Ensuring Secure Software Updates and Incident Response, Exams of Securities Regulation

Various security concepts and best practices related to software updates, incident response, and access control. It covers topics such as change management, vulnerability mitigation, encryption, authentication, and network security. Answers to several questions on these security-related topics, highlighting the importance of maintaining security while implementing changes and updates to an organization's it infrastructure. The information presented could be useful for understanding how to effectively manage software updates, respond to security incidents, and implement appropriate access control mechanisms to protect against unauthorized access and data breaches.

Typology: Exams

2024/2025

Available from 10/22/2024

premium-essay
premium-essay 🇺🇸

5

(2)

1.4K documents

1 / 20

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
SSCP PRACTICE TEST QUESTIONS WITH
VERIFIED ANSWERS NEW LATEST VERSION
2024-2025 BEST STUDYING MATERIAL.
When is a search warrant required?
- ANSWER When evidence is located within a private location
How is a digital certificate created?
- ANSWER A subject's public key is signed by a CA's private key.
What is the bit-length, hash-digest output of the SHA-1 hashing algorithm?
- ANSWER 160
How does a change management system ensure that updates to software do not cause
unexpected downtime or reduction of security?
- ANSWER By testing patches thoroughly before deployment
What is the primary concern for any situation involving the triggering of a disaster
recovery plan (DRP)?
- ANSWER Preservation of human life
Which malicious activity countermeasure is most effective at removing vulnerable
elements from an organization's IT infrastructure?
- ANSWER Patch management
Which of the following types of activities is NOT commonly performed in preparation for
a security assessment?
- ANSWER Apply patches.
When should security be implemented or included in the asset life cycle? - ANSWER As
early as possible
What is the purpose or benefit of an after-action report in an incident response strategy?
- ANSWER To learn from events in order to improve future incident handling
To avoid downtime and the need to trigger a business continuity plan (BCP), what
preventative technique can be used to avoid single points of failure?
- ANSWER Redundancy
How can skilled IT workers evaluate new software without exposing their systems to
infection or malware compromise?
- ANSWER Test using a sandbox.
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14

Partial preview of the text

Download Ensuring Secure Software Updates and Incident Response and more Exams Securities Regulation in PDF only on Docsity!

SSCP PRACTICE TEST QUESTIONS WITH

VERIFIED ANSWERS NEW LATEST VERSION

2024 - 2025 BEST STUDYING MATERIAL.

When is a search warrant required?

  • ANSWER When evidence is located within a private location How is a digital certificate created?
  • ANSWER A subject's public key is signed by a CA's private key. What is the bit-length, hash-digest output of the SHA-1 hashing algorithm?
  • ANSWER 160 How does a change management system ensure that updates to software do not cause unexpected downtime or reduction of security?
  • ANSWER By testing patches thoroughly before deployment What is the primary concern for any situation involving the triggering of a disaster recovery plan (DRP)?
  • ANSWER Preservation of human life Which malicious activity countermeasure is most effective at removing vulnerable elements from an organization's IT infrastructure?
  • ANSWER Patch management Which of the following types of activities is NOT commonly performed in preparation for a security assessment?
  • ANSWER Apply patches. When should security be implemented or included in the asset life cycle? - ANSWER As early as possible What is the purpose or benefit of an after-action report in an incident response strategy?
  • ANSWER To learn from events in order to improve future incident handling To avoid downtime and the need to trigger a business continuity plan (BCP), what preventative technique can be used to avoid single points of failure?
  • ANSWER Redundancy How can skilled IT workers evaluate new software without exposing their systems to infection or malware compromise?
  • ANSWER Test using a sandbox.

What is the most appropriate use of IPSec? - ANSWER Data transmission protection Which wireless configuration protocol can use either RC4 or TKIP for communication encryption?

  • ANSWER WPA Why is it important to perform a physical security assessment after a fire, chemical release, or bomb false alarm?
    • ANSWER The event could have been triggered as a distraction to alter physical security mechanisms. What type of event is more likely to trigger the business continuity plan (BCP) rather than the disaster recovery plan (DRP)?
    • ANSWER A security breach of an administrator account Why is change control and management used as a component of software asset management?
    • ANSWER To prevent or reduce unintended reduction in security How can a user be given the power to set privileges on an object for other users when within a DAC operating system?
  • ANSWER Grant the user full control over the object. Which term refers to the virtualization of networking which grants more control and flexibility over networking than using the traditional hardware-only means of network management?
    • ANSWER Software-defined network What is the activity called where hackers travel around an area in search for wireless network signals?
  • ANSWER War driving Selecting a cloud provider can be a challenge. Often, it is not possible to determine whether a provider's services are sufficient for your needs until you have started using its service. If you determine that an initial cloud system is insufficient and you need to move your data and custom code to a different cloud provider, what is needed as a feature of the initial cloud provider that did not work out for you? - ANSWER Data portability What is a benefit of a host-based firewall?
    • ANSWER Block attacks originating from the local network. What is the primary method of authentication used in a typical PKI deployment? - ANSWER Digital certificates

What is the purpose of a Security Information and Event Management (SIEM) product?

  • ANSWER To provide real-time logging and analysis of security events What version of AES is used by WPA-2? - ANSWER CCMP Which routing protocol makes routing and forwarding decisions based on a metric derived from the number of other routes than must be crossed to reach a destination? - ANSWER RIP How does IPSec verify that data arrived at the destination without intentional or accidental corruption?
    • ANSWER By using a randomized hashing operation How is quantitative risk analysis performed? - ANSWER Using calculations Your company adopts a new end-user security awareness program. This training includes malware introduction, social media issues, password guidelines, data exposure, and lost devices. How often should end users receive this training? - ANSWER upon new hire and once a year thereafter Your organization experienced an impersonation attack recently that compromised the network administrator's user account. In response, new security measures are being implemented throughout the organization. You have been assigned the task of improving authentication. You want a new authentication system that ensures the following: Eavesdropped passwords cannot be used by an attacker. Passwords are only able to be used once. Password predication must be prevented. Passwords are only valid for a short period of time. How can you accomplish these goals?
    • ANSWER Implement a synchronized, one-time password token-based authentication system. How can a user be assured that a file downloaded from a vendor's Web site is free from malicious code?
  • ANSWER Check the file's signature and hash calculation. Why do many security monitoring systems produce a visualization of the collected results?
    • ANSWER It represents complex or bulky data in an easy to understand format. What is the name of a cryptographic attack based on a database of pre-computed hash values and the original plaintext values? - ANSWER Rainbow table attack In addition to having at least one year of relevant experience in a domain of SSCP, what is another requirement to be qualified to take the SSCP exam?
  • ANSWER Agreeing to abide by the (ISC)2 Code Of Ethics What is the definition of the principle of least privilege? - ANSWER Users are assigned minimal privileges sufficient to accomplish job responsibilities. A common attack against converged network communications is eavesdropping. How can this attack be prevented?
    • ANSWER Use a VPN. What is the term used to describe an entry in a database describing a violation or exploit which is used to match real-time events in order to detect and record attacks by the continuous monitoring solution?
    • ANSWER Signature What would the most successful means of attacking an environment relying upon guest OSes that would result in the destruction or loss of use of the guest OSes be? - ANSWER Compromise the host OS. What is the technology that enables a user to authenticate to a company network from their assigned workstation and then be able to interact with resources throughout the private network without needing to enter additional credentials? - ANSWER Single sign- on What is a means to ensure that endpoint devices can interact with the Internet while minimizing risk of system compromise?
  • ANSWER Use a virtualized OS. When designing end-user training to teach employees about using cryptography within business tasks, which of the following is an important element to include? - ANSWER The consequences of failing to encrypt Which of the following is not considered an example of a non-discretionary access control system?
    • ANSWER ACL John works in an organization. He is trying to insert a password to log in his account on the organization's login website. Which of the following best describes the use of passwords for access control?
  • ANSWER Authentication What virtual environment tool allows for testing and experimentation within a guest OS while providing a means to roll-back to a previous stable state in just seconds? - ANSWER Snapshots What is the cost benefit equation?
    • ANSWER [ALE1 - ALE2] - CCM

What special component on a motherboard can be used to securely store the encryption key for whole drive encryption? - ANSWER TPM How are alterations to mission critical servers approved before implementation when a change management process is involved? - ANSWER By being assessed by a Change Control Board Which type of secure implementation of client devices has brought back a concept from the mainframe era where systems on a worker's desk have minimal storage and computational capacity? - ANSWER Thin clients What type of access control is typically the first line of defense? - ANSWER Physical What is the main distinction between an incident response plan and a disaster response plan? - ANSWER What is the main distinction between an incident response plan and a disaster response plan? You are working hard to complete a major project before the deadline, which is next Monday. Three days before the deadline, you discover that the final task of the project requires a specific software product which you do not have. After searching for a version to purchase either from a local store or over the Internet, you discover that there are no copies of the software available for immediate access and use. The only version you can locate for purchase is through an overseas retailer. However, even with expedited shipping, it will not arrive until next Wednesday. During your search, you notice that there is a pirated copy available for download available immediately. How should you handle this situation according to (ISC) guidance? - ANSWER Purchase the legitimate product, and ask for a deadline extension. Which security service or benefit is NOT provided by a digital signature? - ANSWER Confidentiality How can multiple distinct physical network topologies be combined into a single network structure? - ANSWER Deploy a tree topology. Which type of network segment is created by a switch, but requires a routing function to be present to interact between network segments? - ANSWER VLAN Which action should be avoided when collecting evidence of a cybercrime? - ANSWER Rebooting the suspect's computer Which of the following is NOT a means to implement a Denial of Service (DoS) attack? - ANSWER Send dozens of email solicitation messages to an organization.

Why are the audit findings presented to senior management? - ANSWER Only with approval can a response plan be implemented. What is the name of the process used to replace an old asymmetric key pair set with a new key pair set? - ANSWER Key rotation Which procedure is NOT a valid mechanism for performing account proofing when users are attempting to log into their account? - ANSWER Have the user type in the username and password a second time. Which type of cloud deployment involves several businesses working together to create a cloud system which they can each use? - ANSWER Community How does salting passwords reduce the likelihood that a password cracking attack will be successful? - ANSWER It increases the work load required to become successful. How can account provisioning be configured so that the assignment of rights and privileges is nearly automatic once the account is created? - ANSWER Use an RBAC mechanism where a new user's role is set by an HR admin. If an organization is able to process credit card transactions because they have entered into an arrangement to comply with the Payment Card Industry Data Security Standard (PCI-DSS), how is this arrangement integrated into the organization's incident handling scheme? - ANSWER Contractual obligations are included in the Standards policy. Which of the following is the best example of a threat agent? - ANSWER A disgruntled employee Remote control malware was found on a client device, and an unknown attacker was manipulating the network from afar. The attack resulted in the network switches reverting to flooding mode, thereby enabling the attacker to eavesdrop on a significant portion of network communications. After reviewing IDS and traffic logs, you determine that this was accomplished by an attack utility which generated a constant Ethernet frames with random source MAC addresses. What can be done to prevent this attack from occurring in the future? - ANSWER Use MAC limiting on the switch ports. An IT security manager is struggling to keep the organization's computers in working order. He is testing updates and configuring them to be installed onto systems and making tweaks to the configuration settings to various systems as business tasks require. However, he often discovers systems which do not have the necessary updates or which are using out-of-date settings. This may be caused by systems being disconnected from the company network when taken into the field or when used for special offline projects.

How does hardware asset management affect security? - ANSWER By reducing the likelihood of hardware-focused attacks Why should forensic investigators give collection priority to the most volatile evidence? - ANSWER Volatile evidence has the highest risk of being lost or changes due to the passing of time What form of alternate processing site may allow for testing prior to a disaster without significant expense or hassle and can be used to support organizations with needs for on-site space for workers and housing of equipment? - ANSWER Warm site What is the best means to restore the most current form of data when a backup strategy is based on starting each week off with a full backup followed by a daily differential? - ANSWER Restore the initial week's full backup and then the last differential backup before the failure. What is user entitlement? - ANSWER The rights and privileges assigned to a user Which item within an organization makes the determination as to which attributes of a subject or object determine whether access is granted or denied? - ANSWER Authorization policy What is the condition of an IDS security assessment reporting that an event of concern has taken place, but when later analyzed it is determined that the event was benign and should not have caused an IDS alert? - ANSWER False positive You are starting a new website. You want to quickly allow users to begin using your site without having the hassle of creating a new user account. You set up a one-way trust federated access link from your website to the three major social networks. Why should you use a one-way trust in this configuration rather than a two-way trust in this scenario? - ANSWER A one-way trust allows your website to trust the user accounts of the social networks without requiring the social networks to trust your website. How does a Trojan horse get past security mechanisms to harm a victim? - ANSWER By seeming to be a benign item How can a vulnerability be reduced or eliminated? - ANSWER By improving the asset Which of the following is a symmetric algorithm? - ANSWER AES Which of the following actions will have the LEAST benefit in relation to securing a wireless network? - ANSWER Disabling DHCP

What is the term used to describe the risk management strategy of an organization altering a business task to work around a specific event or activity in order to prevent compromise? - ANSWER Avoidance What is the primary benefit of a security camera for physical security? - ANSWER Detective What is the logical network topology of Ethernet when deployed in a physical star wiring layout? - ANSWER Bus According to the TCP/IP model, at which layer does the establishment and management of a communication link between end-points take place? - ANSWER Host- to-host WAN optimization is the collection of technologies used to maximize efficiency of network communications across long distance links. WAN optimization can include data deduplication, compression, and what other technology? - ANSWER Traffic shaping How can files be easily exchanged between systems whether local or remote, when various operating systems are involved, and when all systems support the TCP/IP protocol stack? - ANSWER FTP What is the term used to refer to an activity, occurrence, or event which could cause damage or harm to an organization? - ANSWER Incident Which of the following clearance levels or classification labels is not generally used in a government- or military-based MAC scheme? - ANSWER Proprietary What is a security procedure? - ANSWER Detailed steps for performing specific tasks Your organization is using Kerberos for private network authentication. How does Kerberos demonstrate to a resource host that the identity of a user is valid? - ANSWER An ST is issued to the user, which is then sent to the resource host. What is the purpose of sharing threat intelligence? - ANSWER Equip other organizations to handle a looming security concern. Which of the following should be included in every policy that states possible penalties or restrictions for individuals? - An enforcement statement Which converged network communications concept includes support for real-time chat, video conferencing, voice and video mail, and file exchange? - VoIP What type of network deployment is the most fault tolerant? - Mesh

When an organization has a properly implemented enterprise risk management (ERM), what is the tool used to list and categorize each discovered or encountered risk? - Risk register What is the only viable method a determined attacker can attempt to compromise an encrypted file, assuming a publicly available cryptography standard was used? - Brute force guess the key What is the certificate standard used by PKI? - X.509 v How is account provisioning commonly accomplished? - Create user groups based on assigned company department or job responsibility. Which level of risk is associated with repeated attempts from a remote unknown entity to guess a user's password which result in the account being locked? - Elevated Which option is not a commonly accepted definition for a script kiddie? - A highly skilled attacker Prior to analysis, data should be copied from a hard disk utilizing which of the following?

  • Bit-by-bit copy software If an organization experiences a disaster level event that damages its ability to perform mission critical operations, what form of emergency response plan will provide a reliable means to ensure the least amount of downtime? - Multi-site What is the fourth layer of the OSI model? - Transport Which of the following best describes converged network communications? - Transmission of voice and media files over a network When implementing LAN-based security like traffic management in a software-defined network, where are decisions about where traffic is to be sent made? - Control plane What is the legal process by which law enforcement officials, including attorneys, can make formal requests to obtain digital information in relation to a legal action, investigation, or court proceeding? - eDiscovery Which of the following choices is the most accurate description of a countermeasure? - Controls put in place as a result of a risk analysis What is the most important consideration in regards to communicating findings from a security monitoring system? - Speed of presentation Which of the following is the least effective means to share files between multiple guest OSes? - USB drive

Which term refers to the security concept that proves a specific individual performed a task and prevents that individual from being able to claim that they did not perform that task? - Non-repudiation The disaster recovery plan (DRP) is used to guide the re-creation of mission critical processes in the event of a disaster. Which of the following is a key element that is required as part of restoration planning to ensure that the most current version of the IT infrastructure is restored? - Updated configuration documentation A disaster recovery plan (DRP) should focus on restoring mission critical services. Part of the DRP is to ensure that recent data is available for processing once mission critical services are restored. How is data loss addressed in DRP? - Through understanding the RPO Which of the following media access methods features a node broadcasting a tone prior to transmitting? - CSMA/CA When a client is located behind a firewall that does not allow inbound initiated contact, which of the following will need to be used to support file transfer? - Passive FTP What form of monitoring involves the injection of packets into communications in order to measure performance of various elements in the network? - Active monitoring Many Web sites use a digital certificate to prove their identity to visitors. Why is the use of digital certificates considered a reliable form of authentication? - It is a form of trusted third-party authentication. Which option is not a cloud deployment model? - Corporate cloud How is an incident response strategy triggered? - By an event Which of the following would best describe the purpose of a trusted platform module? - A dedicated microprocessor that offloads cryptographic processing from the CPU while storing cryptographic keys For optimal signal quality, which of the following is correct concerning wireless antenna placement? - Place the antenna as high as possible in the center of the service area. Which answer is most accurate regarding a wireless intrusion prevention system? - Rogue access points are detected. Which of the following best describes a security policy? - Completely aligns with the mission, objectives, culture, and nature of the business Where should backups be stored? - Onsite and offsite

The threat evaluation process performed when designing a business continuity plan (BCP) or disaster recovery plan (DRP) evaluates risk in light of work process and is similar in nature to the technique used when designing security policies. What is this threat evaluation process called? - Business impact analysis Why is account or identity proofing necessary? - It verifies that only the authorized person is able to use a specific user account. How is a baseline used in compliance management? - By comparing the current configuration of a system with the required configuration Which of the following offers the highest bandwidth and fiber-optic transmissions? - Single-mode What type of technical control can be used in the process of assessing compliance? - Auditing What form of social engineering tricks a victim into contacting the attacker to ask for technical support? - Reverse social engineering What is the term used to describe the process of a certificate authority extending the expiration date of a digital certificate? - Renewal Which malware attempts to embed itself deeply into a system in order to hide itself and other items, such as files, folders, or even executable processes? - Rootkit Which cryptography concept is based on trap-door, one-way functions? - Asymmetric Which of the following options best describes the concept of hiding information in plain sight? - Steganography What is the name of a physical security mechanism that is used to eliminate piggybacking and tailgating and includes two locked doorways? - Mantrap Which type of network device is used to create a virtual local area network? - A switch What standards-based technology is supported on most platforms and is used as a remote authentication service? - RADIUS Which choice is not a common means of gathering information when performing a risk analysis? - Interviewing fired employees Which term is used to describe the role of the person who takes physical control of a crime scene in order to preserve evidence and prevent tampering before the full forensics team arrives? - First responder

Which of the following is the third canon of the (ISC)2 Code of Ethics? - Provide competent and diligent service Which term is used when limiting the amount of network traffic a specific protocol or application is allowed to generate or consume, with the goal of keeping the remainder of the network's capacity free for other communications? - Bandwidth throttling What is a service pack? - An executable program that loads a number of fixes and system upgrades Which technique best describes a one-to-one search to verify an individual's claim of identity? - Authentication In which of the following attacks does an attacker use a previously unknown attack technique or exploit a previously unknown vulnerability? - Zero-day attack Which disaster recovery/emergency management plan testing type is considered the most cost-effective and efficient way to identify areas of overlap in the plan before conducting a more demanding training exercise? - Structured walk-through test Which term is used when an event triggers an IDS alert, but the event was not malicious? - False positive Which statement most accurately describes a virus? - It requires an outside action in order to replicate. Properly managing user accounts is an essential element in maintaining security. How should the process of identity management be implemented? - Policies and procedures

  • privileged accounts have significant access capability; define the parameters of use with authorized use policies, nondisclosure agreements, and confidentiality agreements to reduce risk. Which of the following best describes a disaster recovery plan? - Documents procedures to restore equipment and facilities to the condition they were in prior to the disaster Which item is not part of the primary security categories? - Encryption Which of the following is the most correct in a digitally signed message transmission using a hash function? - The sender's private key encrypts the hash. Which of the following is the most likely to attack using an advanced persistent threat? - Nation state

Upon arriving at an incident scene, the incident response team should do which of the following? - Follow the procedures specified in the incident response plan. How can an equivalent to RBAC be implemented in a DAC operating system? - Create groups with the names of jobs, assign privileges to the groups, and place users into named groups. Which of the following is a poor choice for secure password management? - Use the default password. What is a primary goal of security in an organization? - Enforce and maintain the AIC objectives If subjects receive a clearance, what do objects receive? - Classification Your company has recently acquired a small startup company, Metroil. Metroil has a single Microsoft Active Directory domain named Metroil-HQ. Your company has three existing domains: BaseStar1, RemoteOf2, and RemoteOf3. Your company's three existing domains are configured in a standard domain tree, with BaseStar1 linked to RemoteOf2, which is then linked to RemoteOf3. How can users from Metroil be able to access resources in BaseStar1 with the least amount of network reconfiguration? - Establish a trust between RemoteOf3 and Metroil-HQ. How is a backup strategy tested to verify that it is a viable tool for recovery after a disaster? - Restore files from backup media. An Acceptable Use Policy (AUP) is what type of control? - Administrative What is the main advantage of using a qualitative impact analysis over a quantitative impact analysis? - A qualitative impact analysis identifies areas that require immediate improvement Which of the following is the most accurate statement? - The European Union's General Data Protection Regulation provides a single set of rules for all member states. Under which condition should a security practitioner of your organization sit out of a security audit? - When an outside consultant is evaluating compliance What channel is defined as part of the original IEEE 802.11 in the 2.4 GHz range and is restricted from use within the United States? - 14 Access control is best described as which of the following? - The use of identification and authorization techniques What is the type of access control in the default access control method found in Microsoft Windows which allows users to share files? - Discretionary access control

Many businesses craft an ethical guidance policy as part of their overall security policy. In the event that there is a conflict between your employer's ethical policy and your own personal ethical views, how should you handle this conflict? - Discuss the issue internally with your manager and IT security administrator. You must select the biometric devices to add multifactor authentication to the company's workstations. Every user will be required to use a biometric as an element in his authentication process to gain access to the company's IT resources. How can you determine which device will provide your organization with the most accurate results? - Select the device with the lowest CER. Proper security administration policies, controls, and procedures enforce which of the following? - The AIC objectives What is the goal of event data analysis? - Interpret collected events, and take appropriate action. How does hashing detect integrity violations? - A before and after hash value is compared. Which concept or technology can be used to improve the security of password hashes?

  • Salting before crafting the hash digest How many accounts should a typical administrative user have and why? - Two accounts: one for general tasks and one for special privileged tasks Continuous monitoring is best defined by which of the following? - A method of monitoring that is used to detect risk issues within an organization How does discretionary access control determine whether a subject has valid permission to access an object? - Check for the user identity in the object's ACL. What is the term used to describe a relationship between two entities where resources from either side can be accessed by users from either side? - Two-way trust