Adobe certification Adobe
Apple certification Apple
Avaya certification Avaya
Business Objects certification Business Objects
Check Point certification Check Point
Cisco certification Cisco
Citrix certification Citrix
CIW certification CIW
Cognos certification Cognos
CompTIA certification CompTIA
CWNP certification CWNP
ECCouncil certification EC-Council
EMC certification EMC
Exam Express certification Exam Express
Exin certification Exin
F5 Networks certification F5 Networks
FileMaker certification FileMaker
Hitachi certification Hitachi
HP certification HP
Hyperion certification Hyperion
IBM certification IBM
Isaca certification Isaca
ISC certification ISC
ISEB certification ISEB
Juniper certification Juniper
Lotus certification Lotus
LPI certification LPI
McData certification McData
Microsoft certification Microsoft
Mile2 certification Mile2
MySQL certification MySQL
Network Appliance certification Network Appliance
Network General certification Network General
Nortel certification Nortel
Novell certification Novell
OMG certification OMG
Oracle certification Oracle
PMI certification PMI
SAIR certification SAIR
SAS Institute certification SAS Institute
SNIA certification SNIA
Sun certification Sun
Sybase certification Sybase
Symantec certification Symantec
Teradata certification Teradata
Tibco certification Tibco
VMware certification VMware
All Exams

ISC SSCP Exam - OKExam.com

Free SSCP Sample Questions:

NO 1:
DES - Data Encryption standard has a 128 bit key and is very difficult to break.

A. True
B. False

Answer: B

NO 2:
What is the main difference between computer abuse and computer crime?

A. Amount of damage
B. Intentions of the perpetrator
C. Method of compromise
D. Abuse - company insider; crime = company outsider

Answer: B

NO 3:
A standardized list of the most common security weaknesses and exploits is the ______.

A. SANS Top 10
B. CSI/FBI Computer Crime Study
C. CVE - Common Vulnerabilities and Exposures
D. CERT Top 10

Answer: C

NO 4:
A salami attack refers to what type of activity?

A. Embedding or hiding data inside of a legitimate communication - a picture, etc.
B. Hijacking a session and stealing passwords
C. Committing computer crimes in such small doses that they almost go unnoticed
D. Setting a program to attack a website at 11:59 am on New Year's Eve

Answer: C

NO 5:
Multi-partite viruses perform which functions?

A. Infect multiple partitions
B. Infect multiple boot sectors
C. Infect numerous workstations
D. Combine both boot and file virus behavior

Answer: D

NO 6:
What security principle is based on the division of job responsibilities - designed to prevent fraud?

A. Mandatory Access Control
B. Separation of Duties
C. Information Systems Auditing
D. Concept of Least Privilege

Answer: B

NO 7:
______ is the authoritative entity which lists port assignments

A. IANA
B. ISSA
C. Network Solutions
D. Register.com
E. InterNIC

Answer: A

NO 8:
Cable modems are less secure than DSL connections because cable modems are shared with other subscribers?

A. True
B. False

Answer: B

NO 9:
______ is a file system that was poorly designed and has numerous security flaws.

A. NTS
B. RPC
C. TCP
D. NFS
E. None of the above

Answer: D

NO 10:

Trend Analysis involves analyzing historical ______ files in order to look for patterns of abuse or misuse.

Answer: Log files

NO 11:
HTTP, FTP, SMTP reside at which layer of the OSI model?

A. Layer 1 - Physical
B. Layer 3 - Network
C. Layer 4 - Transport
D. Layer 7 - Application
E. Layer 2 - Data Link

Answer: D

NO 12:
Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?

A. Layer 7 - Application Layer
B. Layers 2, 3, & 4 - Data Link, Network, and Transport Layers
C. Layer 3 - Network Layer
D. Layers 5, 6, & 7 - Session, Presentation, and Application Layers

Answer: D

NO 13:
A Security Reference Monitor relates to which DoD security standard?

A. LC3
B. C2
C. D1
D. L2TP
E. None of the items listed

Answer: B

NO 14:
The ability to identify and audit a user and his / her actions is known as ______.

A. Journaling
B. Auditing
C. Accessibility
D. Accountability
E. Forensics

Answer: D

NO 15:
There are 5 classes of IP addresses available, but only 3 classes are in common use today, identify the three: (Choose three)

A. Class A: 1-126
B. Class B: 128-191
C. Class C: 192-223
D. Class D: 224-255
E. Class E: 0.0.0.0 - 127.0.0.1

Answer: A, B, C

NO 16:
The ultimate goal of a computer forensics specialist is to ______.

A. Testify in court as an expert witness
B. Preserve electronic evidence and protect it from any alteration
C. Protect the company's reputation
D. Investigate the computer crime

Answer: B

NO 17:
One method that can reduce exposure to malicious code is to run applications as generic accounts with little or no privileges.

A. True
B. False

Answer: A

NO 18:
______ is a major component of an overall risk management program.

Answer: Risk assessment

NO 19:
An attempt to break an encryption algorithm is called ______.

Answer: Cryptanalysis

NO 20:
The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?

A. Spoofing
B. Hijacking
C. Man In The Middle
D. Social Engineering
E. Distributed Denial of Service (DDoS)

Answer: C

NO 21:
If Big Texastelephone company suddenly started billing you for caller ID and call forwarding without your permission, this practice is referred to as ______.

Answer: Cramming

NO 22:
When an employee leaves the company, their network access account should be ______?

Answer: Disable

NO 23:
Passwords should be changed every ______ days at a minimum.
90 days is the recommended minimum, but some resources will tell you that 30-60 days is ideal.

Answer: 90

NO 24:
IKE - Internet Key Exchange is often used in conjunction with what security standard?

A. SSL
B. OPSEC
C. IPSEC
D. Kerberos
E. All of the above

Answer: C

NO 25:
Wiretapping is an example of a passive network attack?

A. True
B. False

Answer: A

NO 26:
What are some of the major differences of Qualitative vs. Quantitative methods of performing risk analysis? (Choose all that apply)

A. Quantitative analysis uses numeric values
B. Qualitative analysis uses numeric values
C. Quantitative analysis is more time consuming
D. Qualitative analysis is more time consuming
E. Quantitative analysis is based on Annualized Loss Expectancy (ALE) formulas
F. Qualitative analysis is based on Annualized Loss Expectancy (ALE) formulas

Answer: A, C, E

NO 27:
Which of the concepts best describes Availability in relation to computer resources?

A. Users can gain access to any resource upon request (assuming they have proper permissions)
B. Users can make authorized changes to data
C. Users can be assured that the data content has not been altered
D. None of the concepts describes Availability properly

Answer: A

NO 28:
Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?

A. MAC
B. L2TP
C. SSL
D. HTTP
E. Ethernet

Answer: E

NO 29:
Instructions or code that executes on an end user's machine from a web browser is known
as ______ code.

A. Active X
B. JavaScript
C. Malware
D. Windows Scripting
E. Mobile

Answer: E

NO 30:
Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?

A. Authorization
B. Authentication
C. Kerberos
D. Mandatory Access Control

Answer: B