CERTPREPS - SSCP PRACTICE EXAM 3
1. An organization is choosing a risk management framework to comply with
international standards for information security. They require a framework that is
globally recognized and provides a comprehensive approach to managing risk. Which
framework should they select?
A. Control Objectives for Information and Related Technologies (COBIT)
B. ISO/IEC 27005
C. Payment Card Industry Data Security Standard (PCI DSS)
D. Federal Information Security Management Act (FISMA) - Correct Answers -B.
ISO/IEC 27005
ISO/IEC 27005 (B) is a globally recognized framework that provides comprehensive
guidelines for information security risk management within the context of an
organization's overall information security management system (ISMS). COBIT (A)
focuses on IT governance rather than risk management specifically. PCI DSS (C) is a
standard for securing cardholder data, not a general risk management framework.
FISMA (D) applies to federal agencies in the United States and does not offer a global
approach.
2. A new employee at a financial institution needs access to the company's internal
financial systems. Which of the following actions ensures the employee is granted
appropriate entitlements based on their job role?
A. Provisioning the employee's email account
B. Assigning the employee to a financial analyst role with specific access rights
C. Requiring the employee to sign a non-disclosure agreement
D. Setting up a regular password expiration policy - Correct Answers -B. Assigning the
employee to a financial analyst role with specific access rights
The correct answer is B. Assigning the employee to a financial analyst role with specific
access rights ensures they are granted appropriate entitlements, providing them with
access to the necessary financial systems and data based on their job role (B).
Provisioning the employee's email account (A) is part of the onboarding process but
does not involve entitlements related to job roles. Requiring the employee to sign a non-
disclosure agreement (C) is important for confidentiality but not for granting access
rights. Setting up a regular password expiration policy (D) enhances security but does
not address entitlements based on roles.
,3. During a security audit, it was discovered that sensitive company data has been
accessed and copied by an employee without proper authorization. What type of
malicious activity does this represent?
A. Zero-day exploit
B. Web-based attack
C. Insider threat
D. Distributed Denial of Service (DDoS) - Correct Answers -C. Insider threat
The scenario describes an employee accessing and copying sensitive data without
authorization, which is indicative of an insider threat (C). Insider threats involve
malicious activities performed by individuals within the organization who have access to
sensitive data and systems. A zero-day exploit (A) takes advantage of vulnerabilities
that are not yet known to the software vendor, but it does not typically involve
authorized access by employees. A web-based attack (B) targets web applications and
services from outside the organization. Distributed Denial of Service (DDoS) (D) attacks
aim to disrupt services by overwhelming them with traffic but do not involve
unauthorized access to sensitive data.
4. During the recovery phase of a security incident, which action is critical to ensure that
systems are safe and secure before they are returned to operation?
A. Reinstall all operating systems from scratch
B. Validate the integrity of all system components
C. Notify regulatory bodies of the incident
D. Reconnect all network segments to the internet - Correct Answers -B. Validate the
integrity of all system components
Validating the integrity of all system components (B) is crucial to ensure that no
malicious code or vulnerabilities remain before systems are brought back into operation.
Reinstalling operating systems (A) is an extreme measure and typically unnecessary
unless the systems are heavily compromised. Notifying regulatory bodies (C) is part of
incident response and compliance but not directly related to system recovery.
Reconnecting network segments (D) should only be done after ensuring system
integrity.
5. A financial company is concerned about the integrity of its internal applications and
wants to ensure that the software they deploy has not been tampered with. Which
countermeasure would be most effective in verifying the authenticity of these
applications before installation?
A. Antivirus
B. Code signing
C. Intrusion Detection System (IDS)
D. Firewall - Correct Answers -B. Code signing
,Code signing (B) is a technique used to ensure the integrity and authenticity of software
applications by digitally signing them. This helps verify that the code has not been
altered since it was signed by the trusted author, providing a layer of security against
tampering. Antivirus software (A) is primarily used to detect and remove malicious
software but does not verify the authenticity of software. An Intrusion Detection System
(IDS) (C) monitors network traffic for suspicious activity but does not directly relate to
verifying software integrity. A firewall (D) controls incoming and outgoing network traffic
based on security rules, and it does not authenticate software applications.
6. A company places a "No Trespassing" sign at the entrance of its restricted area. How
does this sign contribute to the company's security posture?
A. By serving as a detective control to monitor and report unauthorized access.
B. By acting as a deterrent control to discourage unauthorized individuals from entering.
C. By functioning as a preventive control to physically block access to the area.
D. By providing a compensating control for insufficient access control mechanisms. -
Correct Answers -B. By acting as a deterrent control to discourage unauthorized
individuals from entering.
The "No Trespassing" sign serves as a deterrent control (B), aiming to discourage
unauthorized individuals from entering the restricted area by clearly indicating that entry
is forbidden and that there may be consequences for trespassing. Detective control (A)
would involve systems to identify and report unauthorized access, which the sign does
not do. Preventive control (C) physically restricts access, such as through barriers or
locks, which is not the function of a sign. Compensating control (D) offers alternative
measures when primary controls are lacking, but the sign's primary purpose is to deter,
not to compensate for other controls.
7. During a backup process, an organization uses data deduplication to optimize
storage. What is the primary benefit of using data deduplication in their backup
strategy?
A. Reducing the backup time significantly
B. Minimizing the storage space required for backups
C. Ensuring backup data is encrypted
D. Improving the speed of data recovery - Correct Answers -B. Minimizing the storage
space required for backups
The correct answer is B. Data deduplication minimizes the storage space required for
backups by eliminating duplicate copies of repeating data, thus optimizing the use of
storage resources. Reducing backup time (A) can be a secondary benefit but is not the
primary purpose. Ensuring data encryption (C) is not related to deduplication but to data
security practices. Improving recovery speed (D) can be a benefit of having more
efficient storage, but the primary advantage of deduplication is storage optimization.
, 8. A company is experiencing issues with remote desktop connectivity. The IT team
needs to ensure the correct port is open on the firewall to allow this service. Which port
should they verify or open?
A. 22
B. 443
C. 3389
D. 3306 - Correct Answers -C. 3389
Remote Desktop Protocol (RDP) uses port 3389 (C) for remote desktop connectivity.
Ensuring this port is open on the firewall will allow remote desktop services to function
properly. Port 22 (A) is used for SSH, which provides secure shell access, not remote
desktop. Port 443 (B) is used for HTTPS, which secures web traffic. Port 3306 (D) is
used by MySQL databases for database connections, not remote desktop.
9. When implementing an MDM solution for a BYOD environment, which of the following
measures is essential to ensure compliance with corporate security policies?
A. Restricting personal device features
B. Mandating regular security training
C. Applying device compliance checks
D. Enforcing device encryption only for corporate apps - Correct Answers -C. Applying
device compliance checks
Device compliance checks (C) ensure that BYOD devices adhere to corporate security
standards, such as up-to-date software and security patches, which is crucial for
maintaining security. Restricting personal features (A) is impractical for BYOD and can
reduce user acceptance. While regular security training (B) is important, it does not
directly enforce compliance. Device encryption limited to corporate apps (D) is
insufficient as it may leave other areas of the device vulnerable.
10. A security analyst is reviewing system logs and notices that a user account has
repeatedly failed login attempts from various locations within a short period. Which of
the following actions should the analyst prioritize to address this event?
A. Temporarily disable the user account and investigate further.
B. Reset the user's password and notify the user.
C. Log the event and continue to monitor for further activity.
D. Block the IP addresses associated with the failed attempts. - Correct Answers -A.
Temporarily disable the user account and investigate further.
Temporarily disabling the user account and investigating further (A) is the best course of
action to prevent potential unauthorized access while determining the cause of the
failed login attempts. This prevents the attacker from succeeding if they obtain the
correct credentials. Resetting the user's password and notifying the user (B) might be
necessary eventually but doesn't immediately stop the potential threat. Logging the
1. An organization is choosing a risk management framework to comply with
international standards for information security. They require a framework that is
globally recognized and provides a comprehensive approach to managing risk. Which
framework should they select?
A. Control Objectives for Information and Related Technologies (COBIT)
B. ISO/IEC 27005
C. Payment Card Industry Data Security Standard (PCI DSS)
D. Federal Information Security Management Act (FISMA) - Correct Answers -B.
ISO/IEC 27005
ISO/IEC 27005 (B) is a globally recognized framework that provides comprehensive
guidelines for information security risk management within the context of an
organization's overall information security management system (ISMS). COBIT (A)
focuses on IT governance rather than risk management specifically. PCI DSS (C) is a
standard for securing cardholder data, not a general risk management framework.
FISMA (D) applies to federal agencies in the United States and does not offer a global
approach.
2. A new employee at a financial institution needs access to the company's internal
financial systems. Which of the following actions ensures the employee is granted
appropriate entitlements based on their job role?
A. Provisioning the employee's email account
B. Assigning the employee to a financial analyst role with specific access rights
C. Requiring the employee to sign a non-disclosure agreement
D. Setting up a regular password expiration policy - Correct Answers -B. Assigning the
employee to a financial analyst role with specific access rights
The correct answer is B. Assigning the employee to a financial analyst role with specific
access rights ensures they are granted appropriate entitlements, providing them with
access to the necessary financial systems and data based on their job role (B).
Provisioning the employee's email account (A) is part of the onboarding process but
does not involve entitlements related to job roles. Requiring the employee to sign a non-
disclosure agreement (C) is important for confidentiality but not for granting access
rights. Setting up a regular password expiration policy (D) enhances security but does
not address entitlements based on roles.
,3. During a security audit, it was discovered that sensitive company data has been
accessed and copied by an employee without proper authorization. What type of
malicious activity does this represent?
A. Zero-day exploit
B. Web-based attack
C. Insider threat
D. Distributed Denial of Service (DDoS) - Correct Answers -C. Insider threat
The scenario describes an employee accessing and copying sensitive data without
authorization, which is indicative of an insider threat (C). Insider threats involve
malicious activities performed by individuals within the organization who have access to
sensitive data and systems. A zero-day exploit (A) takes advantage of vulnerabilities
that are not yet known to the software vendor, but it does not typically involve
authorized access by employees. A web-based attack (B) targets web applications and
services from outside the organization. Distributed Denial of Service (DDoS) (D) attacks
aim to disrupt services by overwhelming them with traffic but do not involve
unauthorized access to sensitive data.
4. During the recovery phase of a security incident, which action is critical to ensure that
systems are safe and secure before they are returned to operation?
A. Reinstall all operating systems from scratch
B. Validate the integrity of all system components
C. Notify regulatory bodies of the incident
D. Reconnect all network segments to the internet - Correct Answers -B. Validate the
integrity of all system components
Validating the integrity of all system components (B) is crucial to ensure that no
malicious code or vulnerabilities remain before systems are brought back into operation.
Reinstalling operating systems (A) is an extreme measure and typically unnecessary
unless the systems are heavily compromised. Notifying regulatory bodies (C) is part of
incident response and compliance but not directly related to system recovery.
Reconnecting network segments (D) should only be done after ensuring system
integrity.
5. A financial company is concerned about the integrity of its internal applications and
wants to ensure that the software they deploy has not been tampered with. Which
countermeasure would be most effective in verifying the authenticity of these
applications before installation?
A. Antivirus
B. Code signing
C. Intrusion Detection System (IDS)
D. Firewall - Correct Answers -B. Code signing
,Code signing (B) is a technique used to ensure the integrity and authenticity of software
applications by digitally signing them. This helps verify that the code has not been
altered since it was signed by the trusted author, providing a layer of security against
tampering. Antivirus software (A) is primarily used to detect and remove malicious
software but does not verify the authenticity of software. An Intrusion Detection System
(IDS) (C) monitors network traffic for suspicious activity but does not directly relate to
verifying software integrity. A firewall (D) controls incoming and outgoing network traffic
based on security rules, and it does not authenticate software applications.
6. A company places a "No Trespassing" sign at the entrance of its restricted area. How
does this sign contribute to the company's security posture?
A. By serving as a detective control to monitor and report unauthorized access.
B. By acting as a deterrent control to discourage unauthorized individuals from entering.
C. By functioning as a preventive control to physically block access to the area.
D. By providing a compensating control for insufficient access control mechanisms. -
Correct Answers -B. By acting as a deterrent control to discourage unauthorized
individuals from entering.
The "No Trespassing" sign serves as a deterrent control (B), aiming to discourage
unauthorized individuals from entering the restricted area by clearly indicating that entry
is forbidden and that there may be consequences for trespassing. Detective control (A)
would involve systems to identify and report unauthorized access, which the sign does
not do. Preventive control (C) physically restricts access, such as through barriers or
locks, which is not the function of a sign. Compensating control (D) offers alternative
measures when primary controls are lacking, but the sign's primary purpose is to deter,
not to compensate for other controls.
7. During a backup process, an organization uses data deduplication to optimize
storage. What is the primary benefit of using data deduplication in their backup
strategy?
A. Reducing the backup time significantly
B. Minimizing the storage space required for backups
C. Ensuring backup data is encrypted
D. Improving the speed of data recovery - Correct Answers -B. Minimizing the storage
space required for backups
The correct answer is B. Data deduplication minimizes the storage space required for
backups by eliminating duplicate copies of repeating data, thus optimizing the use of
storage resources. Reducing backup time (A) can be a secondary benefit but is not the
primary purpose. Ensuring data encryption (C) is not related to deduplication but to data
security practices. Improving recovery speed (D) can be a benefit of having more
efficient storage, but the primary advantage of deduplication is storage optimization.
, 8. A company is experiencing issues with remote desktop connectivity. The IT team
needs to ensure the correct port is open on the firewall to allow this service. Which port
should they verify or open?
A. 22
B. 443
C. 3389
D. 3306 - Correct Answers -C. 3389
Remote Desktop Protocol (RDP) uses port 3389 (C) for remote desktop connectivity.
Ensuring this port is open on the firewall will allow remote desktop services to function
properly. Port 22 (A) is used for SSH, which provides secure shell access, not remote
desktop. Port 443 (B) is used for HTTPS, which secures web traffic. Port 3306 (D) is
used by MySQL databases for database connections, not remote desktop.
9. When implementing an MDM solution for a BYOD environment, which of the following
measures is essential to ensure compliance with corporate security policies?
A. Restricting personal device features
B. Mandating regular security training
C. Applying device compliance checks
D. Enforcing device encryption only for corporate apps - Correct Answers -C. Applying
device compliance checks
Device compliance checks (C) ensure that BYOD devices adhere to corporate security
standards, such as up-to-date software and security patches, which is crucial for
maintaining security. Restricting personal features (A) is impractical for BYOD and can
reduce user acceptance. While regular security training (B) is important, it does not
directly enforce compliance. Device encryption limited to corporate apps (D) is
insufficient as it may leave other areas of the device vulnerable.
10. A security analyst is reviewing system logs and notices that a user account has
repeatedly failed login attempts from various locations within a short period. Which of
the following actions should the analyst prioritize to address this event?
A. Temporarily disable the user account and investigate further.
B. Reset the user's password and notify the user.
C. Log the event and continue to monitor for further activity.
D. Block the IP addresses associated with the failed attempts. - Correct Answers -A.
Temporarily disable the user account and investigate further.
Temporarily disabling the user account and investigating further (A) is the best course of
action to prevent potential unauthorized access while determining the cause of the
failed login attempts. This prevents the attacker from succeeding if they obtain the
correct credentials. Resetting the user's password and notifying the user (B) might be
necessary eventually but doesn't immediately stop the potential threat. Logging the
