SSCP PREP EXAM QUESTIONS AND
ANSWERS
A threat always attempts to exploit which of the following? - Correct Answers -
Vulnerabilities
What is a type of restriction that can be placed on users to deny them access to
resources that are classified top secret? - Correct Answers -Mandatory access control
George's company is required by regulation to ensure that every message sent by a
third-party supplier be authenticated. Which of the following choices represents the
scenario in which the sender cannot deny that they sent the message? - Correct
Answers -Nonrepudiation
What is one of the requirements for selecting an appropriate mechanism of
cryptography? - Correct Answers -Sensitivity of data to be protected
Why would a system display last login notifications to users once they have successfully
entered their credentials? - Correct Answers -To alert users of potential account logon
violations
Which border device is used to perform NAT and content caching? - Correct Answers -
Proxy
How can an attacker implement a man-in-the-middle attack in a wireless network? -
Correct Answers -Through deployment of a rogue base station
A certificate authority (CA) system is used to verify the identity of its customers. The CA
system allows general Internet users to access online resources and have some level of
knowledge about who the entities are that are hosting online content. For example, a
user can be confident in the identity of an online shopping site while making a purchase.
How is this benefit of verified identity achieved? - Correct Answers -Trusted third-party
How does S/MIME provide for verification that a received message was not modified
during transit? - Correct Answers -Through a digital signature
As a defense contractor, Juan's company must comply with strict access control
regulations. Juan's supervisor tells him to implement an access control based on the
company's users' physical characteristics. Under which type of access security would
hand scanning and retina scanning fall? - Correct Answers -Biometrics
, What is the name of the phase or step of an incident response policy that has the goal
of preventing further damage to the organization from a known incident? - Correct
Answers -Containment
Which term is used for the parameters set by web browsers that define the supported
encryption options negotiated during the establishment of a TLS-protected connection?
- Correct Answers -Cipher suites
Which of the following is the most volatile memory? - Correct Answers -CPU cache
Which type of firewall would be able to discard TCP segments arriving at an open port
when they have the header flag of FIN enabled and they are the first packet received
from the source? - Correct Answers -Stateful inspection firewall
Which of the following network topologies offers the most redundancy and the greatest
speed? - Correct Answers -Mesh
Ken's boss is asking him what ARO stands for in regard to risk. What should he reply? -
Correct Answers -Annualized rate of occurrence
Jim wants to place a device in the network demilitarized zone that may be broken into
by an attacker so that he can evaluate the strategies that hackers are using on his
systems. Which of the following best describes what he would use? - Correct Answers -
Honeypot
What is the term used to describe the amount of time that an organization can survive
without functioning mission critical processes? - Correct Answers -Maximum tolerable
downtime
A Web service has been experiencing a significant increase in traffic due to a
successful media announcement. However, in the chaos of new customers and an
avalanche of orders, the site manager forgot to address the Web site's digital certificate.
At this point, what process can the site manager perform to reuse his expired
certificate? - Correct Answers -Reissue
Which of the following is a valid definition for privacy? - Correct Answers -Providing a
means of control of distribution of the information about an individual
Aeroflight Instrument Company has just completed a risk assessment. It has
implemented a complete risk management program. What is the primary goal of risk
management? - Correct Answers -Reduce risk to an acceptable level.
Frank calls you from the Los Angeles office to inform you of an attack he has
discovered. Due to a vulnerability in an application, an attacker has the ability to
intervene in a communications session by inserting a computer between the two
ANSWERS
A threat always attempts to exploit which of the following? - Correct Answers -
Vulnerabilities
What is a type of restriction that can be placed on users to deny them access to
resources that are classified top secret? - Correct Answers -Mandatory access control
George's company is required by regulation to ensure that every message sent by a
third-party supplier be authenticated. Which of the following choices represents the
scenario in which the sender cannot deny that they sent the message? - Correct
Answers -Nonrepudiation
What is one of the requirements for selecting an appropriate mechanism of
cryptography? - Correct Answers -Sensitivity of data to be protected
Why would a system display last login notifications to users once they have successfully
entered their credentials? - Correct Answers -To alert users of potential account logon
violations
Which border device is used to perform NAT and content caching? - Correct Answers -
Proxy
How can an attacker implement a man-in-the-middle attack in a wireless network? -
Correct Answers -Through deployment of a rogue base station
A certificate authority (CA) system is used to verify the identity of its customers. The CA
system allows general Internet users to access online resources and have some level of
knowledge about who the entities are that are hosting online content. For example, a
user can be confident in the identity of an online shopping site while making a purchase.
How is this benefit of verified identity achieved? - Correct Answers -Trusted third-party
How does S/MIME provide for verification that a received message was not modified
during transit? - Correct Answers -Through a digital signature
As a defense contractor, Juan's company must comply with strict access control
regulations. Juan's supervisor tells him to implement an access control based on the
company's users' physical characteristics. Under which type of access security would
hand scanning and retina scanning fall? - Correct Answers -Biometrics
, What is the name of the phase or step of an incident response policy that has the goal
of preventing further damage to the organization from a known incident? - Correct
Answers -Containment
Which term is used for the parameters set by web browsers that define the supported
encryption options negotiated during the establishment of a TLS-protected connection?
- Correct Answers -Cipher suites
Which of the following is the most volatile memory? - Correct Answers -CPU cache
Which type of firewall would be able to discard TCP segments arriving at an open port
when they have the header flag of FIN enabled and they are the first packet received
from the source? - Correct Answers -Stateful inspection firewall
Which of the following network topologies offers the most redundancy and the greatest
speed? - Correct Answers -Mesh
Ken's boss is asking him what ARO stands for in regard to risk. What should he reply? -
Correct Answers -Annualized rate of occurrence
Jim wants to place a device in the network demilitarized zone that may be broken into
by an attacker so that he can evaluate the strategies that hackers are using on his
systems. Which of the following best describes what he would use? - Correct Answers -
Honeypot
What is the term used to describe the amount of time that an organization can survive
without functioning mission critical processes? - Correct Answers -Maximum tolerable
downtime
A Web service has been experiencing a significant increase in traffic due to a
successful media announcement. However, in the chaos of new customers and an
avalanche of orders, the site manager forgot to address the Web site's digital certificate.
At this point, what process can the site manager perform to reuse his expired
certificate? - Correct Answers -Reissue
Which of the following is a valid definition for privacy? - Correct Answers -Providing a
means of control of distribution of the information about an individual
Aeroflight Instrument Company has just completed a risk assessment. It has
implemented a complete risk management program. What is the primary goal of risk
management? - Correct Answers -Reduce risk to an acceptable level.
Frank calls you from the Los Angeles office to inform you of an attack he has
discovered. Due to a vulnerability in an application, an attacker has the ability to
intervene in a communications session by inserting a computer between the two
