SSCP - WGU - PRACTICE TEST B QUESTIONS
& ANSWERS
Which of the following should be included in every policy that states possible penalties
or restrictions for individuals? - Correct Answers -An enforcement statement
Which converged network communications concept includes support for real-time chat,
video conferencing, voice and video mail, and file exchange? - Correct Answers -VoIP
What type of network deployment is the most fault tolerant? - Correct Answers -Mesh
What is the result of an access control management process that adds new capabilities
to users as their job tasks change over time, but does not perform a regular
reassessment of the assigned authorization? - Correct Answers -Privilege creep
Which choice best describes a federation? - Correct Answers -An association of
nonrelated third-party organizations that share information based upon a single sign-on
What is the term used for the range of values that can be used to control the symmetric
encryption function while converting plaintext into ciphertext? - Correct Answers -Key
space
What is a primary goal of a forensic investigator while collecting evidence? - Correct
Answers -Preserve evidence integrity.
How is granular control of objects and resources implemented within a mandatory
access control environment? - Correct Answers -Need to know
Which of the following types of access control is preferred for its ease of administration
when there are a large number of personnel with the same job in an organization? -
Correct Answers -Role-based Access Control
How does a network access control (NAC) system ensure that only systems with
current configurations and the most recently approved updates are allowed to access
the production network? - Correct Answers -By checking for compliance each time a
system attempts to access the production network
Which attack attempts to steal information from victims by tricking them into visiting
false or fake Web sites using a spoofed email communication that seems to originate
from a legitimate source? - Correct Answers -Phishing
, When crafting a digital signature, what are the initial steps in the process performed by
the sender? - Correct Answers -Hash the message, and then encrypt the digest with the
private key.
Which means of authentication is NOT supported by IPSec? - Correct Answers -
Biometrics
When an organization is unable to lose more than a few hours of data without
experiencing severe consequences, what means or method of backup is most
appropriate? - Correct Answers -Real-time backup
Which trust architecture or model is based on the concept of an individual top level
entity that all other entities trust and with entities organized in levels or layers below the
top level? - Correct Answers -Hierarchical trust
Which of the following statements is not true of an organizations incident response
policy? - Correct Answers -It should require the retaliation against repeat attackers.
When an organization has a properly implemented enterprise risk management (ERM),
what is the tool used to list and categorize each discovered or encountered risk? -
Correct Answers -Risk register
What is the only viable method a determined attacker can attempt to compromise an
encrypted file, assuming a publicly available cryptography standard was used? - Correct
Answers -Brute force guess the key
What is the certificate standard used by PKI? - Correct Answers -X.509 v3
How is account provisioning commonly accomplished? - Correct Answers -Create user
groups based on assigned company department or job responsibility.
Which level of risk is associated with repeated attempts from a remote unknown entity
to guess a user's password which result in the account being locked? - Correct Answers
-Elevated
Which option is not a commonly accepted definition for a script kiddie? - Correct
Answers -A highly skilled attacker
Prior to analysis, data should be copied from a hard disk utilizing which of the following?
- Correct Answers -Bit-by-bit copy software
If an organization experiences a disaster level event that damages its ability to perform
mission critical operations, what form of emergency response plan will provide a reliable
means to ensure the least amount of downtime? - Correct Answers -Multi-site
& ANSWERS
Which of the following should be included in every policy that states possible penalties
or restrictions for individuals? - Correct Answers -An enforcement statement
Which converged network communications concept includes support for real-time chat,
video conferencing, voice and video mail, and file exchange? - Correct Answers -VoIP
What type of network deployment is the most fault tolerant? - Correct Answers -Mesh
What is the result of an access control management process that adds new capabilities
to users as their job tasks change over time, but does not perform a regular
reassessment of the assigned authorization? - Correct Answers -Privilege creep
Which choice best describes a federation? - Correct Answers -An association of
nonrelated third-party organizations that share information based upon a single sign-on
What is the term used for the range of values that can be used to control the symmetric
encryption function while converting plaintext into ciphertext? - Correct Answers -Key
space
What is a primary goal of a forensic investigator while collecting evidence? - Correct
Answers -Preserve evidence integrity.
How is granular control of objects and resources implemented within a mandatory
access control environment? - Correct Answers -Need to know
Which of the following types of access control is preferred for its ease of administration
when there are a large number of personnel with the same job in an organization? -
Correct Answers -Role-based Access Control
How does a network access control (NAC) system ensure that only systems with
current configurations and the most recently approved updates are allowed to access
the production network? - Correct Answers -By checking for compliance each time a
system attempts to access the production network
Which attack attempts to steal information from victims by tricking them into visiting
false or fake Web sites using a spoofed email communication that seems to originate
from a legitimate source? - Correct Answers -Phishing
, When crafting a digital signature, what are the initial steps in the process performed by
the sender? - Correct Answers -Hash the message, and then encrypt the digest with the
private key.
Which means of authentication is NOT supported by IPSec? - Correct Answers -
Biometrics
When an organization is unable to lose more than a few hours of data without
experiencing severe consequences, what means or method of backup is most
appropriate? - Correct Answers -Real-time backup
Which trust architecture or model is based on the concept of an individual top level
entity that all other entities trust and with entities organized in levels or layers below the
top level? - Correct Answers -Hierarchical trust
Which of the following statements is not true of an organizations incident response
policy? - Correct Answers -It should require the retaliation against repeat attackers.
When an organization has a properly implemented enterprise risk management (ERM),
what is the tool used to list and categorize each discovered or encountered risk? -
Correct Answers -Risk register
What is the only viable method a determined attacker can attempt to compromise an
encrypted file, assuming a publicly available cryptography standard was used? - Correct
Answers -Brute force guess the key
What is the certificate standard used by PKI? - Correct Answers -X.509 v3
How is account provisioning commonly accomplished? - Correct Answers -Create user
groups based on assigned company department or job responsibility.
Which level of risk is associated with repeated attempts from a remote unknown entity
to guess a user's password which result in the account being locked? - Correct Answers
-Elevated
Which option is not a commonly accepted definition for a script kiddie? - Correct
Answers -A highly skilled attacker
Prior to analysis, data should be copied from a hard disk utilizing which of the following?
- Correct Answers -Bit-by-bit copy software
If an organization experiences a disaster level event that damages its ability to perform
mission critical operations, what form of emergency response plan will provide a reliable
means to ensure the least amount of downtime? - Correct Answers -Multi-site
