sscp exam review 2
What type of malware is characterized by spreading from system to system under its own power by exploiting vulnerabilities that do not require user intervention?
Worm
During a penetration test of her organization, Kathleen's IPS detects a port scan that has the URG, FIN, and PSH flags set and produces an alarm. What type of scan is the penetration tester attempting?
Xmas scan
What type of vulnerabilities will not be found by a vulnerability scanner?
Zero- day vulnerabilities
Lauren's team of system administrators each deal with hundreds of systems with varying levels of security requirements and find it difficult to handle the multitude of usernames and passwords they each have. What type of solution should she recommend to ensure that passwords are properly handled and that features such as logging and password rotation occur?
a credential management system.
What type of key does WEP use to encrypt wireless communications?
a predefined shared static key
In her role as an information security professional, Susan has been asked to identify areas where her organization's wireless network may be accessible even though it isn't intended to be. What should Susan do to determine where her organization's wireless network is accessible?
a site survey
Susan sets up a firewall that keeps track of the status of the communication between two systems and allows a remote system to respond to a local system after the local system starts communication. What type of firewall is Susan using?
a stateful packet inspection firewall
A new customer at a bank that uses fingerprint scanners to authenticate its users is surprised when he scans his fingerprint and is logged in to another customer's account. What type of biometric factor error occurred?
a type 1 error
Mika wants to analyze the contents of a drive without causing any changes to the drive. What method is best suited to ensuring this?
a write blocker
Earlier this year, the information security team at Jim's employer identified a vulnerability in the web server that Jim is responsible for maintaining. He immediately applied the patch and is sure that it installed properly, but the vulnerability scanner has continued to incorrectly flag the system as vulnerable because of the version number it is finding even though Jim is sure the patch is installed. Which of the following options is Jim's best choice to deal with the issue?
ask the information security team to flag the system as patched and not vulnerable
Which information security goal is impacted when an organization experiences a DoS or DDoS attack?
availability
Senior management in Adam's company recently read a number of articles about massive ransomware attacks that successfully targeted organizations like the one that Adam is part of. Adam's organization already uses layered security solutions including a border IPS, firewalls between network zones, local host firewalls, antivirus software, and a configuration management system that applies recommended operating system best practice settings to their workstations. What should Adam recommend to minimize the impact of a similar ransomware outbreak at his organization?
backup
What term is used to describe a set of common security configurations, often provided by a third party?
baseline
Saria's team is working to persuade their management that their network has extensive vulnerabilities that attackers could exploit. If she wants to conduct a realistic attack as part of a penetration test, what type of penetration test should she conduct?
black box
What topology correctly describes Ethernet?
bus topology.
As part of his team's forensic investigation process, Matt signs drives and other evidence out of storage before working with them. What type of documentation is he creating?
chain of custody
During a port scan of his network, Alex finds that a number of hosts respond on TCP ports 80, 443, 515, and 9100 in offices throughout his organization. What type of devices is Alex likely discovering?
Printer, Network-enabled printers often provide services via TCP 515 and 9100 and have both nonsecure and secure web-enabled management interfaces on TCP 80 and 443.
Howard is choosing a cryptographic algorithm for his organization, and he would like to choose an algorithm that supports the creation of digital signatures. Which one of the following algorithms would meet his requirement?
RSA
Which one of the following cryptographic algorithms supports the goal of nonrepudiation?
RSA
What technology asset management practice would an organization use to ensure that systems meet baseline security standards?
configuration management
Tara recently detected a security incident in progress on her network. What action should be her highest priority at this point?
containment
During a forensic investigation, Charles discovers that he needs to capture a virtual machine that is part of the critical operations of his company's website. If he cannot suspend or shut down the machine for business reasons, what imaging process should he follow?
copy the virtual disk files and then use a memory capture tool
If Danielle wants to purge a drive, which of the following options will accomplish her goal?
cryptographic erase
What is the formula used to determine risk
Risk=Threat*vulnerability
Kathleen is implementing an access control system for her organization and builds the following array: Reviewers: update files, delete files Submitters: upload files Editors: upload files, update files Archivists: delete files What type of access control system has Kathleen implemented?
Role-based access control
The senior management of Kathleen's company is concerned about rogue devices on the network. If Kathleen wants to identify rogue devices on her wired network, which of the following solutions will quickly provide the most accurate information?
Router and switch-based MAC address reporting
Skip needs to transfer files from his PC to a remote server. What protocol should he use instead of FTP?
SCP
Lauren's multinational company is planning a new cloud deployment and wants to ensure compliance with the EU GDPR. Which principle states that the individual should have the right to receive personal information concerning himself or herself and share it with another data controller?
data integrity
What technology could Lauren's employer implement to help prevent confidential data from being emailed out of the organization?
data loss prevention (DLP)
Which of the following does not describe data in motion?
data on a backup tape that is being shipped to a storage facility.
Which of the following sequences properly describes the TCP three-way handshake?
SYN, SYN/ACK, ACK
Mark is considering replacing his organization's customer relationship management (CRM) solution with a new product that is available in the cloud. This new solution is completely managed by the vendor, and Mark's company will not have to write any code or manage any physical resources. What type of cloud solution is Mark considering?
SaaS
During a review of support incidents, Ben's organization discovered that password changes accounted for more than a quarter of its help desk's cases. Which of the following options would be most likely to decrease that number significantly?
Self-service password reset
Fred is preparing to send backup tapes off-site to a secure third-party storage facility. What steps should Fred take before sending the tapes to that facility?
ensure that the tapes are handled the way same the original media would be handled based on classification.
Raul is creating a trust relationship between his company and a vendor. He is implementing the system so that it will allow users from the vendor's organization to access his accounts payable system using the accounts created for them by the vendor. What type of authentication is Raul implementing?
federated authentication
Carla's organization recently suffered a data breach when an employee misplaced a laptop containing sensitive customer information. Which one of the following controls would be least likely to prevent this type of breach from reoccurring in the future?
file integrity monitoring
Ian's company has an internal policy requiring that it perform regular port scans of all of its servers. Ian has been part of a recent effort to move his organization's servers to an infrastructure as a service provider. What change will Ian most likely need to make to his scanning efforts?
follow the service provider's scan policies
The company that Lauren works for is making significant investments in infrastructure as a service hosting to replace its traditional data center. Members of her organization's management have expressed concerns about data remanence when Lauren's team moves from one virtual host to another in their cloud service provider's environment. What should she instruct her team to do to avoid this concern?
full disk encryption
Martin is inspecting a system where the user reported unusual activity, including disk activity when the system is idle, and abnormal CPU and network usage. He suspects that the machine is infected by a virus but scans come up clean. What malware technique might be in use here that would explain the clean scan results?
Stealth virus
When a host on an Ethernet network detects a collision and transmits a jam signal, what happens next?
hosts wait a random period of time before attempting retransmission.
A zero-day vulnerability is announced for the popular Apache web server in the middle of a workday. In Jacob's role as an information security analyst, he needs to quickly scan his network to determine what servers are vulnerable to the issue. What is Jacob's best route to quickly identify vulnerable systems?
identify affected versions and check systems for that version number using an automated scanner
During a forensic investigation, Charles is able to determine the Media Access Control address of a system that was connected to a compromised network. Charles knows that MAC addresses are tied back to a manufacturer or vendor and are part of the fingerprint of the system. To which OSI layer does a MAC address belong?
The Data link Layer
Which one of the following protocols might be used within a virtualization platform for monitoring and managing the network?
The Simple Network Management Protocol (SNMP)
Which one of the following is not a requirement for evidence to be admissible in court?
The evidence must be tangible
As Lauren prepares her organization's security practices and policies, she wants to address as many threat vectors as she can using an awareness program. Which of the following threats can be most effectively dealt with via awareness?
impersonation
Frank discovers a missing Windows security patch during a vulnerability scan of a server in his organization's data center. Upon further investigation, he discovers that the system is virtualized. Where should he apply the patch?
To The virtualized system.
Which one of the following would be a reasonable application for the use of self-signed digital certificates?
internal scheduling application, Self-signed digital certificates should be used only for internal-facing applications, where the user base trusts the internally generated digital certificate.
Tom enables an application firewall provided by his cloud infrastructure as a service provider that is designed to block many types of application attacks. When viewed from a risk management perspective, what metric is Tom attempting to lower?
likelihood
What type of trust relationship extends beyond the two domains participating in the trust to one or more of their subdomains?
Transitive trust
Alan intercepts an encrypted message and wants to determine what type of algorithm was used to create the message. He first performs a frequency analysis and notes that the frequency of letters in the message closely matches the distribution of letters in the English language. What type of cipher was most likely used to create this message
Transportation cipher
During a security assessment of a wireless network, Jim discovers that LEAP is in use on a network using WPA. What recommendation should Jim make?
Use an alternate protocol like PEAP or EAP-TLS and implement WPA2 if supported
Kelly is adjusting her organization's password requirements to make them consistent with best practice guidance from NIST. What should she choose as the most appropriate time period for password expiration?
no expiration
What security measure can provide an additional security control in the event that backup tapes are stolen or lost?
Using strong encryption, like AES-256,
Ben has deployed a 1000BaseT 1 gigabit network and needs to run a cable to another building. If Ben is running his link directly from a switch to another switch in that building, what is the maximum distance Ben can cover according to the 1000BaseT specification?
100-meter run
Sue's organization recently failed a security assessment because their network was a single flat broadcast domain, and sniffing traffic was possible between different functional groups. What solution should she recommend to help prevent the issues that were identified?
VLANs
Kim is troubleshooting an application firewall that serves as a supplement to the organization's network and host firewalls and intrusion prevention system, providing added protection against web-based attacks. The issue the organization is experiencing is that the firewall technology suffers somewhat frequent restarts that render it unavailable for 10 minutes at a time. What configuration might Kim consider to maintain availability during that period at the lowest cost to the company?
A fail open
WPA2's Counter Mode Cipher Block Chaining Message Authentication Mode Protocol (CCMP) is based on which common encryption scheme?
AES
What encryption algorithm is used by both BitLocker and Microsoft's Encrypting File System?
AES
What encryption algorithm would provide strong protection for data stored on a USB thumb drive?
AES
Adam recently configured permissions on an NTFS filesystem to describe the access that different users may have to a file by listing each user individually. What did Adam create
An access control list
The DARPA TCP/IP model's Application layer matches up to what three OSI model layers?
Application, Presentation, and Session
Susan has been asked to recommend whether her organization should use a MAC scheme or a DAC scheme. If flexibility and scalability are important requirements for implementing access controls, which scheme should she recommend and why?
DAC, because allowing individual administrators to make choices about objects they control provides scalability and Flexibility.
Isaac wants to prevent hosts from connecting to known malware distribution domains. What type of solution can he use to do this without deploying endpoint protection software or an IPS?
DNS blackholing uses a list of known malicious domains or IP addresses and relies on listing the domains on an internal DNS server that provides a fake reply.
During troubleshooting, Chris uses the nslookup command to check the IP address of a host he is attempting to connect to. The IP he sees in the response is not the IP that should resolve when the lookup is done. What type of attack has likely been conducted?
DNS poisoning occurs when an attacker changes the domain name to IP address mappings of a system to redirect traffic to alternate systems
Ben has configured his network to not broadcast an SSID. Why might Ben disable SSID broadcast, and how could his SSID be discovered?
Disabling SSID broadcast hides networks authorized personnel. The SSID can be discovered using a wireless sniffer.
Ben is troubleshooting a network and discovers that the NAT router he is connected to has the 192.168.x.x subnet as its internal network and that its external IP is 192.168.1.40. What problem is he encountering?
Double NATing isn't possible with the same IP range
Jim is building a research computing system that benefits from being part of a full mesh topology between systems. In a five-node full mesh topology design, how many connections will an individual node have?
FOUR
During a port scan using nmap, Joseph discovers that a system shows two ports open that cause him immediate worry: 21/open 23/open What services are likely running on those ports?
FTP and Telnet
What problem with FTP and Telnet makes using SFTP and SSH better alternatives?
FTP and Telnet do not provide encryption for the data
Which one of the following is an example of physical infrastructure hardening?
Fire suppression systems
Alan is responding to a security incident and receives a hard drive image from a cooperating organization that contains evidence. What additional information should he request to verify the integrity of the evidence?
HASH
During a review of access logs, Alex notices that Danielle logged into her workstation in New York at 8 a.m. daily but that she was recorded as logging into her department's main web application shortly after 3 a.m. daily. What common logging issue has Alex likely encountered?
Inconsistent Timestamps
Chris is building an Ethernet network and knows that he needs to span a distance of more than 150 meters with his 1000BaseT network. What network technology should he use to help with this?
Install a repeater or a contractor before 100 meters.
Joe works at a major pharmaceutical research and development company and has been tasked with writing his organization's data retention policy. As part of its legal requirements, the organization must comply with the U.S. Food and Drug Administration's Code of Federal Regulations Title 21. To do so, it is required to retain records with electronic signatures. Why would a signature be part of a retention requirement?
It validates who approved the data
Which of the following options includes standards or protocols that exist in layer 6 of the OSI model?
JPEG, ASCII, and MIDI
Gary is implementing a new website architecture that uses multiple small web servers behind a load balancer. What principle of information security is Gary seeking to enforce?
Keeping a server up and running is an example of an availability control
Which of the following is a ticket-based authentication protocol designed to provide secure communication?
Kerberos
SMTP, HTTP, and SNMP all occur at what layer of the OSI model?
Layer 7
Which one of the following is an example of a nondiscretionary access control system?
MAC
Jack's organization is a government agency that handles very sensitive information. They need to implement an access control system that allows administrators to set access rights but does not allow the delegation of those rights to other users. What is the best type of access control design for Jack's organization?
Mandatory access control
Tim is a forensic analyst who is attempting to retrieve information from a hard drive. It appears that the user attempted to erase the data, and Tim is trying to reconstruct it. What type of forensic analysis is Tim performing?
Media analysis
During what phase of the incident response process do administrators take action to limit the effect or scope of an incident?
Mitigation
You are performing an investigation into a potential bot infection on your network and want to perform a forensic analysis of the information that passed between different systems on your network and those on the Internet. You believe that the information was likely encrypted. You are beginning your investigation after the activity concluded. What would be the best and easiest way to obtain the source of this information?
Netflow data
Joe is the security administrator for an ERP system. He is preparing to create accounts for several new employees. What default access should he give to all of the new employees as he creates the accounts?
No access
Darlene was recently offered a consulting opportunity as a side job. She is concerned that the opportunity might constitute a conflict of interest. Which one of the following sources is most likely to provide her with appropriate guidance?
organization's code of ethics
When a user attempts to log into their online account, Google sends a text message with a code to their cell phone. What type of verification is this?
out-of-band identity proofing
Roger recently accepted a new position as a security professional at a company that runs its entire IT infrastructure within an IaaS environment. Which one of the following would most likely be the responsibility of Roger's firm?
patch operation systems
Which one of the following is not a canon of the (ISC)2 code of ethics?
promptly report security vulnerabilities to relevant authorities.
Ed has been asked to send data that his organization classifies as confidential and proprietary via email. What encryption technology would be appropriate to ensure that the contents of the files attached to the email remain confidential as they traverse the Internet?
PGP, or Pretty Good Privacy
Glenda is investigating a potential privacy violation within her organization. The organization notified users that it was collecting data for product research that would last for six months and then disposed of the data at the end of that period. During the time that they had the data, they also used it to target a marketing campaign. Which principle of data privacy was most directly violated?
purpose limitation
Which of the following vulnerabilities is unlikely to be found by a web vulnerability scanner?
race conditions
Tracy is preparing to apply a patch to her organization's enterprise resource planning system. She is concerned that the patch may introduce flaws that did not exist in prior versions, so she plans to conduct a test that will compare previous responses to input with those produced by the newly patched application. What type of testing is Tracy planning?
regression testing
What term describes software testing that is intended to uncover new bugs introduced by patches or configuration changes?
regression testing
Which one of the following events marks the completion of a disaster recovery process?
restoring normal business operations in the primary facility
Attackers who compromise websites often acquire databases of hashed passwords. What technique can best protect these passwords against automated password cracking attacks that use precomputed values?
salting
Nmap is an example of what type of tool?
Port Scanner
Susan is reviewing files on a Windows workstation and believes that cmd.exe has been replaced with a malware package. Which of the following is the best way to validate her theory?
submit cmd.exe to virusTotal
Jim is working with a penetration testing contractor who proposes using Metasploit as part of her penetration testing effort. What should Jim expect to occur when Metasploit is used?
systems will know vulnerabilities exploited
Darcy is designing a fault-tolerant system and wants to implement RAID level 5 for her system. What is the minimum number of physical hard disks she can use to build this system?
three
Sally is using IPsec's ESP component in transport mode. What important information should she be aware of about transport mode?
transport mode does not encrypt the header of the packet
Helen is implementing a new security mechanism for granting employees administrative privileges in the accounting system. She designs the process so that both the employee's manager and the accounting manager must approve the request before the access is granted. What information security principle is Helen enforcing?
two person control
Chris wants to prevent users from running a popular game on Windows workstations he is responsible for. How can Chris accomplish this for Windows 10 Pro workstations?
using application whitelisting to prevent all unallowed programs from running,
Robin recently conducted a vulnerability scan and found a critical vulnerability on a server that handles sensitive information. What should Robin do next?
validation
Lauren wants to ensure that her users run only the software that her organization has approved. What technology should she deploy?
whitelisting
Angela wants to test a web browser's handling of unexpected data using an automated tool. What tool should she choose?
zzuf
