(ISC)2 SSCP PRACTICE TEST 1
QUESTIONS AND ANSWERS|| GRADED
A+|| LATEST UPDATE
What is a teardrop attack and what category of attack is it? -CORRECTANSWER A
teardrop attack is a type of Denial-of-Service (DoS) attack that exploits vulnerabilities in
the way operating systems handle fragmented packets
The hearsay rule -CORRECTANSWER The hearsay rule says that a witness cannot
testify about what someone else told them, except under specific exceptions.
Jim has been asked to individually identify devices that users are bringing to work as
part of a new BYOD policy. The devices will not be joined to a central management
system like Active Directory, but he still needs to uniquely identify the systems. Which of
the following options will provide Jim with the best means of reliably identifying each
unique device? -CORRECTANSWER Use device fingerprinting via a web-based
registration system.
Greg would like to implement application control technology in his organization. He
would like to limit users to installing only approved software on their systems. What type
of application control would be appropriate in this situation? -CORRECTANSWER
Whitelisting
,What is FAR and FRR? -CORRECTANSWER FAR (False Acceptance Rate) and FRR
(False Rejection Rate) are metrics used to evaluate the performance of biometric
security systems, such as fingerprint, facial recognition, and iris scanners. These
metrics help determine how accurately a biometric system distinguishes between
legitimate users and impostors.
What is CER and the ERR -CORRECTANSWER Crossover Error Rate (CER) / Equal
Error Rate (EER)
Definition: The CER, also known as the EER, is the point at which the False Acceptance
Rate (FAR) and the False Rejection Rate (FRR) are equal.
What is the difference between
A Discretionary account provisioning
B Workflow-based account provisioning
C Automated account provisioning
D Self-service account provisioning -CORRECTANSWER Example: A manager at a
company manually requests an account for a new employee by sending an email to the
IT department. The IT team then creates the account based on the manager's
instructions
,When a new employee joins a company, an automated HR system triggers a workflow
that sends an approval request to the employee's manager.
When a new employee's details are entered into the company's HR system, the system
automatically creates an account in the Active Directory and assigns the necessary
permissions based on the employee's role without any human intervention.
A new user signs up for a company's service through a web portal. They enter their
details, and the system automatically creates their account. The user can then
customize their account settings, choose additional services, and reset their password
without needing to contact support or IT staff.
Alex has been with the university he works at for more than 10 years. During that time,
he has been a system administrator and a database administrator, and he has worked
in the university's help desk. He is now a manager for the team that runs the university's
web applications.
He now has access to application servers, database servers, and AD workstations.
Since he now has access to all three, what is happening? -CORRECTANSWER
Privilege Creep
As Alex has changed roles, he retained access to systems that he no longer
administers. The provisioning system has provided rights to workstations and the
, application servers he manages, but he should not have access to the databases he no
longer administers.
What type of motion detector senses changes in the electromagnetic fields in monitored
areas? -CORRECTANSWER Capacitance
What is a Photoelectric sensor? -CORRECTANSWER A photoelectric sensor is a type
of sensor that uses a light beam (often infrared) to detect the presence, absence, or
distance of an object. These sensors work by emitting a light beam from a transmitter
and detecting the reflection or interruption of that beam with a receiver.
Don's company is considering the use of an object-based storage system where data is
placed in a vendor-managed storage environment through the use of API calls. What
type of cloud computing service is in use? -CORRECTANSWER In this scenario, the
vendor is providing object-based storage, a core infrastructure service. Therefore, this is
an example of infrastructure as a service (IaaS).
What is the minimum interval at which an organization should conduct business
continuity plan refresher training for those with specific business continuity roles? -
CORRECTANSWER Annual basis
What is Caas? -CORRECTANSWER CaaS stands for "Container as a Service." It's a
cloud service model that allows users to manage and deploy containers, which are
QUESTIONS AND ANSWERS|| GRADED
A+|| LATEST UPDATE
What is a teardrop attack and what category of attack is it? -CORRECTANSWER A
teardrop attack is a type of Denial-of-Service (DoS) attack that exploits vulnerabilities in
the way operating systems handle fragmented packets
The hearsay rule -CORRECTANSWER The hearsay rule says that a witness cannot
testify about what someone else told them, except under specific exceptions.
Jim has been asked to individually identify devices that users are bringing to work as
part of a new BYOD policy. The devices will not be joined to a central management
system like Active Directory, but he still needs to uniquely identify the systems. Which of
the following options will provide Jim with the best means of reliably identifying each
unique device? -CORRECTANSWER Use device fingerprinting via a web-based
registration system.
Greg would like to implement application control technology in his organization. He
would like to limit users to installing only approved software on their systems. What type
of application control would be appropriate in this situation? -CORRECTANSWER
Whitelisting
,What is FAR and FRR? -CORRECTANSWER FAR (False Acceptance Rate) and FRR
(False Rejection Rate) are metrics used to evaluate the performance of biometric
security systems, such as fingerprint, facial recognition, and iris scanners. These
metrics help determine how accurately a biometric system distinguishes between
legitimate users and impostors.
What is CER and the ERR -CORRECTANSWER Crossover Error Rate (CER) / Equal
Error Rate (EER)
Definition: The CER, also known as the EER, is the point at which the False Acceptance
Rate (FAR) and the False Rejection Rate (FRR) are equal.
What is the difference between
A Discretionary account provisioning
B Workflow-based account provisioning
C Automated account provisioning
D Self-service account provisioning -CORRECTANSWER Example: A manager at a
company manually requests an account for a new employee by sending an email to the
IT department. The IT team then creates the account based on the manager's
instructions
,When a new employee joins a company, an automated HR system triggers a workflow
that sends an approval request to the employee's manager.
When a new employee's details are entered into the company's HR system, the system
automatically creates an account in the Active Directory and assigns the necessary
permissions based on the employee's role without any human intervention.
A new user signs up for a company's service through a web portal. They enter their
details, and the system automatically creates their account. The user can then
customize their account settings, choose additional services, and reset their password
without needing to contact support or IT staff.
Alex has been with the university he works at for more than 10 years. During that time,
he has been a system administrator and a database administrator, and he has worked
in the university's help desk. He is now a manager for the team that runs the university's
web applications.
He now has access to application servers, database servers, and AD workstations.
Since he now has access to all three, what is happening? -CORRECTANSWER
Privilege Creep
As Alex has changed roles, he retained access to systems that he no longer
administers. The provisioning system has provided rights to workstations and the
, application servers he manages, but he should not have access to the databases he no
longer administers.
What type of motion detector senses changes in the electromagnetic fields in monitored
areas? -CORRECTANSWER Capacitance
What is a Photoelectric sensor? -CORRECTANSWER A photoelectric sensor is a type
of sensor that uses a light beam (often infrared) to detect the presence, absence, or
distance of an object. These sensors work by emitting a light beam from a transmitter
and detecting the reflection or interruption of that beam with a receiver.
Don's company is considering the use of an object-based storage system where data is
placed in a vendor-managed storage environment through the use of API calls. What
type of cloud computing service is in use? -CORRECTANSWER In this scenario, the
vendor is providing object-based storage, a core infrastructure service. Therefore, this is
an example of infrastructure as a service (IaaS).
What is the minimum interval at which an organization should conduct business
continuity plan refresher training for those with specific business continuity roles? -
CORRECTANSWER Annual basis
What is Caas? -CORRECTANSWER CaaS stands for "Container as a Service." It's a
cloud service model that allows users to manage and deploy containers, which are
