March Sale Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

ISC SSCP Systems Security Certified Practitioner Exam Practice Test

Page: 1 / 107
Total 1074 questions

Systems Security Certified Practitioner Questions and Answers

Question 1

Which of the following ciphers is a subset on which the Vigenere polyalphabetic cipher was based on?

Options:

A.

Caesar

B.

The Jefferson disks

C.

Enigma

D.

SIGABA

Question 2

Virus scanning and content inspection of SMIME encrypted e-mail without doing any further processing is:

Options:

A.

Not possible

B.

Only possible with key recovery scheme of all user keys

C.

It is possible only if X509 Version 3 certificates are used

D.

It is possible only by "brute force" decryption

Question 3

What is NOT true with pre shared key authentication within IKE / IPsec protocol?

Options:

A.

Pre shared key authentication is normally based on simple passwords

B.

Needs a Public Key Infrastructure (PKI) to work

C.

IKE is used to setup Security Associations

D.

IKE builds upon the Oakley protocol and the ISAKMP protocol.

Question 4

Which of the following is best provided by symmetric cryptography?

Options:

A.

Confidentiality

B.

Integrity

C.

Availability

D.

Non-repudiation

Question 5

Which of the following is a symmetric encryption algorithm?

Options:

A.

RSA

B.

Elliptic Curve

C.

RC5

D.

El Gamal

Question 6

Which of the following statements pertaining to stream ciphers is correct?

Options:

A.

A stream cipher is a type of asymmetric encryption algorithm.

B.

A stream cipher generates what is called a keystream.

C.

A stream cipher is slower than a block cipher.

D.

A stream cipher is not appropriate for hardware-based encryption.

Question 7

Which of the following offers confidentiality to an e-mail message?

Options:

A.

The sender encrypting it with its private key.

B.

The sender encrypting it with its public key.

C.

The sender encrypting it with the receiver's public key.

D.

The sender encrypting it with the receiver's private key.

Question 8

The computations involved in selecting keys and in enciphering data are complex, and are not practical for manual use. However, using mathematical properties of modular arithmetic and a method known as "_________________," RSA is quite feasible for computer use.

Options:

A.

computing in Galois fields

B.

computing in Gladden fields

C.

computing in Gallipoli fields

D.

computing in Galbraith fields

Question 9

Which of the following service is not provided by a public key infrastructure (PKI)?

Options:

A.

Access control

B.

Integrity

C.

Authentication

D.

Reliability

Question 10

Which of the following is more suitable for a hardware implementation?

Options:

A.

Stream ciphers

B.

Block ciphers

C.

Cipher block chaining

D.

Electronic code book

Question 11

Which of the following is not a one-way hashing algorithm?

Options:

A.

MD2

B.

RC4

C.

SHA-1

D.

HAVAL

Question 12

Which of the following is NOT a known type of Message Authentication Code (MAC)?

Options:

A.

Keyed-hash message authentication code (HMAC)

B.

DES-CBC

C.

Signature-based MAC (SMAC)

D.

Universal Hashing Based MAC (UMAC)

Question 13

Which of the following issues is not addressed by digital signatures?

Options:

A.

nonrepudiation

B.

authentication

C.

data integrity

D.

denial-of-service

Question 14

Which of the following is not an example of a block cipher?

Options:

A.

Skipjack

B.

IDEA

C.

Blowfish

D.

RC4

Question 15

Which of the following encryption methods is known to be unbreakable?

Options:

A.

Symmetric ciphers.

B.

DES codebooks.

C.

One-time pads.

D.

Elliptic Curve Cryptography.

Question 16

Which protocol makes USE of an electronic wallet on a customer's PC and sends encrypted credit card information to merchant's Web server, which digitally signs it and sends it on to its processing bank?

Options:

A.

SSH ( Secure Shell)

B.

S/MIME (Secure MIME)

C.

SET (Secure Electronic Transaction)

D.

SSL (Secure Sockets Layer)

Question 17

Which of the following are suitable protocols for securing VPN connections at the lower layers of the OSI model?

Options:

A.

S/MIME and SSH

B.

TLS and SSL

C.

IPsec and L2TP

D.

PKCS#10 and X.509

Question 18

What key size is used by the Clipper Chip?

Options:

A.

40 bits

B.

56 bits

C.

64 bits

D.

80 bits

Question 19

Which of the following algorithms is used today for encryption in PGP?

Options:

A.

RSA

B.

IDEA

C.

Blowfish

D.

RC5

Question 20

Which of the following answers is described as a random value used in cryptographic algorithms to ensure that patterns are not created during the encryption process?

Options:

A.

IV - Initialization Vector

B.

Stream Cipher

C.

OTP - One Time Pad

D.

Ciphertext

Question 21

Which of the following is NOT an asymmetric key algorithm?

Options:

A.

RSA

B.

Elliptic Curve Cryptosystem (ECC)

C.

El Gamal

D.

Data Encryption System (DES)

Question 22

What is the name of a one way transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string? Such a transformation cannot be reversed?

Options:

A.

One-way hash

B.

DES

C.

Transposition

D.

Substitution

Question 23

Which type of attack is based on the probability of two different messages using the same hash function producing a common message digest?

Options:

A.

Differential cryptanalysis

B.

Differential linear cryptanalysis

C.

Birthday attack

D.

Statistical attack

Question 24

Which of the following Intrusion Detection Systems (IDS) uses a database of attacks, known system vulnerabilities, monitoring current attempts to exploit those vulnerabilities, and then triggers an alarm if an attempt is found?

Options:

A.

Knowledge-Based ID System

B.

Application-Based ID System

C.

Host-Based ID System

D.

Network-Based ID System

Question 25

What ensures that the control mechanisms correctly implement the security policy for the entire life cycle of an information system?

Options:

A.

Accountability controls

B.

Mandatory access controls

C.

Assurance procedures

D.

Administrative controls

Question 26

Which of the following is needed for System Accountability?

Options:

A.

Audit mechanisms.

B.

Documented design as laid out in the Common Criteria.

C.

Authorization.

D.

Formal verification of system design.

Question 27

Which of the following would be LESS likely to prevent an employee from reporting an incident?

Options:

A.

They are afraid of being pulled into something they don't want to be involved with.

B.

The process of reporting incidents is centralized.

C.

They are afraid of being accused of something they didn't do.

D.

They are unaware of the company's security policies and procedures.

Question 28

Which of the following tools is less likely to be used by a hacker?

Options:

A.

l0phtcrack

B.

Tripwire

C.

OphCrack

D.

John the Ripper

Question 29

In an online transaction processing system (OLTP), which of the following actions should be taken when erroneous or invalid transactions are detected?

Options:

A.

The transactions should be dropped from processing.

B.

The transactions should be processed after the program makes adjustments.

C.

The transactions should be written to a report and reviewed.

D.

The transactions should be corrected and reprocessed.

Question 30

The fact that a network-based IDS reviews packets payload and headers enable which of the following?

Options:

A.

Detection of denial of service

B.

Detection of all viruses

C.

Detection of data corruption

D.

Detection of all password guessing attacks

Question 31

Which of the following is NOT a valid reason to use external penetration service firms rather than corporate resources?

Options:

A.

They are more cost-effective

B.

They offer a lack of corporate bias

C.

They use highly talented ex-hackers

D.

They ensure a more complete reporting

Question 32

What setup should an administrator use for regularly testing the strength of user passwords?

Options:

A.

A networked workstation so that the live password database can easily be accessed by the cracking program.

B.

A networked workstation so the password database can easily be copied locally and processed by the cracking program.

C.

A standalone workstation on which the password database is copied and processed by the cracking program.

D.

A password-cracking program is unethical; therefore it should not be used.

Question 33

Which of the following reviews system and event logs to detect attacks on the host and determine if the attack was successful?

Options:

A.

host-based IDS

B.

firewall-based IDS

C.

bastion-based IDS

D.

server-based IDS

Question 34

Which conceptual approach to intrusion detection system is the most common?

Options:

A.

Behavior-based intrusion detection

B.

Knowledge-based intrusion detection

C.

Statistical anomaly-based intrusion detection

D.

Host-based intrusion detection

Question 35

Which of the following is NOT a characteristic of a host-based intrusion detection system?

Options:

A.

A HIDS does not consume large amounts of system resources

B.

A HIDS can analyse system logs, processes and resources

C.

A HIDS looks for unauthorized changes to the system

D.

A HIDS can notify system administrators when unusual events are identified

Question 36

Which of the following monitors network traffic in real time?

Options:

A.

network-based IDS

B.

host-based IDS

C.

application-based IDS

D.

firewall-based IDS

Question 37

Why would anomaly detection IDSs often generate a large number of false positives?

Options:

A.

Because they can only identify correctly attacks they already know about.

B.

Because they are application-based are more subject to attacks.

C.

Because they can't identify abnormal behavior.

D.

Because normal patterns of user and system behavior can vary wildly.

Question 38

If an organization were to monitor their employees' e-mail, it should not:

Options:

A.

Monitor only a limited number of employees.

B.

Inform all employees that e-mail is being monitored.

C.

Explain who can read the e-mail and how long it is backed up.

D.

Explain what is considered an acceptable use of the e-mail system.

Question 39

Which of the following would assist the most in Host Based intrusion detection?

Options:

A.

audit trails.

B.

access control lists.

C.

security clearances

D.

host-based authentication

Question 40

Several analysis methods can be employed by an IDS, each with its own strengths and weaknesses, and their applicability to any given situation should be carefully considered. There are two basic IDS analysis methods that exists. Which of the basic method is more prone to false positive?

Options:

A.

Pattern Matching (also called signature analysis)

B.

Anomaly Detection

C.

Host-based intrusion detection

D.

Network-based intrusion detection

Question 41

Which of the following statements pertaining to ethical hacking is incorrect?

Options:

A.

An organization should use ethical hackers who do not sell auditing, hardware, software, firewall, hosting, and/or networking services.

B.

Testing should be done remotely to simulate external threats.

C.

Ethical hacking should not involve writing to or modifying the target systems negatively.

D.

Ethical hackers never use tools that have the potential of affecting servers or services.

Question 42

Knowledge-based Intrusion Detection Systems (IDS) are more common than:

Options:

A.

Network-based IDS

B.

Host-based IDS

C.

Behavior-based IDS

D.

Application-Based IDS

Question 43

Which of the following is not a preventive operational control?

Options:

A.

Protecting laptops, personal computers and workstations.

B.

Controlling software viruses.

C.

Controlling data media access and disposal.

D.

Conducting security awareness and technical training.

Question 44

Which of the following is an IDS that acquires data and defines a "normal" usage profile for the network or host?

Options:

A.

Statistical Anomaly-Based ID

B.

Signature-Based ID

C.

dynamical anomaly-based ID

D.

inferential anomaly-based ID

Question 45

Due care is not related to:

Options:

A.

Good faith

B.

Prudent man

C.

Profit

D.

Best interest

Question 46

Which of the following is used to monitor network traffic or to monitor host audit logs in real time to determine violations of system security policy that have taken place?

Options:

A.

Intrusion Detection System

B.

Compliance Validation System

C.

Intrusion Management System (IMS)

D.

Compliance Monitoring System

Question 47

Which of the following BEST explains why computerized information systems frequently fail to meet the needs of users?

Options:

A.

Inadequate quality assurance (QA) tools.

B.

Constantly changing user needs.

C.

Inadequate user participation in defining the system's requirements.

D.

Inadequate project management.

Question 48

Risk analysis is MOST useful when applied during which phase of the system development process?

Options:

A.

Project initiation and Planning

B.

Functional Requirements definition

C.

System Design Specification

D.

Development and Implementation

Question 49

Which of the following is best defined as an administrative declaration by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards?

Options:

A.

Certification

B.

Declaration

C.

Audit

D.

Accreditation

Question 50

IT security measures should:

Options:

A.

Be complex

B.

Be tailored to meet organizational security goals.

C.

Make sure that every asset of the organization is well protected.

D.

Not be developed in a layered fashion.

Question 51

What can best be defined as the detailed examination and testing of the security features of an IT system or product to ensure that they work correctly and effectively and do not show any logical vulnerabilities, such as evaluation criteria?

Options:

A.

Acceptance testing

B.

Evaluation

C.

Certification

D.

Accreditation

Question 52

Which of the following is not a responsibility of an information (data) owner?

Options:

A.

Determine what level of classification the information requires.

B.

Periodically review the classification assignments against business needs.

C.

Delegate the responsibility of data protection to data custodians.

D.

Running regular backups and periodically testing the validity of the backup data.

Question 53

Which of the following is not one of the three goals of Integrity addressed by the Clark-Wilson model?

Options:

A.

Prevention of the modification of information by unauthorized users.

B.

Prevention of the unauthorized or unintentional modification of information by authorized users.

C.

Preservation of the internal and external consistency.

D.

Prevention of the modification of information by authorized users.

Question 54

Which of the following is a CHARACTERISTIC of a decision support system (DSS) in regards to Threats and Risks Analysis?

Options:

A.

DSS is aimed at solving highly structured problems.

B.

DSS emphasizes flexibility in the decision making approach of users.

C.

DSS supports only structured decision-making tasks.

D.

DSS combines the use of models with non-traditional data access and retrieval functions.

Question 55

In an organization, an Information Technology security function should:

Options:

A.

Be a function within the information systems function of an organization.

B.

Report directly to a specialized business unit such as legal, corporate security or insurance.

C.

Be lead by a Chief Security Officer and report directly to the CEO.

D.

Be independent but report to the Information Systems function.

Question 56

Which of the following would MOST likely ensure that a system development project meets business objectives?

Options:

A.

Development and tests are run by different individuals

B.

User involvement in system specification and acceptance

C.

Development of a project plan identifying all development activities

D.

Strict deadlines and budgets

Question 57

Which of the following is often the greatest challenge of distributed computing solutions?

Options:

A.

scalability

B.

security

C.

heterogeneity

D.

usability

Question 58

Which of the following is not a component of a Operations Security "triples"?

Options:

A.

Asset

B.

Threat

C.

Vulnerability

D.

Risk

Question 59

Which of the following is NOT a basic component of security architecture?

Options:

A.

Motherboard

B.

Central Processing Unit (CPU

C.

Storage Devices

D.

Peripherals (input/output devices)

Question 60

A trusted system does NOT involve which of the following?

Options:

A.

Enforcement of a security policy.

B.

Sufficiency and effectiveness of mechanisms to be able to enforce a security policy.

C.

Assurance that the security policy can be enforced in an efficient and reliable manner.

D.

Independently-verifiable evidence that the security policy-enforcing mechanisms are sufficient and effective.

Question 61

As per the Orange Book, what are two types of system assurance?

Options:

A.

Operational Assurance and Architectural Assurance.

B.

Design Assurance and Implementation Assurance.

C.

Architectural Assurance and Implementation Assurance.

D.

Operational Assurance and Life-Cycle Assurance.

Question 62

Which must bear the primary responsibility for determining the level of protection needed for information systems resources?

Options:

A.

IS security specialists

B.

Senior Management

C.

Senior security analysts

D.

systems Auditors

Question 63

An effective information security policy should not have which of the following characteristic?

Options:

A.

Include separation of duties

B.

Be designed with a short- to mid-term focus

C.

Be understandable and supported by all stakeholders

D.

Specify areas of responsibility and authority

Question 64

Who is responsible for implementing user clearances in computer-based information systems at the B3 level of the TCSEC rating ?

Options:

A.

Security administrators

B.

Operators

C.

Data owners

D.

Data custodians

Question 65

The control of communications test equipment should be clearly addressed by security policy for which of the following reasons?

Options:

A.

Test equipment is easily damaged.

B.

Test equipment can be used to browse information passing on a network.

C.

Test equipment is difficult to replace if lost or stolen.

D.

Test equipment must always be available for the maintenance personnel.

Question 66

Which of the following is an advantage in using a bottom-up versus a top-down approach to software testing?

Options:

A.

Interface errors are detected earlier.

B.

Errors in critical modules are detected earlier.

C.

Confidence in the system is achieved earlier.

D.

Major functions and processing are tested earlier.

Question 67

Which of the following is used to interrupt the opportunity to use or perform collusion to subvert operation for fraudulent purposes?

Options:

A.

Key escrow

B.

Rotation of duties

C.

Principle of need-to-know

D.

Principle of least privilege

Question 68

Configuration Management controls what?

Options:

A.

Auditing of changes to the Trusted Computing Base.

B.

Control of changes to the Trusted Computing Base.

C.

Changes in the configuration access to the Trusted Computing Base.

D.

Auditing and controlling any changes to the Trusted Computing Base.

Question 69

Which of the following is based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes?

Options:

A.

The Software Capability Maturity Model (CMM)

B.

The Spiral Model

C.

The Waterfall Model

D.

Expert Systems Model

Question 70

How can an individual/person best be identified or authenticated to prevent local masquarading attacks?

Options:

A.

UserId and password

B.

Smart card and PIN code

C.

Two-factor authentication

D.

Biometrics

Question 71

Which of the following biometric parameters are better suited for authentication use over a long period of time?

Options:

A.

Iris pattern

B.

Voice pattern

C.

Signature dynamics

D.

Retina pattern

Question 72

Which of the following classes is defined in the TCSEC (Orange Book) as discretionary protection?

Options:

A.

C

B.

B

C.

A

D.

D

Question 73

Password management falls into which control category?

Options:

A.

Compensating

B.

Detective

C.

Preventive

D.

Technical

Question 74

What is called the percentage of valid subjects that are falsely rejected by a Biometric Authentication system?

Options:

A.

False Rejection Rate (FRR) or Type I Error

B.

False Acceptance Rate (FAR) or Type II Error

C.

Crossover Error Rate (CER)

D.

True Rejection Rate (TRR) or Type III Error

Question 75

Which of the following remote access authentication systems is the most robust?

Options:

A.

TACACS+

B.

RADIUS

C.

PAP

D.

TACACS

Question 76

Which of the following access control models requires security clearance for subjects?

Options:

A.

Identity-based access control

B.

Role-based access control

C.

Discretionary access control

D.

Mandatory access control

Question 77

Which security model introduces access to objects only through programs?

Options:

A.

The Biba model

B.

The Bell-LaPadula model

C.

The Clark-Wilson model

D.

The information flow model

Question 78

Which of the following is most relevant to determining the maximum effective cost of access control?

Options:

A.

the value of information that is protected

B.

management's perceptions regarding data importance

C.

budget planning related to base versus incremental spending.

D.

the cost to replace lost data

Question 79

Which of the following statements pertaining to using Kerberos without any extension is false?

Options:

A.

A client can be impersonated by password-guessing.

B.

Kerberos is mostly a third-party authentication protocol.

C.

Kerberos uses public key cryptography.

D.

Kerberos provides robust authentication.

Question 80

What is Kerberos?

Options:

A.

A three-headed dog from the egyptian mythology.

B.

A trusted third-party authentication protocol.

C.

A security model.

D.

A remote authentication dial in user server.

Question 81

What refers to legitimate users accessing networked services that would normally be restricted to them?

Options:

A.

Spoofing

B.

Piggybacking

C.

Eavesdropping

D.

Logon abuse

Question 82

Which of the following is most affected by denial-of-service (DOS) attacks?

Options:

A.

Confidentiality

B.

Integrity

C.

Accountability

D.

Availability

Question 83

The type of discretionary access control (DAC) that is based on an individual's identity is also called:

Options:

A.

Identity-based Access control

B.

Rule-based Access control

C.

Non-Discretionary Access Control

D.

Lattice-based Access control

Question 84

RADIUS incorporates which of the following services?

Options:

A.

Authentication server and PIN codes.

B.

Authentication of clients and static passwords generation.

C.

Authentication of clients and dynamic passwords generation.

D.

Authentication server as well as support for Static and Dynamic passwords.

Question 85

How are memory cards and smart cards different?

Options:

A.

Memory cards normally hold more memory than smart cards

B.

Smart cards provide a two-factor authentication whereas memory cards don't

C.

Memory cards have no processing power

D.

Only smart cards can be used for ATM cards

Question 86

In addition to the accuracy of the biometric systems, there are other factors that must also be considered:

Options:

A.

These factors include the enrollment time and the throughput rate, but not acceptability.

B.

These factors do not include the enrollment time, the throughput rate, and acceptability.

C.

These factors include the enrollment time, the throughput rate, and acceptability.

D.

These factors include the enrollment time, but not the throughput rate, neither the acceptability.

Question 87

Which of the following statements pertaining to RADIUS is incorrect:

Options:

A.

A RADIUS server can act as a proxy server, forwarding client requests to other authentication domains.

B.

Most of RADIUS clients have a capability to query secondary RADIUS servers for redundancy.

C.

Most RADIUS servers have built-in database connectivity for billing and reporting purposes.

D.

Most RADIUS servers can work with DIAMETER servers.

Question 88

What does the simple security (ss) property mean in the Bell-LaPadula model?

Options:

A.

No read up

B.

No write down

C.

No read down

D.

No write up

Question 89

What is a common problem when using vibration detection devices for perimeter control?

Options:

A.

They are vulnerable to non-adversarial disturbances.

B.

They can be defeated by electronic means.

C.

Signal amplitude is affected by weather conditions.

D.

They must be buried below the frost line.

Question 90

In regards to information classification what is the main responsibility of information (data) owner?

Options:

A.

determining the data sensitivity or classification level

B.

running regular data backups

C.

audit the data users

D.

periodically check the validity and accuracy of the data

Question 91

In non-discretionary access control using Role Based Access Control (RBAC), a central authority determines what subjects can have access to certain objects based on the organizational security policy. The access controls may be based on:

Options:

A.

The societies role in the organization

B.

The individual's role in the organization

C.

The group-dynamics as they relate to the individual's role in the organization

D.

The group-dynamics as they relate to the master-slave role in the organization

Question 92

What is the PRIMARY use of a password?

Options:

A.

Allow access to files.

B.

Identify the user.

C.

Authenticate the user.

D.

Segregate various user's accesses.

Question 93

Which of the following is true of network security?

Options:

A.

A firewall is a not a necessity in today's connected world.

B.

A firewall is a necessity in today's connected world.

C.

A whitewall is a necessity in today's connected world.

D.

A black firewall is a necessity in today's connected world.

Question 94

Asynchronous Communication transfers data by sending:

Options:

A.

bits of data sequentially

B.

bits of data sequentially in irregular timing patterns

C.

bits of data in sync with a heartbeat or clock

D.

bits of data simultaneously

Question 95

What is a limitation of TCP Wrappers?

Options:

A.

It cannot control access to running UDP services.

B.

It stops packets before they reach the application layer, thus confusing some proxy servers.

C.

The hosts. access control system requires a complicated directory tree.

D.

They are too expensive.

Question 96

Which of the following was developed as a simple mechanism for allowing simple network terminals to load their operating system from a server over the LAN?

Options:

A.

DHCP

B.

BootP

C.

DNS

D.

ARP

Question 97

Which of the following category of UTP cables is specified to be able to handle gigabit Ethernet (1 Gbps) according to the EIA/TIA-568-B standards?

Options:

A.

Category 5e UTP

B.

Category 2 UTP

C.

Category 3 UTP

D.

Category 1e UTP

Question 98

Which of the following is immune to the effects of electromagnetic interference (EMI) and therefore has a much longer effective usable length?

Options:

A.

Fiber Optic cable

B.

Coaxial cable

C.

Twisted Pair cable

D.

Axial cable

Question 99

The standard server port number for HTTP is which of the following?

Options:

A.

81

B.

80

C.

8080

D.

8180

Question 100

Why are coaxial cables called "coaxial"?

Options:

A.

it includes two physical channels that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running along the same axis.

B.

it includes one physical channel that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running along the same axis

C.

it includes two physical channels that carries the signal surrounded (after a layer of insulation) by another two concentric physical channels, both running along the same axis.

D.

it includes one physical channel that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running perpendicular and along the different axis

Question 101

Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)?

Options:

A.

10.0.42.5

B.

11.0.42.5

C.

12.0.42.5

D.

13.0.42.5

Question 102

Frame relay uses a public switched network to provide:

Options:

A.

Local Area Network (LAN) connectivity.

B.

Metropolitan Area Network (MAN) connectivity.

C.

Wide Area Network (WAN) connectivity.

D.

World Area Network (WAN) connectivity.

Question 103

Which of the following protocols suite does the Internet use?

Options:

A.

IP/UDP/TCP

B.

IP/UDP/ICMP/TCP

C.

TCP/IP

D.

IMAP/SMTP/POP3

Question 104

Domain Name Service is a distributed database system that is used to map:

Options:

A.

Domain Name to IP addresses.

B.

MAC addresses to domain names.

C.

MAC Address to IP addresses.

D.

IP addresses to MAC Addresses.

Question 105

Which of the following media is MOST resistant to tapping?

Options:

A.

microwave.

B.

twisted pair.

C.

coaxial cable.

D.

fiber optic.

Question 106

Which of the following is a method of multiplexing data where a communication channel is divided into an arbitrary number of variable bit-rate digital channels or data streams. This method allocates bandwidth dynamically to physical channels having information to transmit?

Options:

A.

Time-division multiplexing

B.

Asynchronous time-division multiplexing

C.

Statistical multiplexing

D.

Frequency division multiplexing

Question 107

If any server in the cluster crashes, processing continues transparently, however, the cluster suffers some performance degradation. This implementation is sometimes called a:

Options:

A.

server farm

B.

client farm

C.

cluster farm

D.

host farm

Question 108

Each data packet is assigned the IP address of the sender and the IP address of the:

Options:

A.

recipient.

B.

host.

C.

node.

D.

network.

Question 109

Why does fiber optic communication technology have significant security advantage over other transmission technology?

Options:

A.

Higher data rates can be transmitted.

B.

Interception of data traffic is more difficult.

C.

Traffic analysis is prevented by multiplexing.

D.

Single and double-bit errors are correctable.

Question 110

Which of the following are REGISTERED PORTS as defined by IANA ?

Options:

A.

Ports 128 to 255

B.

Ports 1024 to 49151

C.

Ports 1025 to 65535

D.

Ports 1024 to 32767

Question 111

A group of independent servers, which are managed as a single system, that provides higher availability, easier manageability, and greater scalability is:

Options:

A.

server cluster

B.

client cluster

C.

guest cluster

D.

host cluster

Question 112

How many layers are defined within the US Department of Defense (DoD) TCP/IP Model?

Options:

A.

7

B.

5

C.

4

D.

3

Question 113

A variation of the application layer firewall is called a:

Options:

A.

Current Level Firewall.

B.

Cache Level Firewall.

C.

Session Level Firewall.

D.

Circuit Level Firewall.

Question 114

What is the primary difference between FTP and TFTP?

Options:

A.

Speed of negotiation

B.

Authentication

C.

Ability to automate

D.

TFTP is used to transfer configuration files to and from network equipment.

Question 115

Secure Sockets Layer (SSL) is very heavily used for protecting which of the following?

Options:

A.

Web transactions.

B.

EDI transactions.

C.

Telnet transactions.

D.

Electronic Payment transactions.

Question 116

A business continuity plan is an example of which of the following?

Options:

A.

Corrective control

B.

Detective control

C.

Preventive control

D.

Compensating control

Question 117

What can be defined as the maximum acceptable length of time that elapses before the unavailability of the system severely affects the organization?

Options:

A.

Recovery Point Objectives (RPO)

B.

Recovery Time Objectives (RTO)

C.

Recovery Time Period (RTP)

D.

Critical Recovery Time (CRT)

Question 118

Which element must computer evidence have to be admissible in court?

Options:

A.

It must be relevant.

B.

It must be annotated.

C.

It must be printed.

D.

It must contain source code.

Question 119

Which of the following is a large hardware/software backup system that uses the RAID technology?

Options:

A.

Tape Array.

B.

Scale Array.

C.

Crimson Array

D.

Table Array.

Question 120

Which of the following assertions is NOT true about pattern matching and anomaly detection in intrusion detection?

Options:

A.

Anomaly detection tends to produce more data

B.

A pattern matching IDS can only identify known attacks

C.

Stateful matching scans for attack signatures by analyzing individual packets instead of traffic streams

D.

An anomaly-based engine develops baselines of normal traffic activity and throughput, and alerts on deviations from these baselines

Question 121

When first analyzing an intrusion that has just been detected and confirming that it is a true positive, which of the following actions should be done as a first step if you wish to prosecute the attacker in court?

Options:

A.

Back up the compromised systems.

B.

Identify the attacks used to gain access.

C.

Capture and record system information.

D.

Isolate the compromised systems.

Question 122

After a company is out of an emergency state, what should be moved back to the original site first?

Options:

A.

Executives

B.

Least critical components

C.

IT support staff

D.

Most critical components

Question 123

Which of the following categories of hackers poses the greatest threat?

Options:

A.

Disgruntled employees

B.

Student hackers

C.

Criminal hackers

D.

Corporate spies

Question 124

Which of the following tasks is NOT usually part of a Business Impact Analysis (BIA)?

Options:

A.

Calculate the risk for each different business function.

B.

Identify the company’s critical business functions.

C.

Calculate how long these functions can survive without these resources.

D.

Develop a mission statement.

Question 125

In the statement below, fill in the blank:

Law enforcement agencies must get a warrant to search and seize an individual's property, as stated in the _____ Amendment.

Options:

A.

First.

B.

Second.

C.

Third.

D.

Fourth.

Question 126

Which backup type run at regular intervals would take the least time to complete?

Options:

A.

Full Backup

B.

Differential Backup

C.

Incremental Backup

D.

Disk Mirroring

Question 127

Which of the following best defines a Computer Security Incident Response Team (CSIRT)?

Options:

A.

An organization that provides a secure channel for receiving reports about suspected security incidents.

B.

An organization that ensures that security incidents are reported to the authorities.

C.

An organization that coordinates and supports the response to security incidents.

D.

An organization that disseminates incident-related information to its constituency and other involved parties.

Question 128

What is called the probability that a threat to an information system will materialize?

Options:

A.

Threat

B.

Risk

C.

Vulnerability

D.

Hole

Question 129

In order to be able to successfully prosecute an intruder:

Options:

A.

A point of contact should be designated to be responsible for communicating with law enforcement and other external agencies.

B.

A proper chain of custody of evidence has to be preserved.

C.

Collection of evidence has to be done following predefined procedures.

D.

Whenever possible, analyze a replica of the compromised resource, not the original, thereby avoiding inadvertently tamping with evidence.

Question 130

What is electronic vaulting?

Options:

A.

Information is backed up to tape on a hourly basis and is stored in a on-site vault.

B.

Information is backed up to tape on a daily basis and is stored in a on-site vault.

C.

Transferring electronic journals or transaction logs to an off-site storage facility

D.

A transfer of bulk information to a remote central backup facility.

Question 131

During the salvage of the Local Area Network and Servers, which of the following steps would normally be performed first?

Options:

A.

Damage mitigation

B.

Install LAN communications network and servers

C.

Assess damage to LAN and servers

D.

Recover equipment

Question 132

A copy of evidence or oral description of its contents; which is not as reliable as best evidence is what type of evidence?

Options:

A.

Direct evidence

B.

Circumstantial evidence

C.

Hearsay evidence

D.

Secondary evidence

Question 133

Which one of the following is NOT one of the outcomes of a vulnerability assessment?

Options:

A.

Quantative loss assessment

B.

Qualitative loss assessment

C.

Formal approval of BCP scope and initiation document

D.

Defining critical support areas

Question 134

The scope and focus of the Business continuity plan development depends most on:

Options:

A.

Directives of Senior Management

B.

Business Impact Analysis (BIA)

C.

Scope and Plan Initiation

D.

Skills of BCP committee

Question 135

Once evidence is seized, a law enforcement officer should emphasize which of the following?

Options:

A.

Chain of command

B.

Chain of custody

C.

Chain of control

D.

Chain of communications

Question 136

Under United States law, an investigator's notebook may be used in court in which of the following scenarios?

Options:

A.

When the investigator is unwilling to testify.

B.

When other forms of physical evidence are not available.

C.

To refresh the investigators memory while testifying.

D.

If the defense has no objections.

Question 137

Which of the following steps should be one of the first step performed in a Business Impact Analysis (BIA)?

Options:

A.

Identify all CRITICAL business units within the organization.

B.

Evaluate the impact of disruptive events.

C.

Estimate the Recovery Time Objectives (RTO).

D.

Identify and Prioritize Critical Organization Functions

Question 138

The absence of a safeguard, or a weakness in a system that may possibly be exploited is called a(n)?

Options:

A.

Threat

B.

Exposure

C.

Vulnerability

D.

Risk

Question 139

Java is not:

Options:

A.

Object-oriented.

B.

Distributed.

C.

Architecture Specific.

D.

Multithreaded.

Question 140

What best describes a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own bank account?

Options:

A.

Data fiddling

B.

Data diddling

C.

Salami techniques

D.

Trojan horses

Question 141

The high availability of multiple all-inclusive, easy-to-use hacking tools that do NOT require much technical knowledge has brought a growth in the number of which type of attackers?

Options:

A.

Black hats

B.

White hats

C.

Script kiddies

D.

Phreakers

Question 142

Which of the following virus types changes some of its characteristics as it spreads?

Options:

A.

Boot Sector

B.

Parasitic

C.

Stealth

D.

Polymorphic

Question 143

Virus scanning and content inspection of SMIME encrypted e-mail without doing any further processing is:

Options:

A.

Not possible

B.

Only possible with key recovery scheme of all user keys

C.

It is possible only if X509 Version 3 certificates are used

D.

It is possible only by "brute force" decryption

Question 144

Which virus category has the capability of changing its own code, making it harder to detect by anti-virus software?

Options:

A.

Stealth viruses

B.

Polymorphic viruses

C.

Trojan horses

D.

Logic bombs

Question 145

Which of the following technologies is a target of XSS or CSS (Cross-Site Scripting) attacks?

Options:

A.

Web Applications

B.

Intrusion Detection Systems

C.

Firewalls

D.

DNS Servers

Question 146

In computing what is the name of a non-self-replicating type of malware program containing malicious code that appears to have some useful purpose but also contains code that has a malicious or harmful purpose imbedded in it, when executed, carries out actions that are unknown to the person installing it, typically causing loss or theft of data, and possible system harm.

Options:

A.

virus

B.

worm

C.

Trojan horse.

D.

trapdoor

Question 147

Which of the following computer crime is MORE often associated with INSIDERS?

Options:

A.

IP spoofing

B.

Password sniffing

C.

Data diddling

D.

Denial of service (DOS)

Question 148

Crackers today are MOST often motivated by their desire to:

Options:

A.

Help the community in securing their networks.

B.

Seeing how far their skills will take them.

C.

Getting recognition for their actions.

D.

Gaining Money or Financial Gains.

Question 149

What do the ILOVEYOU and Melissa virus attacks have in common?

Options:

A.

They are both denial-of-service (DOS) attacks.

B.

They have nothing in common.

C.

They are both masquerading attacks.

D.

They are both social engineering attacks.

Question 150

What is malware that can spread itself over open network connections?

Options:

A.

Worm

B.

Rootkit

C.

Adware

D.

Logic Bomb

Page: 1 / 107
Total 1074 questions