(ISC) 2(TM) Systems Security Certified Practitioner Course Questions and Answers 100% Pass

(ISC) 2(TM) Systems Security Certified Practitioner Course Questions and Answers 100% Pass The most common security weaknesses and exploits are in which standardized list? D. CVE - Common Vulnerabilities and Exposures Choose the password configuration rules enforced by the P Windows add-on. C. Password must have a combination of upper case, lower case, numbers, and special characters; including a 6 character minimum password length A computer forensics specialist should be attempting to attain which ultimate goal? B. Preserve electronic evidence and protect it from any alteration What term is used to describe how data is transmitted between nodes on a network or between networks, with the three common types being Broadcast, Multicast, and Unicast? A. Casting While conducting Quantitative risk analysis, which formula would be utilized? D. SLE - Single Loss Expectancy Which protocol listed below resolves a physical MAC address for a given logical IP address? A. ARP Providing optimal protection, what comprehensive array of layered security solutions resembles the layers of an onion? B. Defense in Depth Swiping a badge against a magnet reader at an entrance that unlocks the door for entry, would be which of the following? B. Single-factor authentication Encryption is attained at what layer of the OSI model? C. Presentation Layer - Layer 6 What type of encrypted string is the output of a one way hash function on a string of random length? A. fixed length What is the main difference between a phreak and a hacker? A. Phreaks specifically target telephone networks Through what method of deduction is two-factor authentication achieved using your ATM card? C. It combines something you have with something you know Accountability for the timely distribution of information security intelligence data is assumed by which organization(s)? D. All of the organizations listed Which detail concerning risk analysis would you present to leadership regarding quantitative analysis ? D. D. A and C Which of the following are categories of a security incident? E. All of the above A server offering AAA services must provide which services? C. Accounting, Authentication, and Authorization Working as a network administrator for your organization, which of the following choices should have the BIND application disabled? A. All non DNS servers Which attribute constitutes the ability to identify and/or audit a user and his/her actions? C. Accountability What program is designed to intentionally create a clandestine avenue of access or a security gap within an information system? D. Backdoor Which is NOT a characteristic of the RSA algorithm? C. Is based on a symmetric algorithm What is the nickname given to the Trusted Computer Security Evaluation Criteria (TCSEC) book, according to IT professionals? A. The orange book Based on the division of job responsibilities, name the security principle designed for fraud prevention. B. Separation of Duties Which is an information path within a computer system not used for communications under normal circumstances? B. Covert channel What type of access control delivers the challenge: Is the person who is attempting to log on, really who they say they are? C. Authentication How are clipping levels useful to an information security professional? A. Reduce the amount of data to be evaluated Which of the following is used for moving traffic within individual VLANs? B. VLAN Access Maps Which of the following is a method of identifying programs that have been approved by administration for use on end-point devices? D. Application Whitelisting What type of malicious code disguises itself as a legitimate or serviceable program? A. Trojan Horse Which of the following is a hardware token that generates a random string of characters to enter into a corresponding authentication application? D. Key fob Salt is random data that is used as additional input to a one-way function that hashes a password. A. True Which type of instruction or code is executed from a web browser to an end user's machine? C. Mobile Code Which of the following is used to set the largest packet size that can be sent over a network? D. Maximum transmission unit MTU After vulnerabilities have been classified and countermeasures have been deployed, what is the risk that remains? C. Residual risk Which of the following is an encrypted connection to a network through dedicated hardware or software applications? D. VPN What type of firewall does NOT keeps track of information about the connection?s state? C. Packet Filtering NIST SP 800-30 provides steps to accomplish what? D. Risk Assessment Stronger security controls help overcome the weakness of human error and lack of training and awareness. B. False Which of the following security standards commonly supplements the use of an Internet Key Exchange (IKE)? A. IPSEC CCTV is what type of control method? A. Physical Who determines access rights under decentralized access control? C. File owners What entity serves as the authority for listing port assignments? A. IANA What access control entails permissions granted to the user based on ?need to know?? D. DAC - Discretionary Access Control Using layered principles, what reference model is used to describe computer communication services and protocols? A. OSI - Open System Interconnection Which of the following is the "brain" of virtualization? C. Hybervisor