Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ISC SSCP - Systems Security Certified Practitioner

Page: 7 / 14
Total 1074 questions

Which of the following is covered under Crime Insurance Policy Coverage?

A.

Inscribed, printed and Written documents

B.

Manuscripts

C.

Accounts Receivable

D.

Money and Securities

Which of the following categories of hackers poses the greatest threat?

A.

Disgruntled employees

B.

Student hackers

C.

Criminal hackers

D.

Corporate spies

Which one of the following represents an ALE calculation?

A.

single loss expectancy x annualized rate of occurrence.

B.

gross loss expectancy x loss frequency.

C.

actual replacement cost - proceeds of salvage.

D.

asset value x loss expectancy.

Which of the following is an advantage of a qualitative over a quantitative risk analysis?

A.

It prioritizes the risks and identifies areas for immediate improvement in addressing the vulnerabilities.

B.

It provides specific quantifiable measurements of the magnitude of the impacts.

C.

It makes a cost-benefit analysis of recommended controls easier.

D.

It can easily be automated.

The IP header contains a protocol field. If this field contains the value of 51, what type of data is contained within the ip datagram?

A.

Transmission Control Protocol (TCP)

B.

Authentication Header (AH)

C.

User datagram protocol (UDP)

D.

Internet Control Message Protocol (ICMP)

When preparing a business continuity plan, who of the following is responsible for identifying and prioritizing time-critical systems?

A.

Executive management staff

B.

Senior business unit management

C.

BCP committee

D.

Functional business units

When you update records in multiple locations or you make a copy of the whole database at a remote location as a way to achieve the proper level of fault-tolerance and redundancy, it is knows as?

A.

Shadowing

B.

Data mirroring

C.

Backup

D.

Archiving

When referring to a computer crime investigation, which of the following would be the MOST important step required in order to preserve and maintain a proper chain of custody of evidence:

A.

Evidence has to be collected in accordance with all laws and all legal regulations.

B.

Law enforcement officials should be contacted for advice on how and when to collect critical information.

C.

Verifiable documentation indicating the who, what, when, where, and how the evidence was handled should be available.

D.

Log files containing information regarding an intrusion are retained for at least as long as normal business records, and longer in the case of an ongoing investigation.

Which of the following steps should be one of the first step performed in a Business Impact Analysis (BIA)?

A.

Identify all CRITICAL business units within the organization.

B.

Evaluate the impact of disruptive events.

C.

Estimate the Recovery Time Objectives (RTO).

D.

Identify and Prioritize Critical Organization Functions

Which of the following results in the most devastating business interruptions?

A.

Loss of Hardware/Software

B.

Loss of Data

C.

Loss of Communication Links

D.

Loss of Applications

The deliberate planting of apparent flaws in a system for the purpose of detecting attempted penetrations or confusing an intruder about which flaws to exploit is called:

A.

alteration

B.

investigation

C.

entrapment

D.

enticement.

The MOST common threat that impacts a business's ability to function normally is:

A.

Power Outage

B.

Water Damage

C.

Severe Weather

D.

Labor Strike

Which of the following questions is less likely to help in assessing an organization's contingency planning controls?

A.

Is damaged media stored and/or destroyed?

B.

Are the backup storage site and alternate site geographically far enough from the primary site?

C.

Is there an up-to-date copy of the plan stored securely off-site?

D.

Is the location of stored backups identified?

To protect and/or restore lost, corrupted, or deleted information, thereby preserving the data integrity and availability is the purpose of:

A.

Remote journaling.

B.

Database shadowing.

C.

A tape backup method.

D.

Mirroring.

What can be best defined as the examination of threat sources against system vulnerabilities to determine the threats for a particular system in a particular operational environment?

A.

Risk management

B.

Risk analysis

C.

Threat analysis

D.

Due diligence

Which of the following would best describe secondary evidence?

A.

Oral testimony by a non-expert witness

B.

Oral testimony by an expert witness

C.

A copy of a piece of evidence

D.

Evidence that proves a specific act

If your property Insurance has Replacement Cost Valuation (RCV) clause your damaged property will be compensated:

A.

Based on the value of item on the date of loss

B.

Based on new, comparable, or identical item for old regardless of condition of lost item

C.

Based on value of item one month before the loss

D.

Based on the value listed on the Ebay auction web site

Which of the following specifically addresses cyber attacks against an organization's IT systems?

A.

Continuity of support plan

B.

Business continuity plan

C.

Incident response plan

D.

Continuity of operations plan

In the UTP category rating, the tighter the wind:

A.

the higher the rating and its resistance against interference and crosstalk.

B.

the slower the rating and its resistance against interference and attenuation.

C.

the shorter the rating and its resistance against interference and attenuation.

D.

the longer the rating and its resistance against interference and attenuation.

Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)?

A.

172.12.42.5

B.

172.140.42.5

C.

172.31.42.5

D.

172.15.42.5