISC SSCP Systems Security Certified Practitioner Exam Practice Test

Demo: 138 questions
Total 1074 questions

Systems Security Certified Practitioner Questions and Answers

Question 1

What do the ILOVEYOU and Melissa virus attacks have in common?

Options:

A.

They are both denial-of-service (DOS) attacks.

B.

They have nothing in common.

C.

They are both masquerading attacks.

D.

They are both social engineering attacks.

Question 2

What best describes a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own bank account?

Options:

A.

Data fiddling

B.

Data diddling

C.

Salami techniques

D.

Trojan horses

Question 3

In computing what is the name of a non-self-replicating type of malware program containing malicious code that appears to have some useful purpose but also contains code that has a malicious or harmful purpose imbedded in it, when executed, carries out actions that are unknown to the person installing it, typically causing loss or theft of data, and possible system harm.

Options:

A.

virus

B.

worm

C.

Trojan horse.

D.

trapdoor

Question 4

Virus scanning and content inspection of SMIME encrypted e-mail without doing any further processing is:

Options:

A.

Not possible

B.

Only possible with key recovery scheme of all user keys

C.

It is possible only if X509 Version 3 certificates are used

D.

It is possible only by "brute force" decryption

Question 5

Java is not:

Options:

A.

Object-oriented.

B.

Distributed.

C.

Architecture Specific.

D.

Multithreaded.

Question 6

Which of the following virus types changes some of its characteristics as it spreads?

Options:

A.

Boot Sector

B.

Parasitic

C.

Stealth

D.

Polymorphic

Question 7

What is malware that can spread itself over open network connections?

Options:

A.

Worm

B.

Rootkit

C.

Adware

D.

Logic Bomb

Question 8

Which virus category has the capability of changing its own code, making it harder to detect by anti-virus software?

Options:

A.

Stealth viruses

B.

Polymorphic viruses

C.

Trojan horses

D.

Logic bombs

Question 9

Which of the following technologies is a target of XSS or CSS (Cross-Site Scripting) attacks?

Options:

A.

Web Applications

B.

Intrusion Detection Systems

C.

Firewalls

D.

DNS Servers

Question 10

Crackers today are MOST often motivated by their desire to:

Options:

A.

Help the community in securing their networks.

B.

Seeing how far their skills will take them.

C.

Getting recognition for their actions.

D.

Gaining Money or Financial Gains.

Question 11

The high availability of multiple all-inclusive, easy-to-use hacking tools that do NOT require much technical knowledge has brought a growth in the number of which type of attackers?

Options:

A.

Black hats

B.

White hats

C.

Script kiddies

D.

Phreakers

Question 12

Which of the following computer crime is MORE often associated with INSIDERS?

Options:

A.

IP spoofing

B.

Password sniffing

C.

Data diddling

D.

Denial of service (DOS)

Question 13

Which of the following standards concerns digital certificates?

Options:

A.

X.400

B.

X.25

C.

X.509

D.

X.75

Question 14

Brute force attacks against encryption keys have increased in potency because of increased computing power. Which of the following is often considered a good protection against the brute force cryptography attack?

Options:

A.

The use of good key generators.

B.

The use of session keys.

C.

Nothing can defend you against a brute force crypto key attack.

D.

Algorithms that are immune to brute force key attacks.

Question 15

Which of the following was not designed to be a proprietary encryption algorithm?

Options:

A.

RC2

B.

RC4

C.

Blowfish

D.

Skipjack

Question 16

Kerberos depends upon what encryption method?

Options:

A.

Public Key cryptography.

B.

Secret Key cryptography.

C.

El Gamal cryptography.

D.

Blowfish cryptography.

Question 17

Cryptography does NOT help in:

Options:

A.

Detecting fraudulent insertion.

B.

Detecting fraudulent deletion.

C.

Detecting fraudulent modification.

D.

Detecting fraudulent disclosure.

Question 18

What uses a key of the same length as the message where each bit or character from the plaintext is encrypted by a modular addition?

Options:

A.

Running key cipher

B.

One-time pad

C.

Steganography

D.

Cipher block chaining

Question 19

Which of the following encryption methods is known to be unbreakable?

Options:

A.

Symmetric ciphers.

B.

DES codebooks.

C.

One-time pads.

D.

Elliptic Curve Cryptography.

Question 20

What is NOT true about a one-way hashing function?

Options:

A.

It provides authentication of the message

B.

A hash cannot be reverse to get the message used to create the hash

C.

The results of a one-way hash is a message digest

D.

It provides integrity of the message

Question 21

Which of the following ASYMMETRIC encryption algorithms is based on the difficulty of FACTORING LARGE NUMBERS?

Options:

A.

El Gamal

B.

Elliptic Curve Cryptosystems (ECCs)

C.

RSA

D.

International Data Encryption Algorithm (IDEA)

Question 22

Cryptography does not concern itself with which of the following choices?

Options:

A.

Availability

B.

Integrity

C.

Confidentiality

D.

Validation

Question 23

Which of the following binds a subject name to a public key value?

Options:

A.

A public-key certificate

B.

A public key infrastructure

C.

A secret key infrastructure

D.

A private key certificate

Question 24

How are memory cards and smart cards different?

Options:

A.

Memory cards normally hold more memory than smart cards

B.

Smart cards provide a two-factor authentication whereas memory cards don't

C.

Memory cards have no processing power

D.

Only smart cards can be used for ATM cards

Question 25

Controls like guards and general steps to maintain building security, securing of server rooms or laptops, the protection of cables, and usage of magnetic switches on doors and windows are some of the examples of:

Options:

A.

Administrative controls

B.

Logical controls

C.

Technical controls

D.

Physical controls

Question 26

Which of the following would constitute the best example of a password to use for access to a system by a network administrator?

Options:

A.

holiday

B.

Christmas12

C.

Jenny

D.

GyN19Za!

Question 27

What is Kerberos?

Options:

A.

A three-headed dog from the egyptian mythology.

B.

A trusted third-party authentication protocol.

C.

A security model.

D.

A remote authentication dial in user server.

Question 28

Which of the following is most appropriate to notify an internal user that session monitoring is being conducted?

Options:

A.

Logon Banners

B.

Wall poster

C.

Employee Handbook

D.

Written agreement

Question 29

In biometric identification systems, at the beginning, it was soon apparent that truly positive identification could only be based on :

Options:

A.

sex of a person

B.

physical attributes of a person

C.

age of a person

D.

voice of a person

Question 30

Which TCSEC level is labeled Controlled Access Protection?

Options:

A.

C1

B.

C2

C.

C3

D.

B1

Question 31

Which of the following classes is the first level (lower) defined in the TCSEC (Orange Book) as mandatory protection?

Options:

A.

B

B.

A

C.

C

D.

D

Question 32

In Synchronous dynamic password tokens:

Options:

A.

The token generates a new password value at fixed time intervals (this password could be based on the time of day encrypted with a secret key).

B.

The token generates a new non-unique password value at fixed time intervals (this password could be based on the time of day encrypted with a secret key).

C.

The unique password is not entered into a system or workstation along with an owner's PIN.

D.

The authentication entity in a system or workstation knows an owner's secret key and PIN, and the entity verifies that the entered password is invalid and that it was entered during the invalid time window.

Question 33

Detective/Technical measures:

Options:

A.

include intrusion detection systems and automatically-generated violation reports from audit trail information.

B.

do not include intrusion detection systems and automatically-generated violation reports from audit trail information.

C.

include intrusion detection systems but do not include automatically-generated violation reports from audit trail information.

D.

include intrusion detection systems and customised-generated violation reports from audit trail information.

Question 34

Which of the following statements pertaining to Kerberos is false?

Options:

A.

The Key Distribution Center represents a single point of failure.

B.

Kerberos manages access permissions.

C.

Kerberos uses a database to keep a copy of all users' public keys.

D.

Kerberos uses symmetric key cryptography.

Question 35

The Terminal Access Controller Access Control System (TACACS) employs which of the following?

Options:

A.

a user ID and static password for network access

B.

a user ID and dynamic password for network access

C.

a user ID and symmetric password for network access

D.

a user ID and asymmetric password for network access

Question 36

Which of the following are additional access control objectives?

Options:

A.

Consistency and utility

B.

Reliability and utility

C.

Usefulness and utility

D.

Convenience and utility

Question 37

The three classic ways of authenticating yourself to the computer security software are by something you know, by something you have, and by something:

Options:

A.

you need.

B.

non-trivial

C.

you are.

D.

you can get.

Question 38

Which of the following does not apply to system-generated passwords?

Options:

A.

Passwords are harder to remember for users.

B.

If the password-generating algorithm gets to be known, the entire system is in jeopardy.

C.

Passwords are more vulnerable to brute force and dictionary attacks.

D.

Passwords are harder to guess for attackers.

Question 39

Which of the following biometric characteristics cannot be used to uniquely authenticate an individual's identity?

Options:

A.

Retina scans

B.

Iris scans

C.

Palm scans

D.

Skin scans

Question 40

What are the components of an object's sensitivity label?

Options:

A.

A Classification Set and a single Compartment.

B.

A single classification and a single compartment.

C.

A Classification Set and user credentials.

D.

A single classification and a Compartment Set.

Question 41

Which of the following is NOT a type of motion detector?

Options:

A.

Photoelectric sensor

B.

Passive infrared sensors

C.

Microwave Sensor.

D.

Ultrasonic Sensor.

Question 42

Which of the following can best eliminate dial-up access through a Remote Access Server as a hacking vector?

Options:

A.

Using a TACACS+ server.

B.

Installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall.

C.

Setting modem ring count to at least 5.

D.

Only attaching modems to non-networked hosts.

Question 43

Which of the following would be used to implement Mandatory Access Control (MAC)?

Options:

A.

Clark-Wilson Access Control

B.

Role-based access control

C.

Lattice-based access control

D.

User dictated access control

Question 44

What is one disadvantage of content-dependent protection of information?

Options:

A.

It increases processing overhead.

B.

It requires additional password entry.

C.

It exposes the system to data locking.

D.

It limits the user's individual address space.

Question 45

When submitting a passphrase for authentication, the passphrase is converted into ...

Options:

A.

a virtual password by the system

B.

a new passphrase by the system

C.

a new passphrase by the encryption technology

D.

a real password by the system which can be used forever

Question 46

Which of the following questions is less likely to help in assessing physical access controls?

Options:

A.

Does management regularly review the list of persons with physical access to sensitive facilities?

B.

Is the operating system configured to prevent circumvention of the security software and application controls?

C.

Are keys or other access devices needed to enter the computer room and media library?

D.

Are visitors to sensitive areas signed in and escorted?

Question 47

What can best be defined as high-level statements, beliefs, goals and objectives?

Options:

A.

Standards

B.

Policies

C.

Guidelines

D.

Procedures

Question 48

Configuration Management controls what?

Options:

A.

Auditing of changes to the Trusted Computing Base.

B.

Control of changes to the Trusted Computing Base.

C.

Changes in the configuration access to the Trusted Computing Base.

D.

Auditing and controlling any changes to the Trusted Computing Base.

Question 49

One of these statements about the key elements of a good configuration process is NOT true

Options:

A.

Accommodate the reuse of proven standards and best practices

B.

Ensure that all requirements remain clear, concise, and valid

C.

Control modifications to system hardware in order to prevent resource changes

D.

Ensure changes, standards, and requirements are communicated promptly and precisely

Question 50

What can be defined as an abstract machine that mediates all access to objects by subjects to ensure that subjects have the necessary access rights and to protect objects from unauthorized access?

Options:

A.

The Reference Monitor

B.

The Security Kernel

C.

The Trusted Computing Base

D.

The Security Domain

Question 51

When considering an IT System Development Life-cycle, security should be:

Options:

A.

Mostly considered during the initiation phase.

B.

Mostly considered during the development phase.

C.

Treated as an integral part of the overall system design.

D.

Added once the design is completed.

Question 52

When attempting to establish Liability, which of the following would be describe as performing the ongoing maintenance necessary to keep something in proper working order, updated, effective, or to abide by what is commonly expected in a situation?

Options:

A.

Due care

B.

Due concern

C.

Due diligence

D.

Due practice

Question 53

A Security Kernel is defined as a strict implementation of a reference monitor mechanism responsible for enforcing a security policy. To be secure, the kernel must meet three basic conditions, what are they?

Options:

A.

Confidentiality, Integrity, and Availability

B.

Policy, mechanism, and assurance

C.

Isolation, layering, and abstraction

D.

Completeness, Isolation, and Verifiability

Question 54

Which of the following computer design approaches is based on the fact that in earlier technologies, the instruction fetch was the longest part of the cycle?

Options:

A.

Pipelining

B.

Reduced Instruction Set Computers (RISC)

C.

Complex Instruction Set Computers (CISC)

D.

Scalar processors

Question 55

Which of the following is best defined as an administrative declaration by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards?

Options:

A.

Certification

B.

Declaration

C.

Audit

D.

Accreditation

Question 56

The Information Technology Security Evaluation Criteria (ITSEC) was written to address which of the following that the Orange Book did not address?

Options:

A.

integrity and confidentiality.

B.

confidentiality and availability.

C.

integrity and availability.

D.

none of the above.

Question 57

What is it called when a computer uses more than one CPU in parallel to execute instructions?

Options:

A.

Multiprocessing

B.

Multitasking

C.

Multithreading

D.

Parallel running

Question 58

A trusted system does NOT involve which of the following?

Options:

A.

Enforcement of a security policy.

B.

Sufficiency and effectiveness of mechanisms to be able to enforce a security policy.

C.

Assurance that the security policy can be enforced in an efficient and reliable manner.

D.

Independently-verifiable evidence that the security policy-enforcing mechanisms are sufficient and effective.

Question 59

What does "System Integrity" mean?

Options:

A.

The software of the system has been implemented as designed.

B.

Users can't tamper with processes they do not own.

C.

Hardware and firmware have undergone periodic testing to verify that they are functioning properly.

D.

Design specifications have been verified against the formal top-level specification.

Question 60

Which of the following is often the greatest challenge of distributed computing solutions?

Options:

A.

scalability

B.

security

C.

heterogeneity

D.

usability

Question 61

Which of the following statements pertaining to a security policy is incorrect?

Options:

A.

Its main purpose is to inform the users, administrators and managers of their obligatory requirements for protecting technology and information assets.

B.

It specifies how hardware and software should be used throughout the organization.

C.

It needs to have the acceptance and support of all levels of employees within the organization in order for it to be appropriate and effective.

D.

It must be flexible to the changing environment.

Question 62

Which of the following rules is least likely to support the concept of least privilege?

Options:

A.

The number of administrative accounts should be kept to a minimum.

B.

Administrators should use regular accounts when performing routine operations like reading mail.

C.

Permissions on tools that are likely to be used by hackers should be as restrictive as possible.

D.

Only data to and from critical systems and applications should be allowed through the firewall.

Question 63

Which of the following is not a form of passive attack?

Options:

A.

Scavenging

B.

Data diddling

C.

Shoulder surfing

D.

Sniffing

Question 64

What security problem is most likely to exist if an operating system permits objects to be used sequentially by multiple users without forcing a refresh of the objects?

Options:

A.

Disclosure of residual data.

B.

Unauthorized obtaining of a privileged execution state.

C.

Denial of service through a deadly embrace.

D.

Data leakage through covert channels.

Question 65

Which of the following is the MOST important aspect relating to employee termination?

Options:

A.

The details of employee have been removed from active payroll files.

B.

Company property provided to the employee has been returned.

C.

User ID and passwords of the employee have been deleted.

D.

The appropriate company staff are notified about the termination.

Question 66

Memory management in TCSEC levels B3 and A1 operating systems may utilize "data hiding". What does this mean?

Options:

A.

System functions are layered, and none of the functions in a given layer can access data outside that layer.

B.

Auditing processes and their memory addresses cannot be accessed by user processes.

C.

Only security processes are allowed to write to ring zero memory.

D.

It is a form of strong encryption cipher.

Question 67

A security evaluation report and an accreditation statement are produced in which of the following phases of the system development life cycle?

Options:

A.

project initiation and planning phase

B.

system design specification phase

C.

development & documentation phase

D.

acceptance phase

Question 68

Which of the following would be the best criterion to consider in determining the classification of an information asset?

Options:

A.

Value

B.

Age

C.

Useful life

D.

Personal association

Question 69

The control of communications test equipment should be clearly addressed by security policy for which of the following reasons?

Options:

A.

Test equipment is easily damaged.

B.

Test equipment can be used to browse information passing on a network.

C.

Test equipment is difficult to replace if lost or stolen.

D.

Test equipment must always be available for the maintenance personnel.

Question 70

A contingency plan should address:

Options:

A.

Potential risks.

B.

Residual risks.

C.

Identified risks.

D.

All answers are correct.

Question 71

When referring to a computer crime investigation, which of the following would be the MOST important step required in order to preserve and maintain a proper chain of custody of evidence:

Options:

A.

Evidence has to be collected in accordance with all laws and all legal regulations.

B.

Law enforcement officials should be contacted for advice on how and when to collect critical information.

C.

Verifiable documentation indicating the who, what, when, where, and how the evidence was handled should be available.

D.

Log files containing information regarding an intrusion are retained for at least as long as normal business records, and longer in the case of an ongoing investigation.

Question 72

Which of the following proves or disproves a specific act through oral testimony based on information gathered through the witness's five senses?

Options:

A.

Direct evidence.

B.

Circumstantial evidence.

C.

Conclusive evidence.

D.

Corroborative evidence.

Question 73

Notifying the appropriate parties to take action in order to determine the extent of the severity of an incident and to remediate the incident's effects is part of:

Options:

A.

Incident Evaluation

B.

Incident Recognition

C.

Incident Protection

D.

Incident Response

Question 74

Which of the following is the most critical item from a disaster recovery point of view?

Options:

A.

Data

B.

Hardware/Software

C.

Communication Links

D.

Software Applications

Question 75

Which of the following tasks is NOT usually part of a Business Impact Analysis (BIA)?

Options:

A.

Calculate the risk for each different business function.

B.

Identify the company’s critical business functions.

C.

Calculate how long these functions can survive without these resources.

D.

Develop a mission statement.

Question 76

When preparing a business continuity plan, who of the following is responsible for identifying and prioritizing time-critical systems?

Options:

A.

Executive management staff

B.

Senior business unit management

C.

BCP committee

D.

Functional business units

Question 77

Which of the following rules pertaining to a Business Continuity Plan/Disaster Recovery Plan is incorrect?

Options:

A.

In order to facilitate recovery, a single plan should cover all locations.

B.

There should be requirements to form a committee to decide a course of action. These decisions should be made ahead of time and incorporated into the plan.

C.

In its procedures and tasks, the plan should refer to functions, not specific individuals.

D.

Critical vendors should be contacted ahead of time to validate equipment can be obtained in a timely manner.

Question 78

The IP header contains a protocol field. If this field contains the value of 51, what type of data is contained within the ip datagram?

Options:

A.

Transmission Control Protocol (TCP)

B.

Authentication Header (AH)

C.

User datagram protocol (UDP)

D.

Internet Control Message Protocol (ICMP)

Question 79

All of the following can be considered essential business functions that should be identified when creating a Business Impact Analysis (BIA) except one. Which of the following would not be considered an essential element of the BIA but an important TOPIC to include within the BCP plan:

Options:

A.

IT Network Support

B.

Accounting

C.

Public Relations

D.

Purchasing

Question 80

The first step in the implementation of the contingency plan is to perform:

Options:

A.

A firmware backup

B.

A data backup

C.

An operating systems software backup

D.

An application software backup

Question 81

Controls are implemented to:

Options:

A.

eliminate risk and reduce the potential for loss

B.

mitigate risk and eliminate the potential for loss

C.

mitigate risk and reduce the potential for loss

D.

eliminate risk and eliminate the potential for loss

Question 82

Which backup method usually resets the archive bit on the files after they have been backed up?

Options:

A.

Incremental backup method.

B.

Differential backup method.

C.

Partial backup method.

D.

Tape backup method.

Question 83

Which of the following focuses on sustaining an organization's business functions during and after a disruption?

Options:

A.

Business continuity plan

B.

Business recovery plan

C.

Continuity of operations plan

D.

Disaster recovery plan

Question 84

Of the reasons why a Disaster Recovery plan gets outdated, which of the following is not true?

Options:

A.

Personnel turnover

B.

Large plans can take a lot of work to maintain

C.

Continous auditing makes a Disaster Recovery plan irrelevant

D.

Infrastructure and environment changes

Question 85

What is the PRIMARY goal of incident handling?

Options:

A.

Successfully retrieve all evidence that can be used to prosecute

B.

Improve the company's ability to be prepared for threats and disasters

C.

Improve the company's disaster recovery plan

D.

Contain and repair any damage caused by an event.

Question 86

Business Continuity Planning (BCP) is not defined as a preparation that facilitates:

Options:

A.

the rapid recovery of mission-critical business operations

B.

the continuation of critical business functions

C.

the monitoring of threat activity for adjustment of technical controls

D.

the reduction of the impact of a disaster

Question 87

Which of the following backup methods is most appropriate for off-site archiving?

Options:

A.

Incremental backup method

B.

Off-site backup method

C.

Full backup method

D.

Differential backup method

Question 88

Which of the following is an example of an active attack?

Options:

A.

Traffic analysis

B.

Scanning

C.

Eavesdropping

D.

Wiretapping

Question 89

Which of the following is a problem regarding computer investigation issues?

Options:

A.

Information is tangible.

B.

Evidence is easy to gather.

C.

Computer-generated records are only considered secondary evidence, thus are not as reliable as best evidence.

D.

In many instances, an expert or specialist is not required.

Question 90

Which of the following cannot be undertaken in conjunction or while computer incident handling is ongoing?

Options:

A.

System development activity

B.

Help-desk function

C.

System Imaging

D.

Risk management process

Question 91

What is electronic vaulting?

Options:

A.

Information is backed up to tape on a hourly basis and is stored in a on-site vault.

B.

Information is backed up to tape on a daily basis and is stored in a on-site vault.

C.

Transferring electronic journals or transaction logs to an off-site storage facility

D.

A transfer of bulk information to a remote central backup facility.

Question 92

Which of the following item would best help an organization to gain a common understanding of functions that are critical to its survival?

Options:

A.

A risk assessment

B.

A business assessment

C.

A disaster recovery plan

D.

A business impact analysis

Question 93

Why does fiber optic communication technology have significant security advantage over other transmission technology?

Options:

A.

Higher data rates can be transmitted.

B.

Interception of data traffic is more difficult.

C.

Traffic analysis is prevented by multiplexing.

D.

Single and double-bit errors are correctable.

Question 94

A proxy can control which services (FTP and so on) are used by a workstation , and also aids in protecting the network from outsiders who may be trying to get information about the:

Options:

A.

network's design

B.

user base

C.

operating system design

D.

net BIOS' design

Question 95

SMTP can best be described as:

Options:

A.

a host-to-host email protocol.

B.

an email retrieval protocol.

C.

a web-based e-mail reading protocol.

D.

a standard defining the format of e-mail messages.

Question 96

The IP header contains a protocol field. If this field contains the value of 6, what type of data is contained within the ip datagram?

Options:

A.

TCP.

B.

ICMP.

C.

UDP.

D.

IGMP.

Question 97

Which device acting as a translator is used to connect two networks or applications from layer 4 up to layer 7 of the ISO/OSI Model?

Options:

A.

Bridge

B.

Repeater

C.

Router

D.

Gateway

Question 98

When a station communicates on the network for the first time, which of the following protocol would search for and find the Internet Protocol (IP) address that matches with a known Ethernet address?

Options:

A.

Address Resolution Protocol (ARP).

B.

Reverse Address Resolution Protocol (RARP).

C.

Internet Control Message protocol (ICMP).

D.

User Datagram Protocol (UDP).

Question 99

Which of the following is an advantage that UDP has over TCP?

Options:

A.

UDP is connection-oriented whereas TCP is not.

B.

UDP is more reliable than TCP.

C.

UDP is faster than TCP.

D.

UDP makes a better effort to deliver packets.

Question 100

Authentication Headers (AH) and Encapsulating Security Payload (ESP) protocols are the driving force of IPSec. Authentication Headers (AH) provides the following service except:

Options:

A.

Authentication

B.

Integrity

C.

Replay resistance and non-repudiations

D.

Confidentiality

Question 101

In telephony different types of connections are being used. The connection from the phone company's branch office to local customers is referred to as which of the following choices?

Options:

A.

new loop

B.

local loop

C.

loopback

D.

indigenous loop

Question 102

Secure Shell (SSH-2) supports authentication, compression, confidentiality, and integrity, SSH is commonly used as a secure alternative to all of the following protocols below except:

Options:

A.

telnet

B.

rlogin

C.

RSH

D.

HTTPS

Question 103

As per RFC 1122, which of the following is not a defined layer in the DoD TCP/IP protocol model?

Options:

A.

Application layer

B.

Session layer

C.

Internet layer

D.

Link/Network Access Layer

Question 104

What is the primary difference between FTP and TFTP?

Options:

A.

Speed of negotiation

B.

Authentication

C.

Ability to automate

D.

TFTP is used to transfer configuration files to and from network equipment.

Question 105

Which of the following DoD Model layer provides non-repudiation services?

Options:

A.

network layer.

B.

application layer.

C.

transport layer.

D.

data link layer.

Question 106

Which type of attack involves the alteration of a packet at the IP level to convince a system that it is communicating with a known entity in order to gain access to a system?

Options:

A.

TCP sequence number attack

B.

IP spoofing attack

C.

Piggybacking attack

D.

Teardrop attack

Question 107

Which of the following IEEE standards defines the token ring media access method?

Options:

A.

802.3

B.

802.11

C.

802.5

D.

802.2

Question 108

Which type of attack involves hijacking a session between a host and a target by predicting the target's choice of an initial TCP sequence number?

Options:

A.

IP spoofing attack

B.

SYN flood attack

C.

TCP sequence number attack

D.

Smurf attack

Question 109

Which of the following countermeasures would be the most appropriate to prevent possible intrusion or damage from wardialing attacks?

Options:

A.

Monitoring and auditing for such activity

B.

Require user authentication

C.

Making sure only necessary phone numbers are made public

D.

Using completely different numbers for voice and data accesses

Question 110

What is NOT an authentication method within IKE and IPsec?

Options:

A.

CHAP

B.

Pre shared key

C.

certificate based authentication

D.

Public key authentication

Question 111

FTP, TFTP, SNMP, and SMTP are provided at what level of the Open Systems Interconnect (OSI) Reference Model?

Options:

A.

Application

B.

Network

C.

Presentation

D.

Transport

Question 112

Which type of attack involves impersonating a user or a system?

Options:

A.

Smurfing attack

B.

Spoofing attack

C.

Spamming attack

D.

Sniffing attack

Question 113

Which of the following remote access authentication systems is the most robust?

Options:

A.

TACACS+

B.

RADIUS

C.

PAP

D.

TACACS

Question 114

Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)?

Options:

A.

172.12.42.5

B.

172.140.42.5

C.

172.31.42.5

D.

172.15.42.5

Question 115

Which of the following protocols is designed to send individual messages securely?

Options:

A.

Kerberos

B.

Secure Electronic Transaction (SET).

C.

Secure Sockets Layer (SSL).

D.

Secure HTTP (S-HTTP).

Question 116

A host-based IDS is resident on which of the following?

Options:

A.

On each of the critical hosts

B.

decentralized hosts

C.

central hosts

D.

bastion hosts

Question 117

Which of the following is used to monitor network traffic or to monitor host audit logs in real time to determine violations of system security policy that have taken place?

Options:

A.

Intrusion Detection System

B.

Compliance Validation System

C.

Intrusion Management System (IMS)

D.

Compliance Monitoring System

Question 118

A timely review of system access audit records would be an example of which of the basic security functions?

Options:

A.

avoidance

B.

deterrence

C.

prevention

D.

detection

Question 119

As a result of a risk assessment, your security manager has determined that your organization needs to implement an intrusion detection system that can detect unknown attacks and can watch for unusual traffic behavior, such as a new service appearing on the network. What type of intrusion detection system would you select?

Options:

A.

Protocol anomaly based

B.

Pattern matching

C.

Stateful matching

D.

Traffic anomaly-based

Question 120

In order to enable users to perform tasks and duties without having to go through extra steps it is important that the security controls and mechanisms that are in place have a degree of?

Options:

A.

Complexity

B.

Non-transparency

C.

Transparency

D.

Simplicity

Question 121

The fact that a network-based IDS reviews packets payload and headers enable which of the following?

Options:

A.

Detection of denial of service

B.

Detection of all viruses

C.

Detection of data corruption

D.

Detection of all password guessing attacks

Question 122

Which of the following is an issue with signature-based intrusion detection systems?

Options:

A.

Only previously identified attack signatures are detected.

B.

Signature databases must be augmented with inferential elements.

C.

It runs only on the windows operating system

D.

Hackers can circumvent signature evaluations.

Question 123

Which of the following is most likely to be useful in detecting intrusions?

Options:

A.

Access control lists

B.

Security labels

C.

Audit trails

D.

Information security policies

Question 124

Attributable data should be:

Options:

A.

always traced to individuals responsible for observing and recording the data

B.

sometimes traced to individuals responsible for observing and recording the data

C.

never traced to individuals responsible for observing and recording the data

D.

often traced to individuals responsible for observing and recording the data

Question 125

What ensures that the control mechanisms correctly implement the security policy for the entire life cycle of an information system?

Options:

A.

Accountability controls

B.

Mandatory access controls

C.

Assurance procedures

D.

Administrative controls

Question 126

Which of the following is the BEST way to detect software license violations?

Options:

A.

Implementing a corporate policy on copyright infringements and software use.

B.

Requiring that all PCs be diskless workstations.

C.

Installing metering software on the LAN so applications can be accessed through the metered software.

D.

Regularly scanning PCs in use to ensure that unauthorized copies of software have not been loaded on the PC.

Question 127

Which of the following are additional terms used to describe knowledge-based IDS and behavior-based IDS?

Options:

A.

signature-based IDS and statistical anomaly-based IDS, respectively

B.

signature-based IDS and dynamic anomaly-based IDS, respectively

C.

anomaly-based IDS and statistical-based IDS, respectively

D.

signature-based IDS and motion anomaly-based IDS, respectively.

Question 128

Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished:

Options:

A.

through access control mechanisms that require identification and authentication and through the audit function.

B.

through logical or technical controls involving the restriction of access to systems and the protection of information.

C.

through logical or technical controls but not involving the restriction of access to systems and the protection of information.

D.

through access control mechanisms that do not require identification and authentication and do not operate through the audit function.

Question 129

What is the primary goal of setting up a honeypot?

Options:

A.

To lure hackers into attacking unused systems

B.

To entrap and track down possible hackers

C.

To set up a sacrificial lamb on the network

D.

To know when certain types of attacks are in progress and to learn about attack techniques so the network can be fortified.

Question 130

Who can best decide what are the adequate technical security controls in a computer-based application system in regards to the protection of the data being used, the criticality of the data, and it's sensitivity level ?

Options:

A.

System Auditor

B.

Data or Information Owner

C.

System Manager

D.

Data or Information user

Question 131

Which of the following would be LESS likely to prevent an employee from reporting an incident?

Options:

A.

They are afraid of being pulled into something they don't want to be involved with.

B.

The process of reporting incidents is centralized.

C.

They are afraid of being accused of something they didn't do.

D.

They are unaware of the company's security policies and procedures.

Question 132

Which of the following is NOT a fundamental component of an alarm in an intrusion detection system?

Options:

A.

Communications

B.

Enunciator

C.

Sensor

D.

Response

Question 133

Which of the following monitors network traffic in real time?

Options:

A.

network-based IDS

B.

host-based IDS

C.

application-based IDS

D.

firewall-based IDS

Question 134

In the process of gathering evidence from a computer attack, a system administrator took a series of actions which are listed below. Can you identify which one of these actions has compromised the whole evidence collection process?

Options:

A.

Using a write blocker

B.

Made a full-disk image

C.

Created a message digest for log files

D.

Displayed the contents of a folder

Question 135

Why would anomaly detection IDSs often generate a large number of false positives?

Options:

A.

Because they can only identify correctly attacks they already know about.

B.

Because they are application-based are more subject to attacks.

C.

Because they can't identify abnormal behavior.

D.

Because normal patterns of user and system behavior can vary wildly.

Question 136

In an online transaction processing system (OLTP), which of the following actions should be taken when erroneous or invalid transactions are detected?

Options:

A.

The transactions should be dropped from processing.

B.

The transactions should be processed after the program makes adjustments.

C.

The transactions should be written to a report and reviewed.

D.

The transactions should be corrected and reprocessed.

Question 137

Which of the following is not a preventive operational control?

Options:

A.

Protecting laptops, personal computers and workstations.

B.

Controlling software viruses.

C.

Controlling data media access and disposal.

D.

Conducting security awareness and technical training.

Question 138

Knowledge-based Intrusion Detection Systems (IDS) are more common than:

Options:

A.

Network-based IDS

B.

Host-based IDS

C.

Behavior-based IDS

D.

Application-Based IDS

Demo: 138 questions
Total 1074 questions