Valid SSCP Dumps shared by EduDump.com for Helping Passing SSCP Exam! EduDump.com now offer the newest SSCP exam dumps, the EduDump.com SSCP exam questions have been updated and answers have been corrected get the newest EduDump.com SSCP dumps with Test Engine here:

Access SSCP Dumps Premium Version
(1338 Q&As Dumps, 35%OFF Special Discount Code: freecram)

Online Access Free SSCP Exam Questions

Exam Code:SSCP
Exam Name:System Security Certified Practitioner (SSCP)
Certification Provider:ISC
Free Question Number:563
Version:v2025-01-30
Rating:
# of views:413
# of Questions views:44456
Go To SSCP Questions

Recent Comments (The most recent comments are at the top.)

Avery - Jun 25, 2026

Hello, I will recommend your site to all of my friends.

vijay - Jun 04, 2025

No.# Explanation says answer D is right .. but Option C is highlighted as the correct. Please correct it.

LEAVE A REPLY

Your email address will not be published. Required fields are marked *

Other Version
370 viewsISC.SSCP.v2024-05-06.q605
504 viewsISC.SSCP.v2023-03-16.q410
626 viewsISC.SSCP.v2022-06-22.q999
1968 viewsISC.Sscp.v2018-05-31.q1000
Exam Question List
Question 1: Which of the following items is NOT a benefit of cold sites?...
Question 2: What is RAD?
Question 3: Upon which of the following ISO/OSI layers does network addr...
Question 4: It is a violation of the "separation of duties" principle wh...
Question 5: Which of the following focuses on sustaining an organization...
Question 6: Pin, Password, Passphrases, Tokens, smart cards, and biometr...
Question 7: Which of the following centralized access control mechanisms...
Question 8: Which backup method copies only files that have changed sinc...
Question 9: What are the two most critical aspects of risk analysis? (Ch...
Question 10: Which of the following is not a preventive login control?...
Question 11: Which of the following are additional terms used to describe...
Question 12: Which of the following ports does NOT normally need to be op...
Question 13: In the course of responding to and handling an incident, you...
Question 14: Which of the following is not a two-factor authentication me...
Question 15: A potential problem related to the physical installation of ...
Question 16: Of the protocols list, which one is connection oriented?...
Question 17: To protect and/or restore lost, corrupted, or deleted inform...
Question 18: Which of the following is an IP address that is private (i.e...
Question 19: Related to information security, confidentiality is the oppo...
Question 20: What can be defined as an event that could cause harm to the...
Question 21: The Telecommunications Security Domain of information securi...
Question 22: What are the three performance measurements used in biometri...
Question 23: What is a limitation of TCP Wrappers?...
Question 24: The Clipper Chip utilizes which concept in public key crypto...
Question 25: The security of a computer application is most effective and...
Question 26: Who is responsible for initiating corrective measures and ca...
Question 27: A timely review of system access audit records would be an e...
Question 28: Which of the following statements pertaining to packet filte...
Question 29: Which of the following is less likely to accompany a conting...
Question 30: What is called an exception to the search warrant requiremen...
Question 31: A timely review of system access audit records would be an e...
Question 32: Which of the following is not a DES mode of operation?...
Question 33: Which of the following can best eliminate dial-up access thr...
Question 34: Penetration testing involves three steps. Identify the three...
Question 35: This type of supporting evidence is used to help prove an id...
Question 36: Encapsulating Security Payload (ESP) provides some of the se...
Question 37: Which of the following statements pertaining to packet switc...
Question 38: Because ordinary cable introduces a toxic hazard in the even...
Question 39: Sending an ICMP packet greater than 64Kb is an example of wh...
Question 40: Which of the following will a Business Impact Analysis NOT i...
Question 41: Which of the following protocols is not implemented at the I...
Question 42: ______________ relates to the concept of protecting data fro...
Question 43: The primary service provided by Kerberos is which of the fol...
Question 44: In Discretionary Access Control the subject has authority, w...
Question 45: In the statement below, fill in the blank: Law enforcement a...
Question 46: Which of the following reviews system and event logs to dete...
Question 47: Which of the following recovery plan test results would be m...
Question 48: Which of the following is not a logical control when impleme...
Question 49: Passwords should be changed every ________ days at a minimum...
Question 50: Which of the following concerning the Rijndael block cipher ...
Question 51: Which of the following is the simplest type of firewall ?...
Question 52: Which of the following statements pertaining to stream ciphe...
Question 53: Which of the following is a telecommunication device that tr...
Question 54: Which of the following firewall rules found on a firewall in...
Question 55: Which element must computer evidence have to be admissible i...
Question 56: Which division of the Orange Book deals with discretionary p...
Question 57: To meet SSCP certification requirements a candidate must ___...
Question 58: If an organization were to monitor their employees' e-mail, ...
Question 59: What are the three components of the AIC triad? (Choose thre...
Question 60: Which of the following is most likely to be useful in detect...
Question 61: Which of the following describes a technique in which a numb...
Question 62: Which of the following is an issue with signature-based intr...
Question 63: Once evidence is seized, a law enforcement officer should em...
Question 64: Which disaster recovery plan test involves functional repres...
Question 65: A prolonged complete loss of electric power is a:...
Question 66: What mechanism automatically causes an alarm originating in ...
Question 67: Which of the following is NOT an advantage that TACACS+ has ...
Question 68: Kerberos depends upon what encryption method?...
Question 69: Which of the following remote access authentication systems ...
Question 70: What is called an attack in which an attacker floods a syste...
Question 71: Which of the following transmission media would NOT be affec...
Question 72: Which of the following is not a preventive operational contr...
Question 73: How should a risk be HANDLED when the cost of the countermea...
Question 74: HTTP, FTP, SMTP reside at which layer of the OSI model?...
Question 75: A trusted system does NOT involve which of the following?...
Question 76: Public Key Infrastructure (PKI) uses asymmetric key encrypti...
Question 77: What is the maximum key size for the RC5 algorithm?...
Question 78: Cryptography does not concern itself with which of the follo...
Question 79: Who should direct short-term recovery actions immediately fo...
Question 80: The Computer Security Policy Model the Orange Book is based ...
Question 81: Which of the following choices describe a Challenge-response...
Question 82: Which one of these formulas is used in Quantitative risk ana...
Question 83: Which of the following choices describe a condition when RAM...
Question 84: Which of the following is used to find the Media Access Cont...
Question 85: Layer 4 in the DoD model overlaps with which layer(s) of the...
Question 86: The Data Encryption Standard (DES) encryption algorithm has ...
Question 87: Identifying specific attempts to penetrate systems is the fu...
Question 88: If any server in the cluster crashes, processing continues t...
Question 89: In biometrics, the "one-to-one" search used to verify claim ...
Question 90: What layer of the OSI/ISO model does Point-to-point tunnelli...
Question 91: Degaussing is used to clear data from all of the following m...
Question 92: Which of the following can be best defined as computing tech...
Question 93: A central authority determines what subjects can have access...
Question 94: ______________ is a Unix security scanning tool developed at...
Question 95: Select three ways to deal with risk....
Question 96: Which of the following should NOT normally be allowed throug...
Question 97: Accreditation grants permission to operate a system freely s...
Question 98: Overloading or congesting a system's resources so that it is...
Question 99: Which of the following are additional access control objecti...
Question 100: Which of the following access control models introduces user...
Question 101: A circuit level proxy is ___________________ when compared t...
Question 102: What are some of the major differences of Qualitative vs. Qu...
Question 103: For which areas of the enterprise are business continuity pl...
Question 104: There are 5 classes of IP addresses available, but only 3 cl...
Question 105: Each data packet is assigned the IP address of the sender an...
Question 106: Which of the following binds a subject name to a public key ...
Question 107: Government categories of data classification include which o...
Question 108: Which of the following is NOT a property of the Rijndael blo...
Question 109: The change control process:
Question 110: The ___________ protocol converts IP addresses (logical) to ...
Question 111: What kind of Encryption technology does SSL utilize?...
Question 112: Which of the following computer recovery sites is the least ...
Question 113: Why should batch files and scripts be stored in a protected ...
Question 114: How would nonrepudiation be best classified as?...
Question 115: ___________ programs decrease the number of security inciden...
Question 116: What Orange Book security rating is reserved for systems tha...
Question 117: Which of the following are suitable protocols for securing V...
Question 118: During the testing of the business continuity plan (BCP), wh...
Question 119: Which of the following is NOT a technical control?...
Question 120: Which of the following protocols does not operate at the dat...
Question 121: What is the most correct choice below when talking about the...
Question 122: What is the main characteristic of a bastion host?...
Question 123: Which of the following is a CHARACTERISTIC of a decision sup...
Question 124: Which of the following is most relevant to determining the m...
Question 125: A Wide Area Network (WAN) is basically everything outside of...
Question 126: Which of the following keys has the SHORTEST lifespan?...
Question 127: Which of the following would constitute the best example of ...
Question 128: In computing what is the name of a non-self-replicating type...
Question 129: Which of the following is the FIRST step in protecting data'...
Question 130: When you update records in multiple locations or you make a ...
Question 131: The Trusted Computer Security Evaluation Criteria book (TCSE...
Question 132: What is called the formal acceptance of the adequacy of a sy...
Question 133: Which of the following is the WEAKEST authentication mechani...
Question 134: In order to ensure the privacy and integrity of the data, co...
Question 135: As per the Orange Book, what are two types of system assuran...
Question 136: An Intrusion Detection System (IDS) is what type of control?...
Question 137: If an employee's computer has been used by a fraudulent empl...
Question 138: Configuration Management controls what?...
Question 139: What works as an E-mail message transfer agent?...
Question 140: PGP uses which of the following to encrypt data?...
Question 141: Which of the following statements pertaining to a Criticalit...
Question 142: Within the legal domain what rule is concerned with the lega...
Question 143: Which of the following statements pertaining to biometrics i...
Question 144: As a result of a risk assessment, your security manager has ...
Question 145: This type of backup management provides a continuous on-line...
Question 146: Which of the following models does NOT include data integrit...
Question 147: Which of the following is a LAN transmission method?...
Question 148: In a SSL session between a client and a server, who is respo...
Question 149: Which of the following statements pertaining to a security p...
Question 150: Frame relay uses a public switched network to provide:...
Question 151: Which of the following statements pertaining to link encrypt...
Question 152: Which of the following is a token-passing scheme like token ...
Question 153: Which of the following are NOT a countermeasure to traffic a...
Question 154: Passfilt.dll enforces which of the following? (Choose all th...
Question 155: Which of the following is an example of a passive attack?...
Question 156: What refers to legitimate users accessing networked services...
Question 157: A Packet Filtering Firewall system is considered a:...
Question 158: In the DoD accreditation process a __________ is the formal ...
Question 159: RSA has all of the following characteristics except?...
Question 160: Which of the following phases of a software development life...
Question 161: What can be described as an imaginary line that separates th...
Question 162: If a sender is unable to deny having sent an electronic tran...
Question 163: Communications and network security relates to transmission ...
Question 164: Which of the following is defined as the most recent point i...
Question 165: _______ and ________ are the primary controls of most access...
Question 166: In a known plaintext attack, the cryptanalyst has knowledge ...
Question 167: TCPWrappers is an example of which type of security tool?...
Question 168: What is the main difference between a logic bomb and a steal...
Question 169: What distinguishes a hacker / cracker from a phreak?...
Question 170: Which of the following was developed in order to protect aga...
Question 171: Which of the following backup method must be made regardless...
Question 172: Which of the following best ensures accountability of users ...
Question 173: Which of the following addresses a portion of the primary me...
Question 174: How can an individual/person best be identified or authentic...
Question 175: What is the 802.11 standard related to?...
Question 176: Another example of Computer Incident Response Team (CIRT) ac...
Question 177: Which of the following issues is not addressed by digital si...
Question 178: Which of the following DoS attacks use ICMP? (Choose two)...
Question 179: Which of the following services relies on UDP?...
Question 180: A server cluster looks like a:
Question 181: SMTP can best be described as:
Question 182: How often should virus definition downloads and system virus...
Question 183: What is the RESULT of a hash algorithm being applied to a me...
Question 184: Why do buffer overflows happen? What is the main cause?...
Question 185: Which of the following can best define the "revocation reque...
Question 186: An access system that grants users only those rights necessa...
Question 187: The Logical Link Control sub-layer is a part of which of the...
Question 188: What is the primary reason why some sites choose not to impl...
Question 189: Although they are accused of being one in the same, hackers ...
Question 190: Remote Procedure Call (RPC) is a protocol that one program c...
Question 191: Which of the following was designed to support multiple netw...
Question 192: Insiders have a clear advantage in committing computer crime...
Question 193: The Orange Book is founded upon which security policy model?...
Question 194: During the salvage of the Local Area Network and Servers, wh...
Question 195: When referring to a computer crime investigation, which of t...
Question 196: Accounting, __________, and ____________ are the AAAs of inf...
Question 197: An attack initiated by an entity that is authorized to acces...
Question 198: Insiders have a clear advantage in committing computer crime...
Question 199: Corporate networks are safer if an end user connects through...
Question 200: _________ is the act of a user professing an identity to a s...
Question 201: So far, no one has been able to crack the IDEA algorithm wit...
Question 202: Which of the following is an advantage of prototyping?...
Question 203: Each of the following is a valid step in handling incidents ...
Question 204: Secure Sockets Layer (SSL) is very heavily used for protecti...
Question 205: Which TCSEC level is labeled Controlled Access Protection?...
Question 206: ________, _________, and __________ are required to successf...
Question 207: Which of the following is NOT part of the Kerberos authentic...
Question 208: Which of the following best describes the purpose of debuggi...
Question 209: A deviation from an organization-wide security policy requir...
Question 210: What is the name of the third party authority that vouches f...
Question 211: All of the following can be considered essential business fu...
Question 212: Which of the following would be MOST important to guarantee ...
Question 213: Technical controls such as encryption and access control can...
Question 214: Which of the following can best be defined as a cryptanalysi...
Question 215: In this type of attack, the intruder re-routes data traffic ...
Question 216: Information Security policies should be __________________? ...
Question 217: Which one of the following is used to provide authentication...
Question 218: Inference attacks involve ___________________________....
Question 219: Which of the following classes is defined in the TCSEC (Oran...
Question 220: Some Unix systems use a very simple cipher called _________....
Question 221: The first step in the implementation of the contingency plan...
Question 222: A variation of the application layer firewall is called a:...
Question 223: What is the primary role of smartcards in a PKI?...
Question 224: In the process of gathering evidence from a computer attack,...
Question 225: Crackers today are MOST often motivated by their desire to:...
Question 226: What enables users to validate each other's certificate when...
Question 227: What attack involves the perpetrator sending spoofed packet(...
Question 228: Which of the following is the core of fiber optic cables mad...
Question 229: Packet Filtering Firewalls can also enable access for:...
Question 230: What is NOT an authentication method within IKE and IPsec?...
Question 231: What ensures that the control mechanisms correctly implement...
Question 232: Which of the following statements pertaining to Secure Socke...
Question 233: AH - Authentication Header is used in what industry standard...
Question 234: The basic language of modems and dial-up remote access syste...
Question 235: Which of the following statements pertaining to ethical hack...
Question 236: When gathering digital evidence it is very important to do t...
Question 237: An effective information security policy should not have whi...
Question 238: Which type of attack involves impersonating a user or a syst...
Question 239: Layer 4 of the OSI model corresponds to which layer of the D...
Question 240: Which of the following biometric devices offers the LOWEST C...
Question 241: What is NOT an authentication method within IKE and IPsec?...
Question 242: Which of the following is best defined as a circumstance in ...
Question 243: What type of cable is used with 100Base-TX Fast Ethernet?...
Question 244: Which of the following statements pertaining to software tes...
Question 245: Heuristic scanning in antivirus software is designed to catc...
Question 246: Application Layer Firewalls operate at the:...
Question 247: Which of the following describes the major disadvantage of m...
Question 248: Which of the following category of UTP cables is specified t...
Question 249: Masquerading is synonymous with __________....
Question 250: There are ______ available service ports...
Question 251: Which of the following is an unintended communication path t...
Question 252: For maximum security design, what type of fence is most effe...
Question 253: Examples of types of physical access controls include all EX...
Question 254: Which of the following would provide the BEST stress testing...
Question 255: Which of the following best describes signature-based detect...
Question 256: Which of the following is considered the LEAST secure?...
Question 257: In biometric identification systems, at the beginning, it wa...
Question 258: Which type of attack involves hijacking a session between a ...
Question 259: Which of the following Operation Security controls is intend...
Question 260: In an online transaction processing system (OLTP), which of ...
Question 261: What is the primary difference between FTP and TFTP?...
Question 262: Which xDSL flavour delivers both downstream and upstream spe...
Question 263: What happens if this registry value is set to 1? HKLM\System...
Question 264: Step-by-step instructions used to satisfy control requiremen...
Question 265: The Diffie-Hellman algorithm is used for:...
Question 266: Which of the following statements pertaining to disaster rec...
Question 267: The three classic ways of authenticating yourself to the com...
Question 268: An intrusion detection system is an example of what type of ...
Question 269: Only key members of the staff need to be educated in disaste...
Question 270: Which of the following are NT Audit events? (Choose all that...
Question 271: Which of the following is NOT an example of an operational c...
Question 272: Which of the following is not one of the three goals of Inte...
Question 273: Which of the following statements pertaining to disaster rec...
Question 274: When packets are captured and converted to hexadecimal, ____...
Question 275: Only law enforcement personnel are qualified to do computer ...
Question 276: Which layer of the DoD TCP/IP model controls the communicati...
Question 277: Which of the following offers security to wireless communica...
Question 278: Which of the following statements pertaining to disk mirrori...
1 commentQuestion 279: Which of the following is NOT a common integrity goal?...
Question 280: What can be best defined as the examination of threat source...
Question 281: Risk can be totally eliminated through planning, control, pr...
Question 282: In telephony different types of connections are being used. ...
Question 283: Which software development model is actually a meta-model th...
Question 284: Password management falls into which control category?...
Question 285: Who should DECIDE how a company should approach security and...
Question 286: Which port does the Post Office Protocol Version 3 (POP3) ma...
Question 287: What does the directive of the European Union on Electronic ...
Question 288: When compiling a risk assessment report, which of the follow...
Question 289: What type of software can be used to prevent, detect (and po...
Question 290: Spoofing is a sophisticated technique of authenticating one ...
Question 291: Which of the following standards concerns digital certificat...
Question 292: A contingency plan should address:...
Question 293: A ___________ is a program that poses as a useful or legitim...
Question 294: What can be defined as a list of subjects along with their a...
Question 295: Which type of encryption is considered to be unbreakable if ...
Question 296: Which type of algorithm is considered to have the highest st...
Question 297: Similar to Secure Shell (SSH-2), Secure Sockets Layer (SSL) ...
Question 298: Which of the following is addressed by Kerberos?...
Question 299: What are called user interfaces that limit the functions tha...
Question 300: In the context of Biometric authentication, what is a quick ...
Question 301: Which of the following Kerberos components holds all users' ...
Question 302: Which of the following is a disadvantage of a statistical an...
Question 303: In a hierarchical PKI the highest CA is regularly called Roo...
Question 304: Which of the following outlined how senior management are re...
Question 305: A momentary power outage is a:
Question 306: A public key algorithm that does both encryption and digital...
Question 307: Define the term tuple.
Question 308: ___________________ is ultimately responsible for security a...
Question 309: Which of the following is immune to the effects of electroma...
Question 310: Which of the following would assist the most in Host Based i...
Question 311: Most access violations are:
Question 312: Which three things must be considered for the design, planni...
Question 313: The IP header contains a protocol field. If this field conta...
Question 314: Organizations should consider which of the following first b...
Question 315: What is the role of IKE within the IPsec protocol?...
Question 316: Which must bear the primary responsibility for determining t...
Question 317: Which of the following is not a security goal for remote acc...
Question 318: FTP, TFTP, SNMP, and SMTP are provided at what level of the ...
Question 319: How many bits of a MAC address uniquely identify a vendor, a...
Question 320: Computer-generated evidence is considered:...
Question 321: Which of the following protects a password from eavesdropper...
Question 322: What is used to protect programs from all unauthorized modif...
Question 323: What is the name of the protocol use to set up and manage Se...
Question 324: What is the main concern with single sign-on?...
Question 325: A copy of evidence or oral description of its contents; whic...
Question 326: A DMZ is also known as a
Question 327: In Mandatory Access Control, sensitivity labels attached to ...
Question 328: Which of the following is NOT a VPN communications protocol ...
Question 329: One of the following assertions is NOT a characteristic of I...
Question 330: Which of the following enables the person responsible for co...
Question 331: What can be defined as a value computed with a cryptographic...
Question 332: When preparing a business continuity plan, who of the follow...
Question 333: Which of the following is NOT a common category/classificati...
Question 334: A ___________ is a program that can be useful in preventing ...
Question 335: Which of the following LAN topologies offers the highest ava...
Question 336: What does the (star) integrity axiom mean in the Biba model?...
Question 337: Which of the following are used in Biometrics?...
Question 338: Which of the following statements pertaining to quantitative...
Question 339: What can best be defined as the detailed examination and tes...
Question 340: A channel within a computer system or network that is design...
Question 341: RADIUS incorporates which of the following services?...
Question 342: Valuable paper insurance coverage does not cover damage to w...
Question 343: What assesses potential loss that could be caused by a disas...
Question 344: The NT password cracking program L0pht is capable of pulling...
Question 345: Information security policies are a ___________________....
Question 346: Which of the following can best be defined as a key distribu...
Question 347: Which of the following is NOT an asymmetric key algorithm?...
Question 348: Which of the following is a cryptographic protocol and infra...
Question 349: Which of the following is defined as an Internet, IPsec, key...
Question 350: What can a packet filtering firewall also be called?...
Question 351: In biometrics, "one-to-many" search against database of stor...
Question 352: Risk analysis is MOST useful when applied during which phase...
Question 353: The IP header contains a protocol field. If this field conta...
Question 354: Which of the following forms of authentication would most li...
Question 355: What is used to bind a document to its creation at a particu...
Question 356: Which of the following is true about link encryption?...
Question 357: A business continuity plan should list and prioritize the se...
Question 358: The Internet service that converts www.soundbodyworks.com to...
Question 359: Which of the following is an advantage of a qualitative over...
Question 360: The act of intercepting the first message in a public key ex...
Question 361: A business continuity plan is an example of which of the fol...
Question 362: DES - Data Encryption standard has a 128 bit key and is very...
Question 363: Which backup method is additive because the time and tape sp...
Question 364: What is the name of the first mathematical model of a multi-...
Question 365: Which of the following is an extension to Network Address Tr...
Question 366: Which expert system operating mode allows determining if a g...
Question 367: Which of the following teams should NOT be included in an or...
Question 368: To control access by a subject (an active entity such as ind...
Question 369: Today, privacy violations are almost as serious as security ...
Question 370: The term "principle of least privilege" is best as:...
Question 371: The ability to adjust access control to the exact amount of ...
Question 372: Which of the following is a not a preventative control?...
Question 373: Which xDSL flavour, appropriate for home or small offices, d...
Question 374: Which of the following would be the MOST serious risk where ...
Question 375: Which type of attack involves the alteration of a packet at ...
Question 376: Public keys are used for ___________ messages and private ke...
Question 377: Prior to a live disaster test also called a Full Interruptio...
Question 378: Which access control model is also called Non Discretionary ...
Question 379: Which of the following server contingency solutions offers t...
Question 380: Which of the following is NOT a valid reason to use external...
Question 381: Which of the following is NOT an encryption method used by V...
Question 382: A systems ability to identify a particular individual, track...
Question 383: Which of the following is not a component of a Operations Se...
Question 384: Like the Kerberos protocol, SESAME is also subject to which ...
Question 385: Why would anomaly detection IDSs often generate a large numb...
Question 386: What is the maximum allowable key size of the Rijndael encry...
Question 387: Which of the following is the most complete disaster recover...
Question 388: Total risk is defined as:
Question 389: In addition to the Legal Department, with what company funct...
Question 390: What is the PRIMARY reason to maintain the chain of custody ...
Question 391: Which of the following statements pertaining to message dige...
Question 392: Which cable technology refers to the CAT3 and CAT5 categorie...
Question 393: ______________ is a vendor neutral authorization and authent...
Question 394: Who of the following is responsible for ensuring that proper...
Question 395: How are memory cards and smart cards different?...
Question 396: Detective/Technical measures:
Question 397: Which of the following technologies has been developed to su...
Question 398: This type of attack is generally most applicable to public-k...
Question 399: What is one disadvantage of content-dependent protection of ...
Question 400: What is a TFTP server most useful for?...
Question 401: Which xDSL flavour can deliver up to 52 Mbps downstream over...
Question 402: Which auditing practice relates to the controlling of hardwa...
Question 403: Which of the following is based on the premise that the qual...
Question 404: Which of the following control pairings include: organizatio...
Question 405: Which authentication technique best protects against hijacki...
Question 406: Which of the following protocols operates at the session lay...
Question 407: In the Bell-LaPadula model, the Star-property is also called...
Question 408: What ISO/OSI layer do switches primarily operate at? Do take...
Question 409: Which of the following is true of network security?...
Question 410: How often should a Business Continuity Plan be reviewed?...
Question 411: Controls like guards and general steps to maintain building ...
Question 412: Which security model introduces access to objects only throu...
Question 413: Preservation of confidentiality within information systems r...
Question 414: Which of the following is not a property of the Rijndael blo...
Question 415: A code, as is pertains to cryptography:...
Question 416: Which of the following would MOST likely ensure that a syste...
Question 417: What are the three FUNDAMENTAL principles of security?...
Question 418: Which of the following is not an element of a business conti...
Question 419: Which one of the following authentication mechanisms creates...
Question 420: Which of the following IEEE standards defines the token ring...
Question 421: Which of the following ASYMMETRIC encryption algorithms is b...
Question 422: Which of the following statements pertaining to Asynchronous...
Question 423: When should a post-mortem review meeting be held after an in...
Question 424: Which of the following is more suitable for a hardware imple...
Question 425: The Data Encryption Algorithm performs how many rounds of su...
Question 426: Which of the following security-focused protocols has confid...
Question 427: Companies can now be sued for privacy violations just as eas...
Question 428: In order to use L0pht, the ___________ must be exported from...
Question 429: Which of the following are WELL KNOWN PORTS assigned by the ...
Question 430: In what way can violation clipping levels assist in violatio...
Question 431: Which of the following refers to the data left on the media ...
Question 432: Which of the following biometric devices has the lowest user...
Question 433: Controls provide accountability for individuals who are acce...
Question 434: Of the reasons why a Disaster Recovery plan gets outdated, w...
Question 435: Tripwire is a ___________________-...
Question 436: What is the essential difference between a self-audit and an...
Question 437: Why are coaxial cables called "coaxial"?...
Question 438: In the past, many companies had been hesitant to report comp...
Question 439: What is the difference between Access Control Lists (ACLs) a...
Question 440: Which IPSec operational mode encrypts the entire data packet...
Question 441: Kerberos uses asymmetric encryption.(True / False)...
Question 442: ________, _________, and __________ are required to successf...
Question 443: What would be the Annualized Rate of Occurrence (ARO) of the...
Question 444: Kerberos can prevent which one of the following attacks?...
Question 445: In which of the following model are Subjects and Objects ide...
Question 446: How is Annualized Loss Expectancy (ALE) derived from a threa...
Question 447: Which of the following test makes sure the modified or new s...
Question 448: When a station communicates on the network for the first tim...
Question 449: Is the person who is attempting to log on really who they sa...
Question 450: Which of the following is needed for System Accountability?...
Question 451: Which common backup method is the fastest on a daily basis?...
Question 452: Which of the following embodies all the detailed actions tha...
Question 453: Which of the following best describes remote journaling?...
Question 454: What is the proper term to refer to a single unit of IP data...
Question 455: Which of the following access control techniques best gives ...
Question 456: The National Institute of Standards and Technology (NIST) st...
Question 457: What is the PRIMARY use of a password?...
Question 458: Which of the following is the BEST way to detect software li...
Question 459: The absence of a safeguard, or a weakness in a system that m...
Question 460: The __________ is the most dangerous part of a virus program...
Question 461: From a security standpoint, the product development life cyc...
Question 462: What attribute is included in a X.509-certificate?...
Question 463: Which of the following questions is less likely to help in a...
Question 464: What prevents a process from accessing another process' data...
Question 465: Which of the following is used by RADIUS for communication b...
Question 466: In which of the following phases of system development life ...
Question 467: Which of the following virus types changes some of its chara...
Question 468: The fact that a network-based IDS reviews packets payload an...
Question 469: EDI (Electronic Data Interchange) differs from e-Commerce in...
Question 470: Which of the following type of traffic can easily be filtere...
Question 471: Which of the following is a tool often used to reduce the ri...
Question 472: Which of the following computer design approaches is based o...
Question 473: Password crackers fall into two broad categories. What are t...
Question 474: Which of the following is an advantage in using a bottom-up ...
Question 475: What is also known as 10Base5?
Question 476: What are the main goals of an information security program? ...
Question 477: Which of the following protocols that provide integrity and ...
Question 478: Secure Shell (SSH-2) supports authentication, compression, c...
Question 479: Which of the following results in the most devastating busin...
Question 480: Risk mitigation and risk reduction controls for providing in...
Question 481: Which of the following would be true about Static password t...
Question 482: Which of the following security mode of operation does NOT r...
Question 483: Proxies works by transferring a copy of each accepted data p...
Question 484: What can be defined as an abstract machine that mediates all...
Question 485: Which of the following statements pertaining to PPTP (Point-...
Question 486: Volatile memory is referred to as ROM....
Question 487: What would BEST define a covert channel?...
Question 488: Which of the following statements pertaining to access contr...
Question 489: Which access control model enables the OWNER of the resource...
Question 490: How would an IP spoofing attack be best classified?...
Question 491: When we encrypt or decrypt data there is a basic operation i...
Question 492: Which of the following is not an encryption algorithm?...
Question 493: All hosts on an IP network have a logical ID called a(n):...
Question 494: Which of the following does not address Database Management ...
Question 495: What can best be described as an abstract machine which must...
Question 496: Which of the following is true about link encryption?...
Question 497: What would be the name of a Logical or Virtual Table dynamic...
Question 498: Which of the following would be best suited to oversee the d...
Question 499: A type of virus that resides in a Word or Excel document is ...
Question 500: Media that is the target of an investigation should be copie...
Question 501: What kind of certificate is used to validate a user identity...
Question 502: Which protocol makes USE of an electronic wallet on a custom...
Question 503: Which type of firewall can be used to track connectionless p...
Question 504: Which of the following statements pertaining to link encrypt...
Question 505: Which of the following access control models requires securi...
Question 506: Which of the following elements is NOT included in a Public ...
Question 507: The ability to identify and audit a user and his / her actio...
Question 508: Which of the following statements pertaining to VPN protocol...
Question 509: Which of the following is a method of multiplexing data wher...
Question 510: Asynchronous Communication transfers data by sending:...
Question 511: Select the major difference(s) between block and stream ciph...
Question 512: Which of the following biometric characteristics cannot be u...
Question 513: Which of the following monitors network traffic in real time...
Question 514: Transport Layer Security (TLS) is a two-layered socket layer...
Question 515: A one way hash converts a string of random length into a ___...
Question 516: Which of the following terms can be described as the process...
Question 517: Which of the following can be defined as the process of reru...
Question 518: What type of attack involves IP spoofing, ICMP ECHO and a bo...
Question 519: Which of the following algorithms does NOT provide hashing?...
Question 520: Symmetric = private key = secret ________ = public key = sha...
Question 521: Which of the following is NOT a transaction redundancy imple...
Question 522: Identification and authentication are the keystones of most ...
Question 523: Which of the following is the act of performing tests and ev...
Question 524: What is the maximum length of cable that can be used for a t...
Question 525: Business Continuity and Disaster Recovery Planning (Primaril...
Question 526: Which of the following is not a disadvantage of symmetric cr...
Question 527: Flooding network ports is an example of which type of attack...
Question 528: Which of the following attacks could capture network user pa...
Question 529: Which of the following is NOT a defined ISO basic task relat...
Question 530: A 'Pseudo flaw' is which of the following?...
Question 531: Which SSL version offers client-side authentication?...
Question 532: Which of the following is used to interrupt the opportunity ...
Question 533: A host-based IDS is resident on which of the following?...
Question 534: Which of the following is true about Kerberos?...
Question 535: Which of the following pairings uses technology to enforce a...
Question 536: While using IPsec, the ESP and AH protocols both provides in...
Question 537: Within the realm of IT security, which of the following comb...
Question 538: ___________________ is responsible for creating security pol...
Question 539: Why would a memory dump be admissible as evidence in court?...
Question 540: What does RADIUS stand for?
Question 541: As telnet is widely know to be insecure, one time passwords ...
Question 542: Which of the following are REGISTERED PORTS as defined by IA...
Question 543: What is called the probability that a threat to an informati...
Question 544: Which access model is most appropriate for companies with a ...
Question 545: Which of the following is true related to network sniffing?...
Question 546: This free (for personal use) program is used to encrypt and ...
Question 547: What security control provides a method to insure that a tra...
Question 548: Which layer of the TCP/IP protocol model would best correspo...
Question 549: The IP header contains a protocol field. If this field conta...
Question 550: Which OSI/ISO layer does a SOCKS server operate at?...
Question 551: Virus scanning and content inspection of SMIME encrypted e-m...
Question 552: Which of the following service is not provided by a public k...
Question 553: Which one of the following represents an ALE calculation?...
Question 554: What is the main characteristic of a multi-homed host?...
Question 555: The scope and focus of the Business continuity plan developm...
Question 556: Computer security should be first and foremost which of the ...
Question 557: What is the main purpose of Corporate Security Policy?...
Question 558: Which of the following is NOT an advantage that TACACS+ has ...
Question 559: Countermeasures have three main objectives, what are they? (...
Question 560: Which security model uses division of operations into differ...
Question 561: Telnet and rlogin use which protocol?...
Question 562: Which of the following best corresponds to the type of memor...
Question 563: Which of the following is NOT a symmetric key algorithm?...