CERTPREPS - SSCP PRACTICE EXAM 2
QUESTIONS AND ANSWERS|| GRADED
A+|| LATEST UPDATE
1. An organization has enforced endpoint encryption for all mobile devices. What
is the primary benefit of implementing whole disk encryption on these devices?
A. It improves the performance of mobile devices.
B. It protects data at rest from unauthorized access.
C. It enables secure data transmission over the internet.
D. It allows for easy recovery of lost or stolen devices.
B. It protects data at rest from unauthorized access.
Whole disk encryption protects data at rest from unauthorized access (B) by ensuring
that all data on the device is encrypted and cannot be read without the appropriate key
or password. While performance improvements (A) are not a typical benefit of
encryption, secure data transmission (C) is unrelated as it pertains to data in transit.
Easy recovery of lost or stolen devices (D) is also not a function of encryption but rather
a matter of device management.
2. An organization is assessing the implementation of its new data encryption
protocol. What is the key metric to evaluate its effectiveness?
A. The speed of data encryption and decryption processes.
B. The number of data breaches reported since implementation.
C. The ease of integration with existing systems.
D. The user feedback on encryption processes.
B. The number of data breaches reported since implementation.
The number of data breaches reported since implementation (B) is the key metric to
evaluate the effectiveness of a new data encryption protocol, as it directly indicates
whether the protocol is successful in protecting sensitive data. The speed of encryption
and decryption (A) affects performance but not the effectiveness of security. The ease
of integration (C) is important for usability but does not measure security effectiveness.
User feedback on encryption processes (D) may reflect usability issues but does not
directly measure the protocol's effectiveness in preventing breaches.
3. A multinational company needs to ensure that sensitive data transferred
between their headquarters and regional offices remains secure over a public
network. Which solution should they implement?
A. Intranet
B. VPN over the Internet
C. Extranet
D. Public Wi-Fi
B. VPN over the Internet
A VPN over the internet (B) provides a secure, encrypted tunnel for data transfer
between different locations, ensuring the confidentiality and integrity of sensitive
,information over a public network. An intranet (A) is limited to internal use and does not
span multiple locations. An extranet (C) is used for controlled access by external
partners, not for secure data transfer between company offices. Public Wi-Fi (D) is
inherently insecure and unsuitable for transferring sensitive data.
4. A company’s security team has detected a large number of devices
communicating with a remote server in a coordinated manner, performing
malicious tasks such as sending spam and launching attacks against other
networks. What type of malicious activity does this best describe?
A. Botnet
B. Advanced Persistent Threat (APT)
C. Data theft
D. Insider threat
A. Botnet
The scenario describes devices communicating with a remote server and performing
coordinated malicious tasks, which is characteristic of a botnet (A). A botnet is a
collection of compromised devices that are controlled remotely by an attacker to
perform various malicious activities, such as sending spam and launching attacks. An
Advanced Persistent Threat (APT) (B) is a prolonged and targeted cyber attack,
typically aimed at stealing information over time, but does not describe a large number
of devices performing coordinated tasks. Data theft (C) involves unauthorized access
and exfiltration of sensitive information but does not involve coordinated device activity.
Insider threat (D) involves malicious activities from within the organization, not
coordinated external device control.
5. A company experiences a phishing attack that successfully compromised
credentials used in a virtual environment. What is the best countermeasure to
prevent such attacks in the future?
A. Conduct regular phishing awareness training for all employees
B. Disable all email communication to external domains
C. Implement single sign-on (SSO) for the virtual environment
D. Increase the complexity requirements for passwords
A. Conduct regular phishing awareness training for all employees
Conducting regular phishing awareness training (A) is the best countermeasure as it
educates employees on recognizing and avoiding phishing attacks, reducing the
likelihood of credential compromise. Disabling all email communication to external
domains (B) is impractical and disrupts business operations. Implementing single sign-
on (SSO) (C) can improve security but does not directly prevent phishing attacks.
Increasing password complexity (D) is beneficial but does not address the social
engineering aspect of phishing.
6. During a security audit, it is discovered that unauthorized changes were made
to several configuration files on a critical server. Which monitoring technique
would be most effective in detecting such unauthorized changes in the future?
A. Implementing file integrity monitoring.
B. Performing regular vulnerability scans.
C. Enforcing strict access controls.
D. Conducting periodic audits.
A. Implementing file integrity monitoring.
,Implementing file integrity monitoring (A) is the most effective technique for detecting
unauthorized changes to configuration files, as it tracks changes to files in real-time and
alerts administrators of any modifications. Performing regular vulnerability scans (B)
helps identify potential weaknesses but doesn't monitor file changes. Enforcing strict
access controls (C) is essential for preventing unauthorized access but does not detect
changes once they occur. Conducting periodic audits (D) helps in assessing overall
security but is not real-time and may miss unauthorized changes between audits.
7. A company implements blockchain technology for its supply chain
management. How does this technology support non-repudiation?
A. By encrypting all data transactions
B. By providing an immutable and transparent ledger
C. By restricting access to authorized users
D. By performing regular security assessments
B. By providing an immutable and transparent ledger
Blockchain technology supports non-repudiation by providing an immutable and
transparent ledger where all transactions are recorded and cannot be altered or deleted.
This ensures that all parties involved can verify the authenticity and origin of each
transaction. Encrypting all data transactions (A) ensures confidentiality but does not
provide non-repudiation. Restricting access to authorized users (C) is an access control
measure. Performing regular security assessments (D) ensures the overall security
posture but does not specifically address non-repudiation.
8. During a security impact analysis for a planned network architecture change, it
is discovered that the change might expose sensitive data to unauthorized
access. What is the most appropriate action to take in response to this finding?
A. Proceed with the change but monitor the network closely.
B. Implement additional security controls to mitigate the risk.
C. Cancel the planned network change.
D. Inform users of the potential risk but proceed as planned.
B. Implement additional security controls to mitigate the risk.
Implementing additional security controls to mitigate the risk (B) is the most appropriate
action. This approach addresses the potential vulnerability identified during the security
impact analysis and ensures that sensitive data is protected. Proceeding with the
change without addressing the risk (A, D) is not advisable as it leaves the network
exposed. Canceling the change (C) may not be necessary if the risk can be mitigated
effectively.
9. A security team is tasked with ensuring the integrity of financial transactions
processed by their company's systems. Which of the following measures will
best achieve this goal?
A. Encrypting all financial data
B. Implementing digital signatures for transactions
C. Using intrusion detection systems (IDS)
D. Conducting regular audits of financial records
B. Implementing digital signatures for transactions
Implementing digital signatures for transactions is the best measure to ensure the
integrity of financial transactions. Digital signatures use cryptographic techniques to
verify that the transaction data has not been altered and to authenticate the sender.
, Encrypting financial data (A) ensures confidentiality but does not provide integrity
verification. Intrusion detection systems (IDS) (C) help detect unauthorized access but
do not verify the integrity of transactions. Regular audits of financial records (D) are
important for detecting discrepancies but do not provide real-time assurance of
transaction integrity.
10. A company wants to ensure that employees use secure connections for
sensitive work-related activities. What browser configuration should be enforced
to achieve this goal?
A. Enable strict cookie settings.
B. Set the browser to default to private browsing mode.
C. Enforce the use of HTTPS for all websites.
D. Disable JavaScript in the browser.
C. Enforce the use of HTTPS for all websites.
Enforcing the use of HTTPS for all websites (C) ensures that sensitive information
transmitted through the browser is encrypted, thereby protecting it from interception.
Strict cookie settings (A) enhance privacy but do not secure data transmission. Private
browsing mode (B) prevents the browser from storing data locally but does not ensure
secure connections. Disabling JavaScript (D) can break functionality on many sites and
is not practical for most users.
11. An organization is setting up an email server that needs to receive email
messages from external clients over the internet. Which port should be
configured to allow incoming email traffic via the Simple Mail Transfer Protocol
(SMTP)?
A. 25
B. 110
C. 143
D. 993
A. 25
Port 25 (A) is used for SMTP, which is the standard port for sending and receiving email
messages. Configuring this port will allow the email server to receive incoming email
traffic. Port 110 (B) is used for POP3, which is used by clients to retrieve email from a
server. Port 143 (C) is used for IMAP, which allows email clients to access email
messages on a server. Port 993 (D) is used for secure IMAP (IMAPS), which provides
encrypted email access.
12. A university wants to ensure that only faculty members can modify the course
curriculum. Which of the following should be implemented to enforce this
requirement?
A. Time-based access control.
B. Role-based access control.
C. Single sign-on.
D. Attribute-based access control.
B. Role-based access control.
The correct answer is B. Role-based access control (RBAC) is suitable for ensuring that
only faculty members can modify the course curriculum. RBAC assigns permissions
based on user roles, making it easy to enforce that only faculty members have the
required permissions (B). Time-based access control (A) restricts access based on time
QUESTIONS AND ANSWERS|| GRADED
A+|| LATEST UPDATE
1. An organization has enforced endpoint encryption for all mobile devices. What
is the primary benefit of implementing whole disk encryption on these devices?
A. It improves the performance of mobile devices.
B. It protects data at rest from unauthorized access.
C. It enables secure data transmission over the internet.
D. It allows for easy recovery of lost or stolen devices.
B. It protects data at rest from unauthorized access.
Whole disk encryption protects data at rest from unauthorized access (B) by ensuring
that all data on the device is encrypted and cannot be read without the appropriate key
or password. While performance improvements (A) are not a typical benefit of
encryption, secure data transmission (C) is unrelated as it pertains to data in transit.
Easy recovery of lost or stolen devices (D) is also not a function of encryption but rather
a matter of device management.
2. An organization is assessing the implementation of its new data encryption
protocol. What is the key metric to evaluate its effectiveness?
A. The speed of data encryption and decryption processes.
B. The number of data breaches reported since implementation.
C. The ease of integration with existing systems.
D. The user feedback on encryption processes.
B. The number of data breaches reported since implementation.
The number of data breaches reported since implementation (B) is the key metric to
evaluate the effectiveness of a new data encryption protocol, as it directly indicates
whether the protocol is successful in protecting sensitive data. The speed of encryption
and decryption (A) affects performance but not the effectiveness of security. The ease
of integration (C) is important for usability but does not measure security effectiveness.
User feedback on encryption processes (D) may reflect usability issues but does not
directly measure the protocol's effectiveness in preventing breaches.
3. A multinational company needs to ensure that sensitive data transferred
between their headquarters and regional offices remains secure over a public
network. Which solution should they implement?
A. Intranet
B. VPN over the Internet
C. Extranet
D. Public Wi-Fi
B. VPN over the Internet
A VPN over the internet (B) provides a secure, encrypted tunnel for data transfer
between different locations, ensuring the confidentiality and integrity of sensitive
,information over a public network. An intranet (A) is limited to internal use and does not
span multiple locations. An extranet (C) is used for controlled access by external
partners, not for secure data transfer between company offices. Public Wi-Fi (D) is
inherently insecure and unsuitable for transferring sensitive data.
4. A company’s security team has detected a large number of devices
communicating with a remote server in a coordinated manner, performing
malicious tasks such as sending spam and launching attacks against other
networks. What type of malicious activity does this best describe?
A. Botnet
B. Advanced Persistent Threat (APT)
C. Data theft
D. Insider threat
A. Botnet
The scenario describes devices communicating with a remote server and performing
coordinated malicious tasks, which is characteristic of a botnet (A). A botnet is a
collection of compromised devices that are controlled remotely by an attacker to
perform various malicious activities, such as sending spam and launching attacks. An
Advanced Persistent Threat (APT) (B) is a prolonged and targeted cyber attack,
typically aimed at stealing information over time, but does not describe a large number
of devices performing coordinated tasks. Data theft (C) involves unauthorized access
and exfiltration of sensitive information but does not involve coordinated device activity.
Insider threat (D) involves malicious activities from within the organization, not
coordinated external device control.
5. A company experiences a phishing attack that successfully compromised
credentials used in a virtual environment. What is the best countermeasure to
prevent such attacks in the future?
A. Conduct regular phishing awareness training for all employees
B. Disable all email communication to external domains
C. Implement single sign-on (SSO) for the virtual environment
D. Increase the complexity requirements for passwords
A. Conduct regular phishing awareness training for all employees
Conducting regular phishing awareness training (A) is the best countermeasure as it
educates employees on recognizing and avoiding phishing attacks, reducing the
likelihood of credential compromise. Disabling all email communication to external
domains (B) is impractical and disrupts business operations. Implementing single sign-
on (SSO) (C) can improve security but does not directly prevent phishing attacks.
Increasing password complexity (D) is beneficial but does not address the social
engineering aspect of phishing.
6. During a security audit, it is discovered that unauthorized changes were made
to several configuration files on a critical server. Which monitoring technique
would be most effective in detecting such unauthorized changes in the future?
A. Implementing file integrity monitoring.
B. Performing regular vulnerability scans.
C. Enforcing strict access controls.
D. Conducting periodic audits.
A. Implementing file integrity monitoring.
,Implementing file integrity monitoring (A) is the most effective technique for detecting
unauthorized changes to configuration files, as it tracks changes to files in real-time and
alerts administrators of any modifications. Performing regular vulnerability scans (B)
helps identify potential weaknesses but doesn't monitor file changes. Enforcing strict
access controls (C) is essential for preventing unauthorized access but does not detect
changes once they occur. Conducting periodic audits (D) helps in assessing overall
security but is not real-time and may miss unauthorized changes between audits.
7. A company implements blockchain technology for its supply chain
management. How does this technology support non-repudiation?
A. By encrypting all data transactions
B. By providing an immutable and transparent ledger
C. By restricting access to authorized users
D. By performing regular security assessments
B. By providing an immutable and transparent ledger
Blockchain technology supports non-repudiation by providing an immutable and
transparent ledger where all transactions are recorded and cannot be altered or deleted.
This ensures that all parties involved can verify the authenticity and origin of each
transaction. Encrypting all data transactions (A) ensures confidentiality but does not
provide non-repudiation. Restricting access to authorized users (C) is an access control
measure. Performing regular security assessments (D) ensures the overall security
posture but does not specifically address non-repudiation.
8. During a security impact analysis for a planned network architecture change, it
is discovered that the change might expose sensitive data to unauthorized
access. What is the most appropriate action to take in response to this finding?
A. Proceed with the change but monitor the network closely.
B. Implement additional security controls to mitigate the risk.
C. Cancel the planned network change.
D. Inform users of the potential risk but proceed as planned.
B. Implement additional security controls to mitigate the risk.
Implementing additional security controls to mitigate the risk (B) is the most appropriate
action. This approach addresses the potential vulnerability identified during the security
impact analysis and ensures that sensitive data is protected. Proceeding with the
change without addressing the risk (A, D) is not advisable as it leaves the network
exposed. Canceling the change (C) may not be necessary if the risk can be mitigated
effectively.
9. A security team is tasked with ensuring the integrity of financial transactions
processed by their company's systems. Which of the following measures will
best achieve this goal?
A. Encrypting all financial data
B. Implementing digital signatures for transactions
C. Using intrusion detection systems (IDS)
D. Conducting regular audits of financial records
B. Implementing digital signatures for transactions
Implementing digital signatures for transactions is the best measure to ensure the
integrity of financial transactions. Digital signatures use cryptographic techniques to
verify that the transaction data has not been altered and to authenticate the sender.
, Encrypting financial data (A) ensures confidentiality but does not provide integrity
verification. Intrusion detection systems (IDS) (C) help detect unauthorized access but
do not verify the integrity of transactions. Regular audits of financial records (D) are
important for detecting discrepancies but do not provide real-time assurance of
transaction integrity.
10. A company wants to ensure that employees use secure connections for
sensitive work-related activities. What browser configuration should be enforced
to achieve this goal?
A. Enable strict cookie settings.
B. Set the browser to default to private browsing mode.
C. Enforce the use of HTTPS for all websites.
D. Disable JavaScript in the browser.
C. Enforce the use of HTTPS for all websites.
Enforcing the use of HTTPS for all websites (C) ensures that sensitive information
transmitted through the browser is encrypted, thereby protecting it from interception.
Strict cookie settings (A) enhance privacy but do not secure data transmission. Private
browsing mode (B) prevents the browser from storing data locally but does not ensure
secure connections. Disabling JavaScript (D) can break functionality on many sites and
is not practical for most users.
11. An organization is setting up an email server that needs to receive email
messages from external clients over the internet. Which port should be
configured to allow incoming email traffic via the Simple Mail Transfer Protocol
(SMTP)?
A. 25
B. 110
C. 143
D. 993
A. 25
Port 25 (A) is used for SMTP, which is the standard port for sending and receiving email
messages. Configuring this port will allow the email server to receive incoming email
traffic. Port 110 (B) is used for POP3, which is used by clients to retrieve email from a
server. Port 143 (C) is used for IMAP, which allows email clients to access email
messages on a server. Port 993 (D) is used for secure IMAP (IMAPS), which provides
encrypted email access.
12. A university wants to ensure that only faculty members can modify the course
curriculum. Which of the following should be implemented to enforce this
requirement?
A. Time-based access control.
B. Role-based access control.
C. Single sign-on.
D. Attribute-based access control.
B. Role-based access control.
The correct answer is B. Role-based access control (RBAC) is suitable for ensuring that
only faculty members can modify the course curriculum. RBAC assigns permissions
based on user roles, making it easy to enforce that only faculty members have the
required permissions (B). Time-based access control (A) restricts access based on time
