(ISC)2 SSCP SYSTEMS SECURITY
CERTIFIED PRACTITIONER OFFICIAL
PRACTICE TESTS - PART 1 OF 5 WITH
CORRECT SOLUTIONS
Which of the following is not a type of attack used against access controls?
A. Dictionary attack
B. Brute-force attack
C. Teardrop
D. Man-in-the-middle attack - ANSWER-C. Teardrop
Dictionary, brute-force, and man-in-the-middle attacks are all types of attacks that are
frequently aimed at access controls. Teardrop attacks are a type of denial-of-service
attack.
George is assisting a prosecutor with a case against a hacker who attempted to break
into the computer systems at George's company. He provides system logs to the
prosecutor for use as evidence, but the prosecutor insists that George testify in court
about how he gathered the logs. What rule of evidence requires George's testimony?
A. Testimonial evidence rule
B. Parol evidence rule
C. Best evidence rule
D. Hearsay rule - ANSWER-D. Hearsay rule
The hearsay rule says that a witness cannot testify about what someone else told them,
except under specific exceptions. The courts have applied the hearsay rule to include
the concept that attorneys may not introduce logs into evidence unless they are
authenticated by the system administrator. The best evidence rule states that copies of
documents may not be submitted into evidence if the originals are available. The parol
evidence rule states that if two parties enter into a written agreement, that written
document is assumed to contain all the terms of the agreement. Testimonial evidence is
a type of evidence, not a rule of evidence.
Jim has been asked to individually identify devices that users are bringing to work as
part of a new BYOD policy. The devices will not be joined to a central management
system like Active Directory, but he still needs to uniquely identify the systems. Which of
the following options will provide Jim with the best means of reliably identifying each
unique device?
A. Record the MAC address of each system.
B. Require users to fill out a form to register each system.
C. Scan each system using a port scanner.
, D. Use device fingerprinting via a web-based registration system. - ANSWER-D. Use
device fingerprinting via a web-based registration system.
Device fingerprinting via a web portal can require user authentication and can gather
data like operating systems, versions, software information, and many other factors that
can uniquely identify systems. Using an automated fingerprinting system is preferable to
handling manual registration, and pairing user authentication with data gathering
provides more detail than a port scan. MAC addresses can be spoofed, and systems
may have more than one depending on how many network interfaces they have, which
can make unique identification challenging.
Greg would like to implement application control technology in his organization. He
would like to limit users to installing only approved software on their systems. What type
of application control would be appropriate in this situation?
A. Blacklisting
B. Graylisting
C. Whitelisting
D. Bluelisting - ANSWER-C. Whitelisting
The whitelisting approach to application control allows users to install only those
software packages specifically approved by administrators. This would be an
appropriate approach in a scenario where application installation needs to be tightly
controlled.
Which pair of the following factors is key for user acceptance of biometric identification
systems?
A. The FAR and FRR
B. The throughput rate and the time required to enroll
C. The CER and the ERR
D. How often users must reenroll and the reference profile requirements - ANSWER-B.
The throughput rate and the time required to enroll
Biometric systems can face major usability challenges if the time to enroll is long (more
than a couple of minutes) and if the speed at which the biometric system is able to scan
and accept or reject the user is too slow. FAR and FRR may be important in the design
decisions made by administrators or designers, but they aren't typically visible to users.
CER and ERR are the same and are the point where FAR and FRR meet. Reference
profile requirements are a system requirement, not a user requirement.
Sally is wiring a gigabit Ethernet network. What cabling choices should she make to
ensure she can use her network at the full 1000 Mbps she wants to provide to her
users?
A. Cat 5 and Cat 6
B. Cat 5e and Cat 6
C. Cat 4e and Cat 5e
D. Cat 6 and Cat 7 - ANSWER-B. Cat 5e and Cat 6
CERTIFIED PRACTITIONER OFFICIAL
PRACTICE TESTS - PART 1 OF 5 WITH
CORRECT SOLUTIONS
Which of the following is not a type of attack used against access controls?
A. Dictionary attack
B. Brute-force attack
C. Teardrop
D. Man-in-the-middle attack - ANSWER-C. Teardrop
Dictionary, brute-force, and man-in-the-middle attacks are all types of attacks that are
frequently aimed at access controls. Teardrop attacks are a type of denial-of-service
attack.
George is assisting a prosecutor with a case against a hacker who attempted to break
into the computer systems at George's company. He provides system logs to the
prosecutor for use as evidence, but the prosecutor insists that George testify in court
about how he gathered the logs. What rule of evidence requires George's testimony?
A. Testimonial evidence rule
B. Parol evidence rule
C. Best evidence rule
D. Hearsay rule - ANSWER-D. Hearsay rule
The hearsay rule says that a witness cannot testify about what someone else told them,
except under specific exceptions. The courts have applied the hearsay rule to include
the concept that attorneys may not introduce logs into evidence unless they are
authenticated by the system administrator. The best evidence rule states that copies of
documents may not be submitted into evidence if the originals are available. The parol
evidence rule states that if two parties enter into a written agreement, that written
document is assumed to contain all the terms of the agreement. Testimonial evidence is
a type of evidence, not a rule of evidence.
Jim has been asked to individually identify devices that users are bringing to work as
part of a new BYOD policy. The devices will not be joined to a central management
system like Active Directory, but he still needs to uniquely identify the systems. Which of
the following options will provide Jim with the best means of reliably identifying each
unique device?
A. Record the MAC address of each system.
B. Require users to fill out a form to register each system.
C. Scan each system using a port scanner.
, D. Use device fingerprinting via a web-based registration system. - ANSWER-D. Use
device fingerprinting via a web-based registration system.
Device fingerprinting via a web portal can require user authentication and can gather
data like operating systems, versions, software information, and many other factors that
can uniquely identify systems. Using an automated fingerprinting system is preferable to
handling manual registration, and pairing user authentication with data gathering
provides more detail than a port scan. MAC addresses can be spoofed, and systems
may have more than one depending on how many network interfaces they have, which
can make unique identification challenging.
Greg would like to implement application control technology in his organization. He
would like to limit users to installing only approved software on their systems. What type
of application control would be appropriate in this situation?
A. Blacklisting
B. Graylisting
C. Whitelisting
D. Bluelisting - ANSWER-C. Whitelisting
The whitelisting approach to application control allows users to install only those
software packages specifically approved by administrators. This would be an
appropriate approach in a scenario where application installation needs to be tightly
controlled.
Which pair of the following factors is key for user acceptance of biometric identification
systems?
A. The FAR and FRR
B. The throughput rate and the time required to enroll
C. The CER and the ERR
D. How often users must reenroll and the reference profile requirements - ANSWER-B.
The throughput rate and the time required to enroll
Biometric systems can face major usability challenges if the time to enroll is long (more
than a couple of minutes) and if the speed at which the biometric system is able to scan
and accept or reject the user is too slow. FAR and FRR may be important in the design
decisions made by administrators or designers, but they aren't typically visible to users.
CER and ERR are the same and are the point where FAR and FRR meet. Reference
profile requirements are a system requirement, not a user requirement.
Sally is wiring a gigabit Ethernet network. What cabling choices should she make to
ensure she can use her network at the full 1000 Mbps she wants to provide to her
users?
A. Cat 5 and Cat 6
B. Cat 5e and Cat 6
C. Cat 4e and Cat 5e
D. Cat 6 and Cat 7 - ANSWER-B. Cat 5e and Cat 6
