SSCP

Caesar cipher is a type of __. correct answer: substitution (cipher) two plaintexts results in the same hash value correct answer: collision Type of impact analysis that identifies areas for immediate improvement correct answer: qualitative (impact analysis) tunneling (between networks) & transport (connects devices) correct answer: IPSec (modes) label placed on a piece of info/data (MAC) correct answer: classification correct answer: clearance Kerberos, Federated Access...

A worm recently infected the company network. You have identified that this issue occured due to employees accessing a malicious web site. You need to prevent employees from accessing this site in the future. What should you do? correct answer: Configure an ACL on the border router What is defined as the likelihood that a flaw in system security will be breached? correct answer: Risk You have been hired as a security consultant for a company. You have performed a vulnerability scan on th...

DES - Data Encryption standard has a 128 bit key and is very difficult to break. A. True B. False correct answer: B What is the main difference between computer abuse and computer crime? A. Amount of damage B. Intentions of the perpetrator C. Method of compromise D. Abuse = company insider; crime = company outsider correct answer: B A standardized list of the most common security weaknesses and exploits is the __________. A. SANS Top 10 B. CSI/FBI Computer Crime Study C. C...

Access Control Object correct answer: A passive entity that typically receives or contains some form of data. Access Control Subject correct answer: An active entity and can be any user, program, or process that requests permission to cause data to flow from an access control object to the access control subject or between access control objects. Asynchronous Password Token correct answer: A one-time password is generated without the use of a clock, either from a one-time pad or cryptog...

The most common security weaknesses and exploits are in which standardized list? correct answer: D. CVE - Common Vulnerabilities and Exposures Choose the password configuration rules enforced by the P Windows add-on. correct answer: C. Password must have a combination of upper case, lower case, numbers, and special characters; including a 6 character minimum password length A computer forensics specialist should be attempting to attain which ultimate goal? correct answer: B. Preserve el...

How many years of experience are required to earn the Associate of (ISC)2 designation? A. Zero B. One C. Two D. Five correct answer: [Security Fundamentals] A. You don't need to meet the experience requirement to earn the Associate of (ISC)2 designation, so zero years of experience are required. The SSCP certification requires one year of direct full-time security work experience. If you earn the Associate of (ISC)2 designation, you have two years from the date (ISC)2 notifies you t...

Risk refers to what? correct answer: The probability of an incident occurring that can result in some negative impact Effective way to ensure zero risk? correct answer: None not engaging in the activity that introduces that risk Risk Register correct answer: Detailed document of compiled risks Output of risk assessment Why can sharing threat intelligence be complicated? correct answer: Legal Security Privacy How is the impact of a risk measured? correct answer: Through risk...

What makes up the CIA triad? correct answer: Confidentiality Integrity Availability A term that refers to the minimum amount of people to perform a highly sensitive action. correct answer: M of N control multiple agents with the capability (M), and the minimum number of these agents (N) in order to perform the task where one person is required to complete each part of a task. Using the example of key escrow, one person might access the key contained in key escrow while a second person m...

Incidents are what? correct answer: Events that are violations or imminent treat of a violation of computer security policies, acceptable use policies or standard security practices Are events incidents? correct answer: no, but all incidents are events What are Incident handling preparations? correct answer: Developing an incident response policy Acquire tools for analysis Train employees on handling What might be included in developing an incident response policy? correct answer: ...

[Security Fundamentals] How many years of experience are required to earn the Associate of (ISC)2 designation? A. Zero B. One C. Two D. Five A [Security Fundamentals] What are the three elements of the security triad? A. Authentication authorization, and accounting B. Confidentiality, integrity, and availability C. Identification, authentication, and authorization D. Confidentiality, integrity, and authorization B [Security Fundamentals] Who is responsible for...