×

Quiz Session - Attempts With Random Questions

ISC2 SSCP Exam Questions

Page 8 of 25

141.

Which of the following is a protocol used for configuration control?

  • SCAP

  • CMP

  • CCP

  • SCP

Correct answer: SCAP

The Security Content Automation Protocol (SCAP) shares data between security tools, including configuration information. This makes it easier to standardize threat detection across an organization's security infrastructure.

142.

In identity and access control, what is the thing that someone or something acts upon?

  • Object

  • Subject

  • Resource

  • Entity

Correct answer: Object

In identity and access control, subjects take actions on objects. For example, a user (actor) might read or edit a document (object).

143.

Which of the following ARP variants allows ARP to work across a router?

  • Proxy ARP

  • Reverse ARP

  • Inverse ARP

  • Gratuitous ARP

Correct answer: Proxy ARP

Some variants of ARP include:

  • Reverse ARP (RARP): A largely obsolete predecessor of DHCP and allows a computer to query other machines on the subnet for its IP address.
  • Inverse ARP (InARP): Provides similar functionality to RARP and is used to configure remote devices.
  • Proxy ARP: Allows MAC address resolution across a router by having the router proxy ARP traffic.
  • Gratuitous ARP: Used to detect IP address conflicts and update other machines' ARP tables.

144.

An employee is working from home, but the corporate virtual private network (VPN) infrastructure is not functioning properly, making remote access to corporate systems slow. Which of the following might pose a significant data security risk in this scenario?

  • Data download/copy

  • Data display and output

  • Data remanence

  • Human covert paths

Correct answer: Data download/copy

Some examples of data security risks on the endpoint include:

  • Data Display and Output: In general, users will only be able to work with decrypted data, which means that data is at risk when displayed/output for a user. Shoulder surfing, malware, and screen capture tools are risks to confidentiality at this stage.
  • Data Download/Copy: Data may be protected at its primary storage location but may be placed at risk when downloaded or copied to another device. This may occur with or without a user's knowledge/consent.
  • Data Remanence: After data is decrypted for use, it may remain within a computer's memory for some time even after the session is complete. This data may be vulnerable to collection by malware or digital forensics tools.
  • Human Covert Paths: Humans may intentionally or unintentionally expose data to a third party by combining unclassified information from multiple sources. For example, sensitive information about an organization's capabilities or existing contracts may be included or implied within a proposal to a third party.

In this scenario, a user may download a copy of corporate data to their device to use while working. This copy may not be protected in accordance with corporate policy, placing it at risk.

145.

Which of the following is NOT a major activity of Identity and Access Management (IAM)?

  • Password management

  • Account access review

  • Auditing

  • Enforcement

Correct answer: Password management
Although password management is an important function within IAM, it is not considered one of its major activities. The primary activities of IAM typically include account access review, auditing, and enforcement.

Account access review focuses on ensuring that users have appropriate access levels.

Auditing involves reviewing and ensuring compliance with access policies and detecting any unauthorized access.

Enforcement ensures that access control policies are consistently applied across the organization.

146.

Man-in-the-Middle (MitM) attacks occur at which layer of the OSI model?

  • Layer 5

  • Layer 4

  • Layer 6

  • Layer 3

Correct answer: Layer 5

MitM attacks are designed to take over a session between a client and a server. For this reason, they occur at Layer 5 of the OSI model.

While initial interception techniques like ARP spoofing occur at Layer 3, the focus of MitM attacks on hijacking sessions aligns more closely with the session layer responsibilities.

Layer 4 deals with the end-to-end communication and reliability of data transmission, but the manipulation of session state and hijacking aligns more with Layer 5.

Layer 6 handles data translation and encryption, and while MitM can affect data integrity at this layer, it is not primarily where the session takeover occurs.

147.

Which of the following 802.11 standards does NOT use OFDM?

  • a

  • b

  • g

  • n

Correct answer: a

802.11.11a are the only wireless standards that do not use Orthogonal Frequency Division Multiplexing (OFDM).

148.

Which of the following uses authentication servers to allow a user to log in once and gain access to all associated applications and systems?

  • Single sign-on

  • Password manager

  • Consolidated authentication

  • Passwordless authentication

Correct answer: Single sign-on

Single sign-on (SSO) allows users to log into the authentication system, which then provides authentication information to any associated applications or systems the user tries to access. This eliminates the need to memorize and enter many unique passwords for various systems.

Password managers store copies of a user's passwords and may autofill them into web pages.

Passwordless authentication uses non-password factors, such as biometrics or tokens.

Consolidated authentication is a fabricated term.

149.

Which of the following techniques used by data loss prevention (DLP) systems is heavily reliant on regular expressions and Boolean logic?

  • Rule-based

  • Database Fingerprinting

  • Exact File Matching

  • Machine Learning

Correct answer: Rule-based

Data Loss Prevention (DLP) systems can use various techniques to identify data exfiltration, including:

  • Rule-Based: Uses regular expressions (regexes) or Boolean expressions to define data types of interest. For example, credit card numbers are well-structured data, making them well suited to rule-based detection.
  • Database Fingerprinting: Searches for subsets of data from a particular source, such as a set of records from a database.
  • Exact File Matching: Uses file digests/hashes to detect the exfiltration of complete, sensitive files from an organization.
  • Partial Document Matching: Defines some of the content for a restricted document, such as the template used to create sensitive forms, reports, etc.
  • Conceptual/Lexicon: Combines restricted wordlists, rules, and regular expressions to identify exfiltration of data likely to be restricted.
  • Machine Learning: Helps to identify the use of non-standard encryption algorithms for data exfiltration based on entropy, etc.
  • Predefined Patterns/Categories: Used to identify particular types of structured data within a given field, such as payment card or healthcare information.

150.

An attacker has managed to trick a mobile application into communicating with a phishing site due to a failure to properly validate digital certificates. At which layer of the OSI model does this attack occur?

  • Layer 4

  • Layer 3

  • Layer 5

  • Layer 6

Correct answer: Layer 4

Layer 4 is responsible for end-to-end communication between systems and includes protocols like TCP and TLS (Transport Layer Security). TLS is responsible for encrypting data and managing digital certificates to ensure secure communication. The attack described involves a failure to validate digital certificates, which falls under the functions of TLS at the Transport Layer.

Layer 3 manages routing and forwarding of packets between devices, but does not handle encryption protocols or certificate management.

Layer 5 establishes and manages sessions between applications, but does not directly deal with TLS or certificate validation.

Layer 6 is involved in data translation and encryption at a higher level, but TLS operates specifically at the Transport Layer (Layer 4).

151.

Which of the following standards is MOST closely associated with federated identity?

  • SAML

  • XML

  • HTML

  • JSON

Correct answer: SAML

The Security Assertion Markup Language (SAML) is a widely used standard for exchanging authentication and authorization data between parties, particularly in federated identity systems. It allows identity providers to pass authorization credentials to service providers, enabling single sign-on (SSO) across different domains.

HyperText Markup Language (HTML) is a markup language used to define webpages.

JavaScript Object Notation (JSON) and eXtensible Markup Language (XML) are general-purpose data transfer and markup languages.

152.

Which of the following types of events allows the majority of business processes to continue uninterrupted?

  • Minor disruption

  • Disaster

  • Interruption

  • Partial disruption

Correct answer: Minor disruption

A disaster renders most or all critical business functions inoperable.
An interruption disables one or more business processes for a short time.
A partial disruption disables some business processes, but others can continue, potentially with degraded performance.
A minor disruption disables a few critical business functions but most of the business continues with minimal impact.

153.

Which of the following Guest OS security strategies is designed to separate and isolate workloads within a virtual machine to enhance security?

  • Partitioning

  • Covert channel isolation

  • Side-channel remediation

  • Secure virtualization

Correct answer: Partitioning

Partitioning involves dividing a system's resources into distinct, isolated sections, or partitions, within a virtual machine. This isolation helps prevent interference and unauthorized access between workloads, enhancing security by ensuring that each partition operates independently and securely.

Secure virtualization involves protecting virtual machines from attacks, but it is not specifically focused on dividing resources within a virtual machine.

Covert channel isolation addresses unauthorized data transfer channels but does not focus on isolating workloads within a virtual machine.

Side-channel remediation involves preventing attacks that exploit indirect information leakage but does not pertain to isolating or separating workloads within a virtual machine.

154.

Which endpoint security solution attempts to identify attacks by collecting and collating additional data and context?

  • XDR

  • MDR

  • EDR

  • UEM

Correct answer: XDR

XDR (Extended Detection and Response) is a security solution that collects and collates data from multiple sources (e.g., endpoints, networks, servers, and cloud environments) to provide a comprehensive view of threats. It attempts to identify attacks by analyzing this aggregated data and context, improving threat detection and response across the entire environment.

MDR (Managed Detection and Response) is a service that provides threat detection, response, and remediation by leveraging human expertise and tools. While it may collect data, it is more focused on providing managed services rather than integrating and analyzing data across multiple sources.

EDR (Endpoint Detection and Response) focuses on detecting and responding to threats at the endpoint level. It collects data from individual endpoints but is not as comprehensive as XDR, which integrates data from multiple security layers.

UEM (Unified Endpoint Management) focuses on managing and securing endpoints such as mobile devices, laptops, and desktops. It centralizes management but is not primarily focused on aggregating data for threat detection.

155.

Which of the following is NOT an example of an algorithm based on the discrete logarithm problem?

  • RSA

  • DSA

  • Diffie-Hellman-Merkle

  • ElGamal

Correct answer: RSA

RSA is a public-key cryptographic algorithm that is based on the mathematical problem of integer factorization, not the discrete logarithm problem. It involves the use of two large prime numbers to generate the public and private keys, making it distinct from algorithms that rely on the discrete logarithm problem.

Diffie-Hellman-Merkle, ElGamal, and the Digital Signature Algorithm (DSA) are all based on the discrete logarithm problem.

156.

Which malware function is MOST useful for gathering intelligence on user behavior and system vulnerabilities to plan future attacks?

  • End-User or Endpoint Passive Monitoring

  • End-User Interaction

  • Command-and-Control Functions

  • Destruction or Disruption

Correct answer: End-User or Endpoint Passive Monitoring

End-User or Endpoint Passive Monitoring involves quietly observing and recording user behavior, system activities, and potential vulnerabilities without actively engaging in malicious actions. The information gathered through passive monitoring can be crucial for attackers in planning future, more targeted attacks by understanding the environment and identifying weak points.

End-User Interaction involves direct engagement with users, such as phishing, which is used to initiate attacks rather than gather intelligence for future ones.

Command-and-Control (C2) Functions are more about controlling the malware than gathering intelligence for future attacks.

Destruction or Disruption focuses on causing immediate harm, and while it is effective in damaging systems, it does not contribute to intelligence gathering for future attacks.

157.

Adware is an example of malware with which of the following objectives?

  • End-User Interaction

  • End-User or Endpoint Passive Monitoring

  • Command-and-Control Functions

  • Destruction or Disruption

Correct answer: End-User interaction

Malware can be designed to achieve different types of functions, such as:

  • End-User Interaction: Adware, ransomware, scareware, and other types of malware are designed to interact directly with the user. The goal may be to trick the user into handing over sensitive information, downloading additional malware, or paying the attacker in some way.
  • End-User or Endpoint Passive Monitoring: Some malware is designed to collect information about an endpoint and its users. This could include login credentials, Personally Identifiable Information (PII), location information, or other data that could be sold or used in follow-up attacks.
  • Command-and-Control Functions: These malicious payloads are designed to grant an attacker increased, remote control over an infected device. For example, the malware may elevate its access to a system, exfiltrate sensitive data, or set up a secure channel to communicate with the attacker.
  • Destruction or Disruption: Some types of malware are designed to harm an organization's ability to do business. For example, wipers may delete valuable data, or Denial of Service (DoS) malware may render a system unusable.

158.

Behavioral analytics are an example of which type of authentication factor?

  • Something you do

  • Something you know

  • Something you have

  • Something you are

Correct answer: Something you do

Behavioral analytics measure a person's actions and any deviations from normal. This is an example of a "something you do" authentication factor.

159.

An SSCP wants to know which malicious domains malware may have attempted to access. Which log file may provide useful information?

  • DNS server

  • Directory services

  • DHCP server

  • SSO

Correct answer: DNS server

DNS server logs record attempts to resolve domain names into IP addresses.

Directory services logs provide information about the entities on a particular system. DHCP server logs record DHCP lease information, which can be useful for identifying when devices joined or left a network. Single sign-on (SSO) logs can provide information about the various resources accessed by a user.

160.

Which version of SSL/TLS introduced ephemeral key exchange and forward secrecy?

  • TLS 1.3

  • TLS 1.0

  • TLS 1.2

  • TLS 1.1

Correct answer: TLS 1.3

TLS 1.3 introduced forward secrecy and ephemeral key exchange in August 2018.

×