(ISC)2 SSCP Practice Test 1 Exam Questions with
Correct Answers.
What is a teardrop attack and what category of attack is it? - Correct Answer A teardrop
attack is a type of Denial-of-Service (DoS) attack that exploits vulnerabilities in the way
operating systems handle fragmented packets
The hearsay rule - Correct Answer The hearsay rule says that a witness cannot testify
about what someone else told them, except under specific exceptions.
Jim has been asked to individually identify devices that users are bringing to work as
part of a new BYOD policy. The devices will not be joined to a central management
system like Active Directory, but he still needs to uniquely identify the systems. Which of
the following options will provide Jim with the best means of reliably identifying each
unique device? - Correct Answer Use device fingerprinting via a web-based registration
system.
Greg would like to implement application control technology in his organization. He
would like to limit users to installing only approved software on their systems. What type
of application control would be appropriate in this situation? - Correct Answer
Whitelisting
What is FAR and FRR? - Correct Answer FAR (False Acceptance Rate) and FRR
(False Rejection Rate) are metrics used to evaluate the performance of biometric
security systems, such as fingerprint, facial recognition, and iris scanners. These
metrics help determine how accurately a biometric system distinguishes between
legitimate users and impostors.
What is CER and the ERR - Correct Answer Crossover Error Rate (CER) / Equal Error
Rate (EER)
Definition: The CER, also known as the EER, is the point at which the False Acceptance
Rate (FAR) and the False Rejection Rate (FRR) are equal.
What is the difference between
A Discretionary account provisioning
B Workflow-based account provisioning
C Automated account provisioning
D Self-service account provisioning - Correct Answer Example: A manager at a
company manually requests an account for a new employee by sending an email to the
IT department. The IT team then creates the account based on the manager's
instructions
When a new employee joins a company, an automated HR system triggers a workflow
that sends an approval request to the employee's manager.
,When a new employee's details are entered into the company's HR system, the system
automatically creates an account in the Active Directory and assigns the necessary
permissions based on the employee's role without any human intervention.
A new user signs up for a company's service through a web portal. They enter their
details, and the system automatically creates their account. The user can then
customize their account settings, choose additional services, and reset their password
without needing to contact support or IT staff.
Alex has been with the university he works at for more than 10 years. During that time,
he has been a system administrator and a database administrator, and he has worked
in the university's help desk. He is now a manager for the team that runs the university's
web applications.
He now has access to application servers, database servers, and AD workstations.
Since he now has access to all three, what is happening? - Correct Answer Privilege
Creep
As Alex has changed roles, he retained access to systems that he no longer
administers. The provisioning system has provided rights to workstations and the
application servers he manages, but he should not have access to the databases he no
longer administers.
What type of motion detector senses changes in the electromagnetic fields in monitored
areas? - Correct Answer Capacitance
What is a Photoelectric sensor? - Correct Answer A photoelectric sensor is a type of
sensor that uses a light beam (often infrared) to detect the presence, absence, or
distance of an object. These sensors work by emitting a light beam from a transmitter
and detecting the reflection or interruption of that beam with a receiver.
Don's company is considering the use of an object-based storage system where data is
placed in a vendor-managed storage environment through the use of API calls. What
type of cloud computing service is in use? - Correct Answer In this scenario, the vendor
is providing object-based storage, a core infrastructure service. Therefore, this is an
example of infrastructure as a service (IaaS).
What is the minimum interval at which an organization should conduct business
continuity plan refresher training for those with specific business continuity roles? -
Correct Answer Annual basis
What is Caas? - Correct Answer CaaS stands for "Container as a Service." It's a cloud
service model that allows users to manage and deploy containers, which are
lightweight, portable units that bundle an application and its dependencies into a single
package.
, What is the diff between
Black box
White box
Gray box
Zero box - Correct Answer In black-box testing, the tester has no knowledge of the
internal workings or code of the system being tested.
White-box testing involves full knowledge of the internal workings of the system.
Gray-box testing is a hybrid approach that combines elements of both black-box and
white-box testing.
The term "Zero Box" is where there is zero or minimal setup, preparation, or information
provided to the tester.
What RADIUS alternative is commonly used for Cisco network gear and supports two-
factor authentication? - Correct Answer TACACS+
What is XTACACS? - Correct Answer The most advanced version of the TACACS
protocol, TACACS+ further improved security by adding encryption for the entire
communication session between the client (e.g., router or switch) and the server.
TACACS+ is more commonly used today than XTACACS, as it offers better security
and more granular control over user access.
TACACS+ and Kerberos - Correct Answer TACACS+ is the most modern version of
TACACS, the Terminal Access Controller Access-Control System. It is a Cisco
proprietary protocol
Kerberos is a network authentication protocol rather than a remote user authentication
protocol
The difference between Class A Class B Class C Class D fire extinguishers - Correct
Answer Class A Fire Extinguishers
Type of Fire: Combustible solids such as wood, paper, cloth, rubber, and plastics.
Class B Fire Extinguishers
Type of Fire: Flammable liquids and gases, such as gasoline, oil, paint, solvents, and
propane
Class C Fire Extinguishers
Type of Fire: Electrical fires involving energized electrical equipment like appliances,
wiring, circuit breakers, and outlets.
Type of Fire: Combustible metals, such as magnesium, titanium, potassium, and
sodium.
