Sunteți pe pagina 1din 6

TestingEngine

http://www.test4engine.com
Test4Engine test dumps questions | free test engine latest version
Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

Exam : SSCP

Title : System Security Certified


Practitioner (SSCP)

Vendor : ISC

Version : DEMO

Get Latest & Valid SSCP Exam's Question and Answers1from Test4engine.com. 1
http://www.test4engine.com/sscp_exam-latest-braindumps.html
Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

NO.1 The type of discretionary access control (DAC) that is based on an individual's identity is also
called:
A. Identity-based Access control
B. Rule-based Access control
C. Non-Discretionary Access Control
D. Lattice-based Access control
Answer: A

NO.2 How many bits of a MAC address uniquely identify a vendor, as provided by the IEEE?
A. 6 bits
B. 12 bits
C. 16 bits
D. 24 bits
Answer: D

NO.3 Why would a memory dump be admissible as evidence in court?


A. Because it is used to demonstrate the truth of the contents.
B. Because it is used to identify the state of the system.
C. Because the state of the memory cannot be used as evidence.
D. Because of the exclusionary rule.
Answer: B

NO.4 A Security Kernel is defined as a strict implementation of a reference monitor mechanism


responsible for enforcing a security policy. To be secure, the kernel must meet three basic conditions,
what are they?
A. Confidentiality, Integrity, and Availability
B. Policy, mechanism, and assurance
C. Isolation, layering, and abstraction
D. Completeness, Isolation, and Verifiability
Answer: D

NO.5 What is the main difference between a Smurf and a Fraggle attack?
A. A Smurf attack is ICMP-based and a Fraggle attack is UDP-based.
B. A Smurf attack is UDP-based and a Fraggle attack is TCP-based.
C. Smurf attack packets cannot be spoofed.
D. A Smurf attack is UDP-based and a Fraggle attack is ICMP-based.
Answer: A

NO.6 Which of the following statements pertaining to the Bell-LaPadula is TRUE if you are NOT
making use of the strong star property?
A. It allows "read up."
B. It addresses covert channels.
C. It addresses management of access controls.

Get Latest & Valid SSCP Exam's Question and Answers2from Test4engine.com. 2
http://www.test4engine.com/sscp_exam-latest-braindumps.html
Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

D. It allows "write up."


Answer: D

NO.7 Which of the following is the most secure form of triple-DES encryption?
A. DES-EDE3
B. DES-EDE1
C. DES-EEE4
D. DES-EDE2
Answer: A

NO.8 What is the name of the third party authority that vouches for the binding between the data
items in a digital certificate?
A. Registration authority
B. Certification authority
C. Issuing authority
D. Vouching authority
Answer: B
Explanation:
A certification authority (CA) is a third party entity that issues digital
certificates (especially X.509 certificates) and vouches for the binding between the data
items in a certificate. An issuing authority could be considered a correct answer, but not the
best answer, since it is too generic.
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.

NO.9 Which of the following is NOT a fundamental component of an alarm in an intrusion detection
system?
A. Communications
B. Enunciator
C. Sensor
D. Response
Answer: D

NO.10 Which of the following security modes of operation involves the highest risk?
A. Compartmented Security Mode
B. Multilevel Security Mode
C. System-High Security Mode
D. Dedicated Security Mode
Answer: B

NO.11 What is the RESULT of a hash algorithm being applied to a message ?


A. A digital signature
B. A ciphertext
C. A message digest

Get Latest & Valid SSCP Exam's Question and Answers3from Test4engine.com. 3
http://www.test4engine.com/sscp_exam-latest-braindumps.html
Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

D. A plaintext
Answer: C
Explanation:
As when a hash algorithm is applied on a message , it produces a message
digest.
The other answers are incorrect because :
A digital signature is a hash value that has been encrypted with a sender's private key.
A ciphertext is a message that appears to be unreadable.
A plaintext is a readable data.
Reference : Shon Harris , AIO v3 , Chapter-8 : Cryptography , Page : 593-594 , 640 , 648

NO.12 Network cabling comes in three flavors, they are:


A. twisted pair, coaxial, and fiber optic.
B. tagged pair, coaxial, and fiber optic.
C. trusted pair, coaxial, and fiber optic.
D. twisted pair, control, and fiber optic.
Answer: A

NO.13 Which one of the following factors is NOT one on which Authentication is based?
A. Type 1. Something you know, such as a PIN or password
B. Type 2. Something you have, such as an ATM card or smart card
C. Type 3. Something you are (based upon one or more intrinsic physical or behavioral traits), such as
a fingerprint or retina scan
D. Type 4. Something you are, such as a system administrator or security administrator
Answer: D
Explanation:
Authentication is based on the following three factor types:
Type 1. Something you know, such as a PIN or password
Type 2. Something you have, such as an ATM card or smart card
Type 3. Something you are (Unique physical characteristic), such as a fingerprint or retina scan
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 36.
Also: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne,
2002, chapter 4: Access Control (pages 132-133).

NO.14 Which of the following is NOT a symmetric key algorithm?


A. Blowfish
B. Digital Signature Standard (DSS)
C. Triple DES (3DES)
D. RC5
Answer: B

NO.15 The three classic ways of authenticating yourself to the computer security software are by

Get Latest & Valid SSCP Exam's Question and Answers4from Test4engine.com. 4
http://www.test4engine.com/sscp_exam-latest-braindumps.html
Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

something you know, by something you have, and by something:


A. you need.
B. non-trivial
C. you are.
D. you can get.
Answer: C
Explanation:
This is more commonly known as biometrics and is one of the most accurate ways to authenticate an
individual.
The rest of the answers are incorrect because they not one of the three recognized forms for
Authentication.

NO.16 Examples of types of physical access controls include all EXCEPT which of the following?
A. badges
B. locks
C. guards
D. passwords
Answer: D

NO.17 One purpose of a security awareness program is to modify:


A. employee's attitudes and behaviors towards enterprise's security posture
B. management's approach towards enterprise's security posture
C. attitudes of employees with sensitive data
D. corporate attitudes about safeguarding data
Answer: A

NO.18 When a biometric system is used, which error type deals with the possibility of GRANTING
access to impostors who should be REJECTED?
A. Type I error
B. Type II error
C. Type III error
D. Crossover error
Answer: B

Get Latest & Valid SSCP Exam's Question and Answers5from Test4engine.com. 5
http://www.test4engine.com/sscp_exam-latest-braindumps.html

S-ar putea să vă placă și