sscp exam review 2

Ace your homework & exams now with Quizwiz!

What type of malware is characterized by spreading from system to system under its own power by exploiting vulnerabilities that do not require user intervention?

Worm

During a penetration test of her organization, Kathleen's IPS detects a port scan that has the URG, FIN, and PSH flags set and produces an alarm. What type of scan is the penetration tester attempting?

Xmas scan

What type of vulnerabilities will not be found by a vulnerability scanner?

Zero- day vulnerabilities

Lauren's team of system administrators each deal with hundreds of systems with varying levels of security requirements and find it difficult to handle the multitude of usernames and passwords they each have. What type of solution should she recommend to ensure that passwords are properly handled and that features such as logging and password rotation occur?

a credential management system.

What type of key does WEP use to encrypt wireless communications?

a predefined shared static key

In her role as an information security professional, Susan has been asked to identify areas where her organization's wireless network may be accessible even though it isn't intended to be. What should Susan do to determine where her organization's wireless network is accessible?

a site survey

Susan sets up a firewall that keeps track of the status of the communication between two systems and allows a remote system to respond to a local system after the local system starts communication. What type of firewall is Susan using?

a stateful packet inspection firewall

A new customer at a bank that uses fingerprint scanners to authenticate its users is surprised when he scans his fingerprint and is logged in to another customer's account. What type of biometric factor error occurred?

a type 1 error

Mika wants to analyze the contents of a drive without causing any changes to the drive. What method is best suited to ensuring this?

a write blocker

Earlier this year, the information security team at Jim's employer identified a vulnerability in the web server that Jim is responsible for maintaining. He immediately applied the patch and is sure that it installed properly, but the vulnerability scanner has continued to incorrectly flag the system as vulnerable because of the version number it is finding even though Jim is sure the patch is installed. Which of the following options is Jim's best choice to deal with the issue?

ask the information security team to flag the system as patched and not vulnerable

Which information security goal is impacted when an organization experiences a DoS or DDoS attack?

availability

Senior management in Adam's company recently read a number of articles about massive ransomware attacks that successfully targeted organizations like the one that Adam is part of. Adam's organization already uses layered security solutions including a border IPS, firewalls between network zones, local host firewalls, antivirus software, and a configuration management system that applies recommended operating system best practice settings to their workstations. What should Adam recommend to minimize the impact of a similar ransomware outbreak at his organization?

backup

What term is used to describe a set of common security configurations, often provided by a third party?

baseline

Saria's team is working to persuade their management that their network has extensive vulnerabilities that attackers could exploit. If she wants to conduct a realistic attack as part of a penetration test, what type of penetration test should she conduct?

black box

What topology correctly describes Ethernet?

bus topology.

As part of his team's forensic investigation process, Matt signs drives and other evidence out of storage before working with them. What type of documentation is he creating?

chain of custody

During a port scan of his network, Alex finds that a number of hosts respond on TCP ports 80, 443, 515, and 9100 in offices throughout his organization. What type of devices is Alex likely discovering?

Printer, Network-enabled printers often provide services via TCP 515 and 9100 and have both nonsecure and secure web-enabled management interfaces on TCP 80 and 443.

Howard is choosing a cryptographic algorithm for his organization, and he would like to choose an algorithm that supports the creation of digital signatures. Which one of the following algorithms would meet his requirement?

RSA

Which one of the following cryptographic algorithms supports the goal of nonrepudiation?

RSA

What technology asset management practice would an organization use to ensure that systems meet baseline security standards?

configuration management

Tara recently detected a security incident in progress on her network. What action should be her highest priority at this point?

containment

During a forensic investigation, Charles discovers that he needs to capture a virtual machine that is part of the critical operations of his company's website. If he cannot suspend or shut down the machine for business reasons, what imaging process should he follow?

copy the virtual disk files and then use a memory capture tool

If Danielle wants to purge a drive, which of the following options will accomplish her goal?

cryptographic erase

What is the formula used to determine risk

Risk=Threat*vulnerability

Kathleen is implementing an access control system for her organization and builds the following array: Reviewers: update files, delete files Submitters: upload files Editors: upload files, update files Archivists: delete files What type of access control system has Kathleen implemented?

Role-based access control

The senior management of Kathleen's company is concerned about rogue devices on the network. If Kathleen wants to identify rogue devices on her wired network, which of the following solutions will quickly provide the most accurate information?

Router and switch-based MAC address reporting

Skip needs to transfer files from his PC to a remote server. What protocol should he use instead of FTP?

SCP

Lauren's multinational company is planning a new cloud deployment and wants to ensure compliance with the EU GDPR. Which principle states that the individual should have the right to receive personal information concerning himself or herself and share it with another data controller?

data integrity

What technology could Lauren's employer implement to help prevent confidential data from being emailed out of the organization?

data loss prevention (DLP)

Which of the following does not describe data in motion?

data on a backup tape that is being shipped to a storage facility.

Which of the following sequences properly describes the TCP three-way handshake?

SYN, SYN/ACK, ACK

Mark is considering replacing his organization's customer relationship management (CRM) solution with a new product that is available in the cloud. This new solution is completely managed by the vendor, and Mark's company will not have to write any code or manage any physical resources. What type of cloud solution is Mark considering?

SaaS

During a review of support incidents, Ben's organization discovered that password changes accounted for more than a quarter of its help desk's cases. Which of the following options would be most likely to decrease that number significantly?

Self-service password reset

Fred is preparing to send backup tapes off-site to a secure third-party storage facility. What steps should Fred take before sending the tapes to that facility?

ensure that the tapes are handled the way same the original media would be handled based on classification.

Raul is creating a trust relationship between his company and a vendor. He is implementing the system so that it will allow users from the vendor's organization to access his accounts payable system using the accounts created for them by the vendor. What type of authentication is Raul implementing?

federated authentication

Carla's organization recently suffered a data breach when an employee misplaced a laptop containing sensitive customer information. Which one of the following controls would be least likely to prevent this type of breach from reoccurring in the future?

file integrity monitoring

Ian's company has an internal policy requiring that it perform regular port scans of all of its servers. Ian has been part of a recent effort to move his organization's servers to an infrastructure as a service provider. What change will Ian most likely need to make to his scanning efforts?

follow the service provider's scan policies

The company that Lauren works for is making significant investments in infrastructure as a service hosting to replace its traditional data center. Members of her organization's management have expressed concerns about data remanence when Lauren's team moves from one virtual host to another in their cloud service provider's environment. What should she instruct her team to do to avoid this concern?

full disk encryption

Martin is inspecting a system where the user reported unusual activity, including disk activity when the system is idle, and abnormal CPU and network usage. He suspects that the machine is infected by a virus but scans come up clean. What malware technique might be in use here that would explain the clean scan results?

Stealth virus

When a host on an Ethernet network detects a collision and transmits a jam signal, what happens next?

hosts wait a random period of time before attempting retransmission.

A zero-day vulnerability is announced for the popular Apache web server in the middle of a workday. In Jacob's role as an information security analyst, he needs to quickly scan his network to determine what servers are vulnerable to the issue. What is Jacob's best route to quickly identify vulnerable systems?

identify affected versions and check systems for that version number using an automated scanner

During a forensic investigation, Charles is able to determine the Media Access Control address of a system that was connected to a compromised network. Charles knows that MAC addresses are tied back to a manufacturer or vendor and are part of the fingerprint of the system. To which OSI layer does a MAC address belong?

The Data link Layer

Which one of the following protocols might be used within a virtualization platform for monitoring and managing the network?

The Simple Network Management Protocol (SNMP)

Which one of the following is not a requirement for evidence to be admissible in court?

The evidence must be tangible

As Lauren prepares her organization's security practices and policies, she wants to address as many threat vectors as she can using an awareness program. Which of the following threats can be most effectively dealt with via awareness?

impersonation

Frank discovers a missing Windows security patch during a vulnerability scan of a server in his organization's data center. Upon further investigation, he discovers that the system is virtualized. Where should he apply the patch?

To The virtualized system.

Which one of the following would be a reasonable application for the use of self-signed digital certificates?

internal scheduling application, Self-signed digital certificates should be used only for internal-facing applications, where the user base trusts the internally generated digital certificate.

Tom enables an application firewall provided by his cloud infrastructure as a service provider that is designed to block many types of application attacks. When viewed from a risk management perspective, what metric is Tom attempting to lower?

likelihood

What type of trust relationship extends beyond the two domains participating in the trust to one or more of their subdomains?

Transitive trust

Alan intercepts an encrypted message and wants to determine what type of algorithm was used to create the message. He first performs a frequency analysis and notes that the frequency of letters in the message closely matches the distribution of letters in the English language. What type of cipher was most likely used to create this message

Transportation cipher

During a security assessment of a wireless network, Jim discovers that LEAP is in use on a network using WPA. What recommendation should Jim make?

Use an alternate protocol like PEAP or EAP-TLS and implement WPA2 if supported

Kelly is adjusting her organization's password requirements to make them consistent with best practice guidance from NIST. What should she choose as the most appropriate time period for password expiration?

no expiration

What security measure can provide an additional security control in the event that backup tapes are stolen or lost?

Using strong encryption, like AES-256,

Ben has deployed a 1000BaseT 1 gigabit network and needs to run a cable to another building. If Ben is running his link directly from a switch to another switch in that building, what is the maximum distance Ben can cover according to the 1000BaseT specification?

100-meter run

Sue's organization recently failed a security assessment because their network was a single flat broadcast domain, and sniffing traffic was possible between different functional groups. What solution should she recommend to help prevent the issues that were identified?

VLANs

Kim is troubleshooting an application firewall that serves as a supplement to the organization's network and host firewalls and intrusion prevention system, providing added protection against web-based attacks. The issue the organization is experiencing is that the firewall technology suffers somewhat frequent restarts that render it unavailable for 10 minutes at a time. What configuration might Kim consider to maintain availability during that period at the lowest cost to the company?

A fail open

WPA2's Counter Mode Cipher Block Chaining Message Authentication Mode Protocol (CCMP) is based on which common encryption scheme?

AES

What encryption algorithm is used by both BitLocker and Microsoft's Encrypting File System?

AES

What encryption algorithm would provide strong protection for data stored on a USB thumb drive?

AES

Adam recently configured permissions on an NTFS filesystem to describe the access that different users may have to a file by listing each user individually. What did Adam create

An access control list

The DARPA TCP/IP model's Application layer matches up to what three OSI model layers?

Application, Presentation, and Session

Susan has been asked to recommend whether her organization should use a MAC scheme or a DAC scheme. If flexibility and scalability are important requirements for implementing access controls, which scheme should she recommend and why?

DAC, because allowing individual administrators to make choices about objects they control provides scalability and Flexibility.

Isaac wants to prevent hosts from connecting to known malware distribution domains. What type of solution can he use to do this without deploying endpoint protection software or an IPS?

DNS blackholing uses a list of known malicious domains or IP addresses and relies on listing the domains on an internal DNS server that provides a fake reply.

During troubleshooting, Chris uses the nslookup command to check the IP address of a host he is attempting to connect to. The IP he sees in the response is not the IP that should resolve when the lookup is done. What type of attack has likely been conducted?

DNS poisoning occurs when an attacker changes the domain name to IP address mappings of a system to redirect traffic to alternate systems

Ben has configured his network to not broadcast an SSID. Why might Ben disable SSID broadcast, and how could his SSID be discovered?

Disabling SSID broadcast hides networks authorized personnel. The SSID can be discovered using a wireless sniffer.

Ben is troubleshooting a network and discovers that the NAT router he is connected to has the 192.168.x.x subnet as its internal network and that its external IP is 192.168.1.40. What problem is he encountering?

Double NATing isn't possible with the same IP range

Jim is building a research computing system that benefits from being part of a full mesh topology between systems. In a five-node full mesh topology design, how many connections will an individual node have?

FOUR

During a port scan using nmap, Joseph discovers that a system shows two ports open that cause him immediate worry: 21/open 23/open What services are likely running on those ports?

FTP and Telnet

What problem with FTP and Telnet makes using SFTP and SSH better alternatives?

FTP and Telnet do not provide encryption for the data

Which one of the following is an example of physical infrastructure hardening?

Fire suppression systems

Alan is responding to a security incident and receives a hard drive image from a cooperating organization that contains evidence. What additional information should he request to verify the integrity of the evidence?

HASH

During a review of access logs, Alex notices that Danielle logged into her workstation in New York at 8 a.m. daily but that she was recorded as logging into her department's main web application shortly after 3 a.m. daily. What common logging issue has Alex likely encountered?

Inconsistent Timestamps

Chris is building an Ethernet network and knows that he needs to span a distance of more than 150 meters with his 1000BaseT network. What network technology should he use to help with this?

Install a repeater or a contractor before 100 meters.

Joe works at a major pharmaceutical research and development company and has been tasked with writing his organization's data retention policy. As part of its legal requirements, the organization must comply with the U.S. Food and Drug Administration's Code of Federal Regulations Title 21. To do so, it is required to retain records with electronic signatures. Why would a signature be part of a retention requirement?

It validates who approved the data

Which of the following options includes standards or protocols that exist in layer 6 of the OSI model?

JPEG, ASCII, and MIDI

Gary is implementing a new website architecture that uses multiple small web servers behind a load balancer. What principle of information security is Gary seeking to enforce?

Keeping a server up and running is an example of an availability control

Which of the following is a ticket-based authentication protocol designed to provide secure communication?

Kerberos

SMTP, HTTP, and SNMP all occur at what layer of the OSI model?

Layer 7

Which one of the following is an example of a nondiscretionary access control system?

MAC

Jack's organization is a government agency that handles very sensitive information. They need to implement an access control system that allows administrators to set access rights but does not allow the delegation of those rights to other users. What is the best type of access control design for Jack's organization?

Mandatory access control

Tim is a forensic analyst who is attempting to retrieve information from a hard drive. It appears that the user attempted to erase the data, and Tim is trying to reconstruct it. What type of forensic analysis is Tim performing?

Media analysis

During what phase of the incident response process do administrators take action to limit the effect or scope of an incident?

Mitigation

You are performing an investigation into a potential bot infection on your network and want to perform a forensic analysis of the information that passed between different systems on your network and those on the Internet. You believe that the information was likely encrypted. You are beginning your investigation after the activity concluded. What would be the best and easiest way to obtain the source of this information?

Netflow data

Joe is the security administrator for an ERP system. He is preparing to create accounts for several new employees. What default access should he give to all of the new employees as he creates the accounts?

No access

Darlene was recently offered a consulting opportunity as a side job. She is concerned that the opportunity might constitute a conflict of interest. Which one of the following sources is most likely to provide her with appropriate guidance?

organization's code of ethics

When a user attempts to log into their online account, Google sends a text message with a code to their cell phone. What type of verification is this?

out-of-band identity proofing

Roger recently accepted a new position as a security professional at a company that runs its entire IT infrastructure within an IaaS environment. Which one of the following would most likely be the responsibility of Roger's firm?

patch operation systems

Which one of the following is not a canon of the (ISC)2 code of ethics?

promptly report security vulnerabilities to relevant authorities.

Ed has been asked to send data that his organization classifies as confidential and proprietary via email. What encryption technology would be appropriate to ensure that the contents of the files attached to the email remain confidential as they traverse the Internet?

PGP, or Pretty Good Privacy

Glenda is investigating a potential privacy violation within her organization. The organization notified users that it was collecting data for product research that would last for six months and then disposed of the data at the end of that period. During the time that they had the data, they also used it to target a marketing campaign. Which principle of data privacy was most directly violated?

purpose limitation

Which of the following vulnerabilities is unlikely to be found by a web vulnerability scanner?

race conditions

Tracy is preparing to apply a patch to her organization's enterprise resource planning system. She is concerned that the patch may introduce flaws that did not exist in prior versions, so she plans to conduct a test that will compare previous responses to input with those produced by the newly patched application. What type of testing is Tracy planning?

regression testing

What term describes software testing that is intended to uncover new bugs introduced by patches or configuration changes?

regression testing

Which one of the following events marks the completion of a disaster recovery process?

restoring normal business operations in the primary facility

Attackers who compromise websites often acquire databases of hashed passwords. What technique can best protect these passwords against automated password cracking attacks that use precomputed values?

salting

Nmap is an example of what type of tool?

Port Scanner

Susan is reviewing files on a Windows workstation and believes that cmd.exe has been replaced with a malware package. Which of the following is the best way to validate her theory?

submit cmd.exe to virusTotal

Jim is working with a penetration testing contractor who proposes using Metasploit as part of her penetration testing effort. What should Jim expect to occur when Metasploit is used?

systems will know vulnerabilities exploited

Darcy is designing a fault-tolerant system and wants to implement RAID level 5 for her system. What is the minimum number of physical hard disks she can use to build this system?

three

Sally is using IPsec's ESP component in transport mode. What important information should she be aware of about transport mode?

transport mode does not encrypt the header of the packet

Helen is implementing a new security mechanism for granting employees administrative privileges in the accounting system. She designs the process so that both the employee's manager and the accounting manager must approve the request before the access is granted. What information security principle is Helen enforcing?

two person control

Chris wants to prevent users from running a popular game on Windows workstations he is responsible for. How can Chris accomplish this for Windows 10 Pro workstations?

using application whitelisting to prevent all unallowed programs from running,

Robin recently conducted a vulnerability scan and found a critical vulnerability on a server that handles sensitive information. What should Robin do next?

validation

Lauren wants to ensure that her users run only the software that her organization has approved. What technology should she deploy?

whitelisting

Angela wants to test a web browser's handling of unexpected data using an automated tool. What tool should she choose?

zzuf


Related study sets

Abnormal Psych. CH.9 Eating Disorders

View Set

Network+ Guide to Networks, Exam 3 (ch 9-12) study guide, CIT 45

View Set

NURS 204 - Exam 2 - Chapters 14, 15, 16

View Set

Chapter 6 - Nursing Care of Mother and Infant During Labor and Birth

View Set

Digital Marketing 4650: Google Ads

View Set