WGU Course C845 - Information Systems Security (SSCP) Quizlet by Brian MacFarlane
Studied by 0 people
Learn
Practice Test
Spaced Repetition
Match
Flashcards1/1672
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
1673 Terms
Which of the following is a symmetric algorithm?
A Diffie-Hellman
B RSA
C AES
D HMAC
C
How can a user be given the power to set privileges on an object for other users when within a DAC operating system?
A Remove special permissions for the user on the object.
B Grant the user full control over the object.
C Give the user the modify privilege on the object.
D Issue an administrative job label to the user.
B
Your company adopts a new end-user security awareness program. This training includes malware introduction, social media issues, password guidelines, data exposure, and lost devices. How often should end users receive this training?
A once a year and upon termination
B upon new hire and once a year thereafter
C upon termination
D twice a year
E upon new hire
F once a year
B
What type of event is more likely to trigger the business continuity plan (BCP) rather than the disaster recovery plan (DRP)?
A A port-scanning event against your public servers in the DMZ
B A security breach of an administrator account
C Several users failing to remember their logon credentials
D A level 5 hurricane
B
What is the IEEE standard known as port-based network access control which is used to leverage authentication already present in a network to validate clients connecting over hardware devices, such as wireless access points or VPN concentrators?
A IEEE 802.1x
B IEEE 802.15
C IEEE 802.3
D IEEE 802.11
A
Why is change control and management used as a component of software asset management?
A To stop changes from being implemented into an environment
B To oversee the asset procurement process
C To prevent or reduce unintended reduction in security
D To restrict the privileges assigned to compartmentalized administrators
C
What is the cost benefit equation?
A [ALE1 - ALE2] - CCM
B AES - CCMP
C total initial risk - countermeasure benefit
D AV x EF x ARO
A
What is the best means to restore the most current form of data when a backup strategy is based on starting each week off with a full backup followed by a daily differential?
A Restore the initial week's full backup and then the last differential backup before the failure.
B Restore only the last differential backup.
C Restore the initial week's full backup and then each differential backup up to the failure.
D Restore the last differential backup and then the week's full backup.
A
Which of the following is not considered an example of a non-discretionary access control system?
A MAC
B ACL
C ABAC
D RBAC
B
How should countermeasures be implemented as part of the recovery phase of incident response?
A During next year's security review
B Based on the lowest cost among available options
C As defined by the current security policy
D As determined by the violation that occurred
D
Remote control malware was found on a client device, and an unknown attacker was manipulating the network from afar. The attack resulted in the network switches reverting to flooding mode, thereby enabling the attacker to eavesdrop on a significant portion of network communications. After reviewing IDS and traffic logs, you determine that this was accomplished by an attack utility which generated a constant Ethernet frames with random source MAC addresses. What can be done to prevent this attack from occurring in the future?
A Restrict access to DHCP.
B Use a static HOSTS file.
C Use MAC limiting on the switch ports.
D Implement an ARP monitor.
C
How is quantitative risk analysis performed?
A Through the Delphi technique
B With scenario-based assessments
C Using calculations
D Via employee interviews
C
What special component on a motherboard can be used to securely store the encryption key for whole drive encryption?
A CMOS
B RAM
C TPM
D CPU
C
When is it appropriate to contact law enforcement when an organization experiences a security breach?
A If a violation is more severe than just breaking company policy rules
B If a breach of security occurs
C If a tolerable or accepted risk is realized
D If an insider uses another employee's credentials
A
What is the name of a cryptographic attack based on a database of pre-computed hash values and the original plaintext values?
A Brute force attack
B Rainbow table attack
C Frequency analysis
D Chosen plaintext attack
B
What is the purpose of a Security Information and Event Management (SIEM) product?
A To provide real-time logging and analysis of security events
B To define the requirements of security procedures
C To provide event planning guidance for holding industry conferences
D To improve employee security training
A
How does salting passwords reduce the likelihood that a password cracking attack will be successful?
A It prevents automated attacks.
B It forces the attacker to focus on one account at a time.
C It triggers an account lockout after a fixed number of false attempts.
D It increases the work load required to become successful.
D
Which of the following clearance levels or classification labels is not generally used in a government- or military-based MAC scheme?
A Unclassified
B Confidential
C Top Secret
D Proprietary
D
You are starting a new website. You want to quickly allow users to begin using your site without having the hassle of creating a new user account. You set up a one-way trust federated access link from your website to the three major social networks. Why should you use a one-way trust in this configuration rather than a two-way trust in this scenario?
A A one-way trust allows your website to trust the user accounts of the social networks without requiring the social networks to trust your website.
B Two-way trusts are only valid in private networks and cannot be used across the Internet.
C A one-way trust allows your website to access the file storage of the social networks.
D A two-way trust would grant the social network administrators full access to your backend database.
A
Why should the risks of an organization be reported as defined by enterprise risk management (ERM)?
A It is a means to predict loss, select countermeasures, and reduce downtime.
B It is a government regulation.
C It helps with internal transparency, risk assessment, risk response, and risk monitoring.
D It assists with strategic planning, compliance, and training.
C
A common attack against wireless networks is to guess the static password needed to authenticate to the base station. Which technology can be used to minimize this risk?
A IEEE 802.1x
B IEEE 802.15
C IEEE 802.11n
D IEEE 802.1q
A
John works in an organization. He is trying to insert a password to log in his account on the organization's login website. Which of the following best describes the use of passwords for access control?
A Authorization
B Authentication
C Identification
D Auditing
B
How can skilled IT workers evaluate new software without exposing their systems to infection or malware compromise?
A Test using a sandbox.
B Implement an IDS.
C Use anti-malware scanners.
D Use an administrator account.
A
How can account provisioning be configured so that the assignment of rights and privileges is nearly automatic once the account is created?
A Trigger a random number generator to assign privileges on various resources.
B Enable new users to set their own privileges.
C Use an RBAC mechanism where a new user's role is set by an HR admin.
D Follow a strict procedure where granular access is set on a per-object basis for each user by an administrator.
C
How are the access control schemes of MAC and RBAC distinguished from DAC?
A They are based on user identity.
B They are not based on assigned labels.
C They are based on object hosted ACLs.
D They are not based on user decisions.
D
What is the company security policy that allows workers to use their own personal equipment to interact with company resources?
A BYOD
B MOU
C AUP
D CPS
A
What is the purpose of a business continuity plan (BCP)?
A To maintain the ability to perform mission critical work tasks while dealing with harmful events
B To define performance requirements and consequences if providers fail to meet quality expectations
C To restore mission critical tasks
D To train replacement personnel in the event of a senior executive leaving the organization
A
Selecting a cloud provider can be a challenge. Often, it is not possible to determine whether a provider's services are sufficient for your needs until you have started using its service. If you determine that an initial cloud system is insufficient and you need to move your data and custom code to a different cloud provider, what is needed as a feature of the initial cloud provider that did not work out for you?
A Storage encryption
B VPN connectivity
C Activity auditing
D Data portability
D
How can the burden of handling a specific security risk be transferred to the shoulders of another organization?
A More thorough user training
B Outsourcing
C Decommissioning equipment
D Implementing market leading countermeasure
B
When working with big data, the storage location where all of the raw data is housed until it is needed for mining or processing is known as?
A Data lake
B Data warehouse
C Database
D Data mart
A
How can non-repudiation be achieved by the typical user when communicating over e-mail?
A Employ encryption and a digital envelope.
B Obtain a digital certificate.
C Use a digital signature.
D Ask for proof of receipt.
C
What is the primary concern for any situation involving the triggering of a disaster recovery plan (DRP)?
A Avoiding downtime
B Reducing asset loss
C Preservation of human life
D Minimizing costs
C
Which type of network segment is created by a switch, but requires a routing function to be present to interact between network segments?
A Community
B Domain
C Subnet
D VLAN
D
Why do many security monitoring systems produce a visualization of the collected results?
A Security tools do not support spreadsheet presentations.
B The lists of text and numbers takes up too much screen space.
C It represents complex or bulky data in an easy to understand format.
D It is the only way to represent passively monitored systems.
C
How can multiple distinct physical network topologies be combined into a single network structure?
A Deploy a star topology.
B Deploy a ring topology.
C Deploy a tree topology.
D Deploy a bus topology.
C
What is the term used to refer to an activity, occurrence, or event which could cause damage or harm to an organization?
A Incident
B Alarm
C Baseline
D Clipping level
A
How can files be easily exchanged between systems whether local or remote, when various operating systems are involved, and when all systems support the TCP/IP protocol stack?
A SMB
B NFS
C FTP
D Telnet
C
How does a Trojan horse get past security mechanisms to harm a victim?
A By attaching itself to an existing file
B By displaying advertisements for intriguing applications
C By seeming to be a benign item
D By using system resources to distribute itself to other networked devices
C
Which term refers to the virtualization of networking which grants more control and flexibility over networking than using the traditional hardware-only means of network management?
A iSCSI
B Software-defined network
C Bridging
D Hypervisor
B
What is the most appropriate use of IPSec?
A Processing encryption
B Storage encryption
C Data transmission protection
D Database protection
C
Why are initialization vectors used as common components of encryption algorithms?
A They determine the range of values into which a block can resolve.
B They increase the chaos in encrypted output.
C They set the speed of the encryption process.
D They start the encryption process at a common point.
B
What is the term used to describe an entry in a database describing a violation or exploit which is used to match real-time events in order to detect and record attacks by the continuous monitoring solution?
A Countermeasure
B Threat
C Signature
D Vulnerability
C
Your organization experienced an impersonation attack recently that compromised the network administrator's user account. In response, new security measures are being implemented throughout the organization. You have been assigned the task of improving authentication. You want a new authentication system that ensures the following:
-Eavesdropped passwords cannot be used by an attacker.
-Passwords are only able to be used once.
-Password predication must be prevented.
-Passwords are only valid for a short period of time.
How can you accomplish these goals?
A Implement a rotating, 30-character password authentication system.
B Implement a PIN-based authentication system where each PIN is incremented by three each time a user logs in.
C Implement an authentication system using wallet cards with a table of password options.
D Implement a synchronized, one-time password token-based authentication system.
D
What is the activity called where hackers travel around an area in search for wireless network signals?
A War driving
B War dialing
C Banner grabbing
D Footprinting
A
WAN optimization is the collection of technologies used to maximize efficiency of network communications across long distance links. WAN optimization can include data deduplication, compression, and what other technology?
A Account lockout
B Periodic mid-stream re-authentication
C Encryption
D Traffic shaping
D
Which type of secure implementation of client devices has brought back a concept from the mainframe era where systems on a worker's desk have minimal storage and computational capacity?
A Thin clients
B Mobile devices
C All-in-one PCs
D Distributed architecture
A
What virtual environment tool allows for testing and experimentation within a guest OS while providing a means to roll-back to a previous stable state in just seconds?
A File-by-file backup
B Snapshots
C Hard drive image
D Bit-stream image backups
B
An IT security manager is struggling to keep the organization's computers in working order. He is testing updates and configuring them to be installed onto systems and making tweaks to the configuration settings to various systems as business tasks require. However, he often discovers systems which do not have the necessary updates or which are using out-of-date settings. This may be caused by systems being disconnected from the company network when taken into the field or when used for special offline projects.
What technology should the IT security manager implement to help handle this complex issue?
A NTP synchronization
B OCSP
C IEEE 802.1x
D NAC
D
What is the purpose or benefit of an after-action report in an incident response strategy?
A To learn from events in order to improve future incident handling
B To have law enforcement provide guidance on handling security breaches
C To increase the sensitivity of incident detectors
D To gain sufficient support from senior management
A
What is user entitlement?
A The level of privilege assigned to administrative accounts
B The default level of access given to users by the operating system
C The privileges inherited by a user
D The rights and privileges assigned to a user
D
When designing end-user training to teach employees about using cryptography within business tasks, which of the following is an important element to include?
A The electricity cost of encryption
B The means of adding additional entropy to the randomness seeds
C Key destruction
D The consequences of failing to encrypt
D
What is a common means to discover a violating event?
A Intrusion detection system (IDS)
B Multi-factor authentication
C Asymmetric encryption
D Certificate revocation
A
How can a user be assured that a file downloaded from a vendor's Web site is free from malicious code?
A Check for system compatibility.
B Read reviews about the product.
C Check the file's signature and hash calculation.
D Check the file size.
C
Which item within an organization makes the determination as to which attributes of a subject or object determine whether access is granted or denied?
A Job descriptions
B Authorization policy
C Security baseline
D Acceptable use policy
B
What is the primary benefit of a security camera for physical security?
A Detective
B Preventative
C Directive
D Corrective
A
What is the name of the process used to replace an old asymmetric key pair set with a new key pair set?
A Key generation
B Key escrow
C Key rotation
D Key exchange
C
When using a cloud solution as a component of a backup strategy, what is the most important concern?
A Encryption of transfer and storage
B Speed of communication
C Effort involved in recovery
D Ownership
A
Why is interpretation of a security assessment required before action is taken on the findings?
A Because quantitative analysis is based on opinions rather than numbers
B Because senior management is not IT savvy and need thing explained in more generic terms
C Because not all findings are obvious nor point to specific causes or reasons
D Because people do not typically read binary and hex results
C
How is a digital certificate created?
A A subject's public key is signed by a CA's private key.
B A random key is encrypted by a recipient's public key.
C A communication exchange of discover, offer, request, and acknowledge occurs.
D A Diffie-Hellman key exchange is performed.
A
How are alterations to mission critical servers approved before implementation when a change management process is involved?
A By providing a rollback option
B By showing a less than 10% chance of failure
C By being assessed by a Change Control Board
D By documenting all changes that will take place
C
Which of the following actions will have the LEAST benefit in relation to securing a wireless network?
A Enabling WPA-2
B Disabling DHCP
C Changing the base station's default SSID and MAC addresses
D Changing the default management password on the base station
B
What is the condition of an IDS security assessment reporting that an event of concern has taken place, but when later analyzed it is determined that the event was benign and should not have caused an IDS alert?
A True negative
B False positive
C True positive
D False negative
B
When network access control (NAC) determines that a system lacks specific configuration settings or is missing a required update, what should occur?
A Promotion
B Restoration
C Revocation
D Quarantine
D
Which type of cloud deployment involves several businesses working together to create a cloud system which they can each use?
A Public
B Private
C Community
D Hybrid
C
How does hardware asset management affect security?
A Through assessing the purpose of hardware before it is acquired
B By reducing the likelihood of hardware-focused attacks
C By replacing hardware as it becomes three years old
D By preventing the use of cheap equipment through minimal cost vs. performance metrics
B
What is the bit-length, hash-digest output of the SHA-1 hashing algorithm?
A 128
B 64
C 160
D 224
C
Which procedure is NOT a valid mechanism for performing account proofing when users are attempting to log into their account?
A Have the user type in the username and password a second time.
B Send a text message to the user's phone.
C Ask the user three security questions based upon facts that only the user is likely to know.
D Have the user click a hyperlink in an email message.
A
What is the means of incident or violation detection which is based on a collected sample of the unwanted activity?
A Heuristic
B Behavioral
C Anomaly
D Signature
D
What type of access control is typically the first line of defense?
A Logical
B Technical
C Administrative
D Physical
D
Why should forensic investigators give collection priority to the most volatile evidence?
A Volatile evidence has the highest risk of being lost or changes due to the passing of time
B Volatile evidence is considered hearsay evidence in US courts.
C Volatile evidence is stored as binary information.
D Volatile evidence is the most persuasive evidence in a court of law.
A
What would the most successful means of attacking an environment relying upon guest OSes that would result in the destruction or loss of use of the guest OSes be?
A Compromise the host OS.
B Perform a full port scan against both TCP and UDP across all guest OSes.
C Implement a man-in-the-middle attack.
D Infect the guest OSes with spyware.
A
Which action should be avoided when collecting evidence of a cybercrime?
A Taking photographs of information displayed on screen
B Rebooting the suspect's computer
C Removing power from a storage device
D Preserving contents of RAM
B
Why is it important to perform a physical security assessment after a fire, chemical release, or bomb false alarm?
A The assessment might reveal the identity of the perpetrator.
B The event could have been triggered as a distraction to alter physical security mechanisms.
C It gives your organization the opportunity to further train your personnel.
D It is a legal requirement to do so after emergency response personnel have been contacted.
B
How can operational controls be used to improve security compliance?
A Track activities with auditing and review the audit logs.
B Implement encryption and multifactor authentication.
C Set procedures for work tasks and provide training.
D Require M-of-N controls and place administrators into compartmented areas.
C
To avoid downtime and the need to trigger a business continuity plan (BCP), what preventative technique can be used to avoid single points of failure?
A Thorough security policy
B Performance monitoring
C Redundancy
D Update repair documentation
C
How is accountability typically enforced?
A With smart cards
B Through the use of asymmetric encryption
C By checking the hash of all files accessed by a user account
D Through AAA services
D
In what phase of incident response are new countermeasures implemented?
A Containment
B Detection
C Recovery
D Eradication
C
How can a vulnerability be reduced or eliminated?
A By improving the asset
B Through monitoring
C By crafting a response strategy
D Through delegation
A
Which security service or benefit is NOT provided by a digital signature?
A Non-repudiation
B Confidentiality
C Integrity
D Authentication
B
Which routing protocol makes routing and forwarding decisions based on a metric derived from the number of other routes that than must be crossed to reach a destination?
A OSPF
B BGP
C ISIS
D RIP
D
What is a means to ensure that endpoint devices can interact with the Internet while minimizing risk of system compromise?
A Only use encrypted communication protocols.
B Use strong authentication.
C Use a virtualized OS.
D Implement a weekly backup.
C
Performing essential business processes in a cloud solution is an attractive concept for many organizations. What needs to be crafted and reviewed carefully to ensure that a cloud service provides the necessarily level of service and security demanded by your organization and which is legally enforceable?
A SLA
B MOU
C AUP
D CPS
A
How is non-repudiation often implemented?
A Hash calculations
B Baselining of security configurations
C Digital signatures
D M-of-N control
C
What is the logical network topology of Ethernet when deployed in a physical star wiring layout?
A Bus
B Ring
C Mesh
D Star
A
Why is a security impact assessment performed as part of a change management process?
A To find out if sufficient funds have been allocated to the security function
B To review the level of security against the efforts involved in testing change
C To determine the likelihood of downtime or security reduction caused by a potential change
D To assess compliance with regulations
C
Your company is partnering with Verigon to produce a new suite of services for the financial industry. To create and support these new services, both organizations will need to share content and perform collaborative work. The new services are to be offered only to pre-selected and invited clients, rather than being sold openly. How can this new service be configured without significantly increasing the risk to either company's private networks?
A Set up the new service in an extranet and provide VPN credentials to Verigon and invited clients.
B Host the new service in a public SaaS cloud.
C Create a DMZ to host the service, and provide company interaction.
D Configure the service on an internal server, and configure port forwarding.
A
What is a security procedure?
A Specific criteria that must be met by implementation
B Minimum hardware and software requirements
C Detailed steps for performing specific tasks
D Suggested practices
C
Which of the following is the best example of a threat agent?
A A poor configuration in the authentication system
B A zero-day attack
C A flaw in the source code of a firewall
D A disgruntled employee
D
Which security rule should be implemented to minimize risk of malware infection of endpoint systems?
A Configure a software firewall.
B Disable the use of USB storage devices.
C Encrypt all file storage.
D Audit user activity.
B
What version of AES is used by WPA-2?
A DHCP
B TLS
C RSA
D CCMP
D
Which of the following is an example of a single-factor authentication being used to gain access to a computer system?
A Using a username and a 16-character password
B Using a smart card and entering a secret password
C Using an RSA SecureID token device and entering a private code
D Using a biometric scan of a fingerprint and entering a PIN
A
In addition to having at least one year of relevant experience in a domain of SSCP, what is another requirement to be qualified to take the SSCP exam?
A Agreeing to abide by the (ISC)2 Code Of Ethics
B Employment in a security position for three years
C Earning a minimum of $75,000 per year in a security career
D Having a four-year college degree in information technology or computer science
A
When is a search warrant required?
A When evidence is in the possession of an authority that is willing to give consent
B When evidence is collected in connection with a lawful arrest
C When evidence is located within a private location
D When evidence is in plain sight of a law enforcement officer
C
How is role-based access control implemented?
A Through the use of time restrictions
B By assigning a job name label to subjects
C On the basis of ACLs
D By assigning sensitivity labels to all objects
B
Why should escalation requirements be considered as part of an incident response strategy?
A Because all exploits take advantage of software flaws
B Because some hackers are smarter than others
C Because not all violations represent the same threat to an organization
D Because some countermeasures are more expensive than others
C
How does a change management system ensure that updates to software do not cause unexpected downtime or reduction of security?
A By scheduling changes to be implemented over a weekend
B By aggregating updates from multiple vendors to be applied simultaneously
C By only rolling out updates on the third Thursday of each month
D By testing patches thoroughly before deployment
D
What is the technology that enables a user to authenticate to a company network from their assigned workstation and then be able to interact with resources throughout the private network without needing to enter additional credentials?
A Single sign-on
B CHAP
C Multifactor authentication
D AAA services
A
Which of the following types of activities is NOT commonly performed in preparation for a security assessment?
A Apply patches.
B Analyze the change management procedures.
C Review the security policies.
D Collect host configuration documentation.
A
How does IPSec verify that data arrived at the destination without intentional or accidental corruption?
A By using a randomized hashing operation
B With the use of a compression technology
C By exchanging symmetric keys
D Through the use of public key encryption
A
You are working hard to complete a major project before the deadline, which is next Monday. Three days before the deadline, you discover that the final task of the project requires a specific software product which you do not have.
After searching for a version to purchase either from a local store or over the Internet, you discover that there are no copies of the software available for immediate access and use. The only version you can locate for purchase is through an overseas retailer. However, even with expedited shipping, it will not arrive until next Wednesday.
During your search, you notice that there is a pirated copy available for download available immediately. How should you handle this situation according to (ISC)2 guidance?
A Install the pirated version in a virtual machine, and destroy the evidence once the project is complete.
B Use the pirated version, but go ahead and purchase the legitimate version.
C Use the pirated version.
D Purchase the legitimate product, and ask for a deadline extension.
D
Note 
Flashcards (24)