SSCP PRACTICE TEST FINAL QUESTIONS
COMPLETE WITH CORRECT ANSWERS
\Q\.Jack works as an investigating officer in Private Corporate Investigation Agency Services. He
wants to save an evidence, that he collected from the location where an incident happened, for
future use so that he can have that information whenever needed. Which is the most volatile
memory he can use to save the collected evidence? - ANSWERS✔-CPU cache
\Q\.Which choice best describes Bluetooth? - ANSWERS✔-A method of data synchronization
between devices
\Q\.Authorization for multiple applications using one set of credentials is best described by
which of the following? - ANSWERS✔-Single Sign-on
\Q\.How is separation of duties typically implemented? - ANSWERS✔-Segment administrative
tasks into compartments, and then assign one or more distinct administrators into each
compartment.
\Q\.When considering a disaster which of the following is not a commonly accepted definition?
- ANSWERS✔-An occurrence that is outside the normal functional baselines
\Q\.A type of wireless network attack monitors wireless signals for clients making requests to
connect to wireless base stations. It then takes the details from those requests to spoof the
identity of the requested base station in order to fool the client devices into connecting to the
false version of their trusted network. Which attack is this describing? - ANSWERS✔-Evil twin
,\Q\.How does mandatory access control determine which objects a subject can access? -
ANSWERS✔-Through the use of classification labels
\Q\.Which of the following is NOT a method by which devices are assigned to VLAN network
segments? - ANSWERS✔-Transport-layer port assignment
\Q\.Which of the following best describes the time that it takes to register with a biometric
system, by providing samples of a personal characteristic? - ANSWERS✔-Enrollment time
\Q\.How can a company ensure protection against eavesdropping and session hijacking for its
workers connecting to a public cloud? - ANSWERS✔-Use a VPN.
\Q\.Which type of client-side program always runs in a sandbox? - ANSWERS✔-Java applet
\Q\.When hashing a message, which of the following security goals is being provided? -
ANSWERS✔-Integrity
\Q\.How does a typical SIEM or systems management console retrieve event details from a
source system? - ANSWERS✔-SNMP
\Q\.A company is concerned about unauthorized entities attacking their wireless network. The
company has chosen to disable SSID broadcast in order to hide their base station and prevent
unauthorized connections. Which of the following statements are correct of this scenario? -
ANSWERS✔-It does not resolve the issue because the SSID is still present in most other
management frames.
\Q\.Which of the following is true about biometric scan technology? - ANSWERS✔-A number of
points extracted from the item scanned are stored.
,\Q\.A business asset is best described by which of the following? - ANSWERS✔-Competitive
advantage, capability, credibility, or goodwill
\Q\.Which term is used to indicate the function of access control or defining which subjects can
perform various tasks on specific objects? - ANSWERS✔-Authorization
\Q\.Other than implementing preventative measures and planning out response and recovery
strategies, what is another important element that will help minimize data loss in the event of a
harmful event that would trigger a disaster recovery policy (DRP)? - ANSWERS✔-Prior warning
of impending harm
\Q\.To prevent any one person from having too much control or power, or performing
fraudulent acts, which of the following solutions should not be implemented? - ANSWERS✔-Job
rotation
\Q\.Which of the following best describes an endpoint device? - ANSWERS✔-Computer printer
\Q\.What is the correct description of a certificate? - ANSWERS✔-A certificate contains the
owner's public key.
\Q\.A backup site is best described by which of the following options? - ANSWERS✔-A computer
facility with power and HVAC and all servers and communications. All applications are ready to
be installed and configured, and recent data is available to be restored to the site.
\Q\.What does an acceptable use policy AUP state? - ANSWERS✔-The acceptable and
unacceptable uses for organizational resources
\Q\.Which option provides the best description of the first action to take during incident
response? - ANSWERS✔-Follow the procedures in the incident response plan.
, \Q\.Which of the following best describes maximum tolerable downtime? - ANSWERS✔-The
amount of time a business process may be off-line before the viability of the organization is in
severe jeopardy
\Q\.Which choice best describes a zombie? - ANSWERS✔-A member of a botnet
\Q\.Which option is not part of the prevention primary security category? - ANSWERS✔-Using
an alternate site after a disaster
\Q\.What type of attack cannot be blocked or resolved with a software fix or a hardware
upgrade? - ANSWERS✔-Social engineering
\Q\.Crossover error rate (CER) refers to which of the following graphical intersections? -
ANSWERS✔-False rejection rate and false acceptance rate
\Q\.Which of the following is a term used for a rogue Wi-Fi access point that appears to be
legitimate but actually has been set up to intercept wireless communications? - ANSWERS✔-Evil
twin
\Q\.Your company is about to launch a new Web site offering services and features that are
commonly requested but rarely offered by other existing sites. The market research shows that
the new site will be very popular and will have significant user growth for years. You have been
given the responsibility to set up user authentication. Your requirements are the following:
Each user must be uniquely identified.
Multifactor authentication should be supported.
Authentication should provide protection of a user's identity even if your Web site's servers are
compromised by hackers.
COMPLETE WITH CORRECT ANSWERS
\Q\.Jack works as an investigating officer in Private Corporate Investigation Agency Services. He
wants to save an evidence, that he collected from the location where an incident happened, for
future use so that he can have that information whenever needed. Which is the most volatile
memory he can use to save the collected evidence? - ANSWERS✔-CPU cache
\Q\.Which choice best describes Bluetooth? - ANSWERS✔-A method of data synchronization
between devices
\Q\.Authorization for multiple applications using one set of credentials is best described by
which of the following? - ANSWERS✔-Single Sign-on
\Q\.How is separation of duties typically implemented? - ANSWERS✔-Segment administrative
tasks into compartments, and then assign one or more distinct administrators into each
compartment.
\Q\.When considering a disaster which of the following is not a commonly accepted definition?
- ANSWERS✔-An occurrence that is outside the normal functional baselines
\Q\.A type of wireless network attack monitors wireless signals for clients making requests to
connect to wireless base stations. It then takes the details from those requests to spoof the
identity of the requested base station in order to fool the client devices into connecting to the
false version of their trusted network. Which attack is this describing? - ANSWERS✔-Evil twin
,\Q\.How does mandatory access control determine which objects a subject can access? -
ANSWERS✔-Through the use of classification labels
\Q\.Which of the following is NOT a method by which devices are assigned to VLAN network
segments? - ANSWERS✔-Transport-layer port assignment
\Q\.Which of the following best describes the time that it takes to register with a biometric
system, by providing samples of a personal characteristic? - ANSWERS✔-Enrollment time
\Q\.How can a company ensure protection against eavesdropping and session hijacking for its
workers connecting to a public cloud? - ANSWERS✔-Use a VPN.
\Q\.Which type of client-side program always runs in a sandbox? - ANSWERS✔-Java applet
\Q\.When hashing a message, which of the following security goals is being provided? -
ANSWERS✔-Integrity
\Q\.How does a typical SIEM or systems management console retrieve event details from a
source system? - ANSWERS✔-SNMP
\Q\.A company is concerned about unauthorized entities attacking their wireless network. The
company has chosen to disable SSID broadcast in order to hide their base station and prevent
unauthorized connections. Which of the following statements are correct of this scenario? -
ANSWERS✔-It does not resolve the issue because the SSID is still present in most other
management frames.
\Q\.Which of the following is true about biometric scan technology? - ANSWERS✔-A number of
points extracted from the item scanned are stored.
,\Q\.A business asset is best described by which of the following? - ANSWERS✔-Competitive
advantage, capability, credibility, or goodwill
\Q\.Which term is used to indicate the function of access control or defining which subjects can
perform various tasks on specific objects? - ANSWERS✔-Authorization
\Q\.Other than implementing preventative measures and planning out response and recovery
strategies, what is another important element that will help minimize data loss in the event of a
harmful event that would trigger a disaster recovery policy (DRP)? - ANSWERS✔-Prior warning
of impending harm
\Q\.To prevent any one person from having too much control or power, or performing
fraudulent acts, which of the following solutions should not be implemented? - ANSWERS✔-Job
rotation
\Q\.Which of the following best describes an endpoint device? - ANSWERS✔-Computer printer
\Q\.What is the correct description of a certificate? - ANSWERS✔-A certificate contains the
owner's public key.
\Q\.A backup site is best described by which of the following options? - ANSWERS✔-A computer
facility with power and HVAC and all servers and communications. All applications are ready to
be installed and configured, and recent data is available to be restored to the site.
\Q\.What does an acceptable use policy AUP state? - ANSWERS✔-The acceptable and
unacceptable uses for organizational resources
\Q\.Which option provides the best description of the first action to take during incident
response? - ANSWERS✔-Follow the procedures in the incident response plan.
, \Q\.Which of the following best describes maximum tolerable downtime? - ANSWERS✔-The
amount of time a business process may be off-line before the viability of the organization is in
severe jeopardy
\Q\.Which choice best describes a zombie? - ANSWERS✔-A member of a botnet
\Q\.Which option is not part of the prevention primary security category? - ANSWERS✔-Using
an alternate site after a disaster
\Q\.What type of attack cannot be blocked or resolved with a software fix or a hardware
upgrade? - ANSWERS✔-Social engineering
\Q\.Crossover error rate (CER) refers to which of the following graphical intersections? -
ANSWERS✔-False rejection rate and false acceptance rate
\Q\.Which of the following is a term used for a rogue Wi-Fi access point that appears to be
legitimate but actually has been set up to intercept wireless communications? - ANSWERS✔-Evil
twin
\Q\.Your company is about to launch a new Web site offering services and features that are
commonly requested but rarely offered by other existing sites. The market research shows that
the new site will be very popular and will have significant user growth for years. You have been
given the responsibility to set up user authentication. Your requirements are the following:
Each user must be uniquely identified.
Multifactor authentication should be supported.
Authentication should provide protection of a user's identity even if your Web site's servers are
compromised by hackers.
