Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ISC SSCP - Systems Security Certified Practitioner

Page: 4 / 14
Total 1074 questions

What ensures that the control mechanisms correctly implement the security policy for the entire life cycle of an information system?

A.

Accountability controls

B.

Mandatory access controls

C.

Assurance procedures

D.

Administrative controls

Why would anomaly detection IDSs often generate a large number of false positives?

A.

Because they can only identify correctly attacks they already know about.

B.

Because they are application-based are more subject to attacks.

C.

Because they can't identify abnormal behavior.

D.

Because normal patterns of user and system behavior can vary wildly.

What is the essential difference between a self-audit and an independent audit?

A.

Tools used

B.

Results

C.

Objectivity

D.

Competence

Who can best decide what are the adequate technical security controls in a computer-based application system in regards to the protection of the data being used, the criticality of the data, and it's sensitivity level ?

A.

System Auditor

B.

Data or Information Owner

C.

System Manager

D.

Data or Information user

Several analysis methods can be employed by an IDS, each with its own strengths and weaknesses, and their applicability to any given situation should be carefully considered. There are two basic IDS analysis methods that exists. Which of the basic method is more prone to false positive?

A.

Pattern Matching (also called signature analysis)

B.

Anomaly Detection

C.

Host-based intrusion detection

D.

Network-based intrusion detection

As a result of a risk assessment, your security manager has determined that your organization needs to implement an intrusion detection system that can detect unknown attacks and can watch for unusual traffic behavior, such as a new service appearing on the network. What type of intrusion detection system would you select?

A.

Protocol anomaly based

B.

Pattern matching

C.

Stateful matching

D.

Traffic anomaly-based

Which of the following usually provides reliable, real-time information without consuming network or host resources?

A.

network-based IDS

B.

host-based IDS

C.

application-based IDS

D.

firewall-based IDS

Which of the following would NOT violate the Due Diligence concept?

A.

Security policy being outdated

B.

Data owners not laying out the foundation of data protection

C.

Network administrator not taking mandatory two-week vacation as planned

D.

Latest security patches for servers being installed as per the Patch Management process

Which of the following would be LESS likely to prevent an employee from reporting an incident?

A.

They are afraid of being pulled into something they don't want to be involved with.

B.

The process of reporting incidents is centralized.

C.

They are afraid of being accused of something they didn't do.

D.

They are unaware of the company's security policies and procedures.

Which conceptual approach to intrusion detection system is the most common?

A.

Behavior-based intrusion detection

B.

Knowledge-based intrusion detection

C.

Statistical anomaly-based intrusion detection

D.

Host-based intrusion detection

Which of the following is an IDS that acquires data and defines a "normal" usage profile for the network or host?

A.

Statistical Anomaly-Based ID

B.

Signature-Based ID

C.

dynamical anomaly-based ID

D.

inferential anomaly-based ID

The viewing of recorded events after the fact using a closed-circuit TV camera is considered a

A.

Preventative control.

B.

Detective control

C.

Compensating control

D.

Corrective control

Which of the following are the two MOST common implementations of Intrusion Detection Systems?

A.

Server-based and Host-based.

B.

Network-based and Guest-based.

C.

Network-based and Client-based.

D.

Network-based and Host-based.

The session layer provides a logical persistent connection between peer hosts. Which of the following is one of the modes used in the session layer to establish this connection?

A.

Full duplex

B.

Synchronous

C.

Asynchronous

D.

Half simplex

A timely review of system access audit records would be an example of which of the basic security functions?

A.

avoidance

B.

deterrence

C.

prevention

D.

detection

Which of the following is the BEST way to detect software license violations?

A.

Implementing a corporate policy on copyright infringements and software use.

B.

Requiring that all PCs be diskless workstations.

C.

Installing metering software on the LAN so applications can be accessed through the metered software.

D.

Regularly scanning PCs in use to ensure that unauthorized copies of software have not been loaded on the PC.

Which of the following tools is NOT likely to be used by a hacker?

A.

Nessus

B.

Saint

C.

Tripwire

D.

Nmap

A periodic review of user account management should not determine:

A.

Conformity with the concept of least privilege.

B.

Whether active accounts are still being used.

C.

Strength of user-chosen passwords.

D.

Whether management authorizations are up-to-date.

Which of the following is required in order to provide accountability?

A.

Authentication

B.

Integrity

C.

Confidentiality

D.

Audit trails

Which of the following is most likely to be useful in detecting intrusions?

A.

Access control lists

B.

Security labels

C.

Audit trails

D.

Information security policies