×

Quiz Session - Attempts With Random Questions

ISC2 SSCP Exam Questions

Page 3 of 25

41.

What is the name for a virtual extension that can link multiple organizations' virtual LANs?

  • Extranet

  • Internet

  • Intranet

  • Federated network

Correct answer: Extranet

An extranet is a virtual extension to a corporate LAN that can be used to link multiple federated organizations together.

42.

Which of the following is LEAST likely to cause a false negative detection?

  • Discarding too little data

  • Measuring too little data

  • Filtering out too little data

  • Analyzing too little data

Correct answer: Discarding too little data

Measuring, filtering out, and analyzing too little data are all actions that are likely to result in false negatives. Discarding too little data (or retaining too much) is more likely to cause a false positive detection.

43.

Access control lists (ACLs) and firewalls are examples of what type of risk mitigation control?

  • Logical

  • Physical

  • Deterrent

  • Administrative

Correct answer: Logical

Logical controls, also known as technical controls, involve the use of software and hardware to protect information systems. This includes mechanisms like firewalls, encryption, intrusion detection systems, software Group Policy Objects, and access control lists (ACLs) that enforce access policies and safeguard digital information.

Physical controls are measures that protect physical assets and facilities, such as locks, fences, and security cameras, rather than digital or logical systems.

Administrative controls are policies, procedures, and guidelines that govern security strategy and personnel behavior, rather than technical measures to protect systems.

Deterrent controls are designed to discourage potential security violations, often by providing visible warnings or imposing penalties. They are not technical controls like firewalls or ACLs.

44.

Which of the following is NOT one of the three main categories in NIST's incident handling checklist?

  • Incident Response Strategy Development

  • Detection and Analysis

  • Containment, Eradication, and Recovery

  • Post-Incident Activity

Correct answer: Incident Response Strategy Development

NIST's incident handling checklist is broken up into three main categories:

  1. Detection and Analysis
  2. Containment, Eradication, and Recovery
  3. Post-Incident Activity

45.

What is the name for the process of creating a set of credentials for an entity?

  • Provisioning

  • Credentialing

  • Identifying

  • Proofing

Correct answer: Provisioning

Provisioning is the process of creating credentials for an entity. Proofing is a stage in this process where the proof of identity provided by the entity is validated.

Credentialing and identifying are fabricated terms

46.

Traffic over which of the following ports represents a security concern?

  • 23

  • 443

  • 22

  • 990

Correct answer: 23

Port 23 is Telnet, which is an unencrypted and insecure protocol for remotely managing a computer. Port 443 is HTTPS, port 22 is SSH, and port 990 is FTP over SSL/TLS, all of which are encrypted protocols.

47.

Espionage is an activity primarily aimed at compromising which of the following security principles?

  • Confidentiality

  • Integrity

  • Authenticity

  • Availability

Correct answer: Confidentiality

Espionage involves the unauthorized access and collection of sensitive information. The primary goal of espionage is to breach confidentiality, making secret or private information available to unauthorized parties.

Availability refers to ensuring that information and resources are accessible when needed. Espionage is not directly aimed at disrupting availability.

Authenticity involves verifying that information is genuine and from a trusted source. Espionage does not typically target the authenticity of information.

Integrity ensures that information is accurate and unaltered. While integrity could be impacted by espionage if data is manipulated, the primary goal of espionage is usually to breach confidentiality, not integrity.

48.

Biometrics is an example of which type of authentication factor?

  • Type III

  • Type I

  • Type II

  • Type IV

Correct answer: Type III

The three main types of authentication factors are:

  • Type I: Something you know (password, etc.)
  • Type II: Something you have (smartcard, etc.)
  • Type III: Something you are (biometrics)

49.

Which of the following is a step included in NIST's Risk Management Framework (RMF)?

  • Assess

  • Transfer

  • Mitigate

  • Identify

Correct answer: Assess

Assess is a step in the NIST (National Institute of Standards and Technology) Risk Management Framework (RMF), where the effectiveness of security controls is evaluated to ensure they are implemented correctly and functioning as intended. 

Transfer, mitigate, and identify are not specific steps in the NIST RMF. NIST's Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy is defined in NIST SP 800-37r2. Its seven steps for information risk management include:

  1. Prepare
  2. Categorize
  3. Select
  4. Implement
  5. Assess
  6. Authorize
  7. Monitor

50.

Which of the following describes an event where some business processes are disrupted but others can continue with degraded performance?

  • Partial disruption

  • Disaster

  • Interruption

  • Minor disruption

Correct answer: Partial disruption

A partial disruption disables some business processes, but others can continue, potentially with degraded performance.

A disaster renders most or all critical business functions inoperable. An interruption disables one or more business processes for a short time. A minor disruption disables a few critical business functions but most of the business continues with minimal impact.

51.

At which stage of the digital triage process would evidence like a disk image be collected after the system has been powered down, and the incident is no longer active?

  • Post-mortem triage

  • Planning and preparation

  • Live digital triage

  • Incident investigation triage

Correct answer: Post-mortem triage

In the post-mortem triage stage, evidence such as disk images, non-volatile data, and log files are collected after the incident has occurred, and the system is no longer running. This allows investigators to thoroughly analyze the data without the risk of altering volatile information.

The planning and preparation stage involves setting up procedures and tools for potential incidents but does not involve evidence collection.

The live digital triage focuses on collecting volatile data and evidence while the system is still running.

The incident investigation triage involves reviewing and analyzing collected evidence but does not specify the initial collection stage of disk images or other non-volatile data.

52.

Which of the following is the only truly unbreakable encryption algorithm?

  • OTP

  • AES

  • RSA

  • RC4

Correct answer: OTP

The One-Time Pad (OTP) encryption algorithm is theoretically unbreakable if it uses a random key that is of the same length as the message and never reused. All other encryption algorithms are breakable.

53.

Sign in with Facebook, Google, Apple, etc. are examples of which of the following?

  • Single sign-on

  • Password managers

  • Multi-factor authentication

  • Centralized identity management

Correct answer: Single sign-on

Sign in with Facebook, Google, Apple, etc. are examples of Single Sign-On (SSO) systems. The user authenticates to the service provider, who passes their identity on to other applications.

54.

Hash functions are deterministic, meaning that the same input will always produce the same output. What is the name for the value commonly used in password storage to ensure that identical passwords produce different hashes?

  • Salt

  • Initialization vector

  • Randomizer

  • Key

Correct answer: Salt

Hash function determinism means that identical inputs produce identical outputs, which can be an issue for password management. An attacker could look at a list of password hashes, identify the ones that match, and know that those users have the same password. Additionally, this likely means that these users have weak passwords that are easy to crack. A salt is a random value added to a password before hashing that causes identical passwords to produce different hashes.

55.

Which of the following types of malware is the MOST stealthy?

  • Rootkit

  • Trojan horse

  • Worm

  • Cryptominer

Correct answer: Rootkit

Rootkits hide themselves within a computer and conceal malicious functionality from endpoint security solutions.

Trojan horses masquerade as a benign or desirable file, such as a document or a useful piece of software. Worms spread themselves to new systems without user interaction. Cryptominers use CPU cycles on an infected machine to mine cryptocurrency for the attacker.

56.

Protecting against data loss is one of the primary purposes of which of the following protocols?

  • TCP

  • TLS

  • UDP

  • HTTP

Correct answer: TCP

The Transmission Control Protocol (TCP) provides error correction and retransmission to prevent data loss. The User Datagram Protocol (UDP) is "fire and forget" and does not.

Transport Layer Security (TLS) uses digital signatures to ensure the integrity of data and that it is received by the correct party. TLS also provides encryption to ensure that data is not inadvertently disclosed to an unauthorized party.

57.

An organization is building out network traffic analysis capabilities that use anomaly detection to identify ongoing attacks. At which stage of the lifecycle of a data exfiltration attack is this solution LEAST likely to identify a threat?

  • Initial compromise and entry

  • Establish command and control

  • Identify, select, acquire, and aggregate data

  • Exfiltrate data

Correct answer: Initial compromise and entry

Data exfiltration attacks follow five main stages:

  • Reconnaissance: Investigate the target and identify a potential access vector.
  • Initial compromise and entry: Gain initial access, often via phishing or account takeover attacks.
  • Establish command and control: Create a channel for sending commands and data between the infected system and the attacker.
  • Identify, select, acquire, and aggregate data: Move laterally through the network and acquire privileges to access high-value data.
  • Exfiltrate data: Use existing C2 channels or additional channels to send collected data to the attacker.

Network traffic analysis using anomaly detection might identify anomalous traffic due to C2 channels, data acquisition, and data exfiltration. Initial compromise and entry is likely to be performed using "normal" traffic such as email or remote access solutions.

58.

Which of the following is a model commonly used with IoT devices to enable rapid, low-latency data processing and decision-making?

  • Edge computing

  • Fog computing

  • Mist computing

  • Cloud computing

Correct answer: Edge computing

Fog computing divides computational load across multiple servers connected to a centralized storage system. It provides more balanced network traffic, latency, and reliability.

Edge computing places computing resources as close to the network edge as possible to reduce latency and improve performance. It is ideal for IoT applications that require rapid decision-making.

Cloud computing is a general term for hosting applications in cloud environments.

Mist computing is a fabricated term.

59.

What is the term for a group playing a defensive role within a cyberattack simulation?

  • Blue team

  • Red team

  • White team

  • Black team

Correct answer: Blue team

The blue team is the defensive side of an exercise, representing the organization's security team. By responding realistically to a simulated attack (which they might not know is a simulation), they test the effectiveness of an organization's security processes and controls.

Red team testing is an exercise in which the simulated attackers attempt to achieve certain objectives within an organization's environment while obeying Rules Of Engagement (ROE).

White team and black team are not commonly used terminology in cyberattack simulations.

60.

Which threat modeling approach BEST aligns with regulatory requirements?

  • Asset-centric

  • Attacker-centric

  • System-centric

  • Threat-centric

Correct answer: Asset-centric

Data protection regulations like GDPR, HIPAA, PCI DSS, and others focus on protection of sensitive data, which is an asset. Therefore, an asset-centric threat modeling approach most closely aligns with their requirements.

×