Exam (elaborations)
Information Systems Security C845 SSCP - Composite Massive Test well answered to pass
- Course
- Institution
Information Systems Security C845 SSCP - Composite Massive Test well answered to pass
[Show more]
Content preview
Information Systems Security C845SSCP - Composite Massive Test
Which of the following is not a type of attack used against access controls? - correct answer ✔✔Teardrop
- Dictionary, brute-force, and man-in-the-middle attacks are all types of attacks that are frequently aimed
at access controls. Teardrop attacks are a type of denial-of-service attack.
George is assisting a prosecutor with a case against a hacker who attempted to break into the computer
systems at George's company. He provides system logs to the prosecutor for use as evidence, but the
prosecutor insists that George testify in court about how he gathered the logs. What rule of evidence
requires George's testimony? - correct answer ✔✔Hearsay rule - The hearsay rule says that a witness
cannot testify about what someone else told them, except under specific exceptions. The courts have
applied the hearsay rule to include the concept that attorneys may not introduce logs into evidence
unless they are authenticated by the system administrator. The best evidence rule states that copies of
documents may not be submitted into evidence if the originals are available. The parol evidence rule
states that if two parties enter into a written agreement, that written document is assumed to contain all
the terms of the agreement. Testimonial evidence is a type of evidence, not a rule of evidence.
Jim has been asked to individually identify devices that users are bringing to work as part of a new BYOD
policy. The devices will not be joined to a central management system like Active Directory, but he still
needs to uniquely identify the systems. Which of the following options will provide Jim with the best
means of reliably identifying each unique device? - correct answer ✔✔Use device fingerprinting via a
web-based registration system - Device fingerprinting via a web portal can require user authentication
and can gather data like operating systems, versions, software information, and many other factors that
can uniquely identify systems. Using an automated fingerprinting system is preferable to handling
manual registration, and pairing user authentication with data gathering provides more detail than a
port scan. MAC addresses can be spoofed, and systems may have more than one depending on how
many network interfaces they have, which can make unique identification challenging.
Greg would like to implement application control technology in his organization. He would like to limit
users to installing only approved software on their systems. What type of application control would be
appropriate in this situation? - correct answer ✔✔Bluelisting - The whitelisting approach to application
control allows users to install only those software packages specifically approved by administrators. This
would be an appropriate approach in a scenario where application installation needs to be tightly
controlled.
,Which pair of the following factors is key for user acceptance of biometric identification systems? -
correct answer ✔✔The throughput rate and the time required to enroll - Biometric systems can face
major usability challenges if the time to enroll is long (more than a couple of minutes) and if the speed at
which the biometric system is able to scan and accept or reject the user is too slow. FAR and FRR may be
important in the design decisions made by administrators or designers, but they aren't typically visible to
users. CER and ERR are the same and are the point where FAR and FRR meet. Reference profile
requirements are a system requirement, not a user requirement.
Sally is wiring a gigabit Ethernet network. What cabling choices should she make to ensure she can use
her network at the full 1000 Mbps she wants to provide to her users? - correct answer ✔✔Category 5e
and Category 6 UTP cable are both rated to 1000 Mbps. Cat 5 (not Cat 5e) is rated only to 100 Mbps,
whereas Cat 7 is rated to 10 Gbps. There is no Cat 4e.
If Alex hires a new employee and the employee's account is provisioned after HR manually inputs
information into the provisioning system based on data Alex provides via a series of forms, what type of
provisioning has occurred? - correct answer ✔✔Workflow-based account provisioning - Provisioning that
occurs through an established workflow, such as through an HR process, is workflow-based account
provisioning. If Alex had set up accounts for his new hire on the systems he manages, he would have
been using discretionary account provisioning. If the provisioning system allowed the new hire to sign up
for an account on their own, they would have used self-service account provisioning, and if there was a
central, software-driven process, rather than HR forms, it would have been automated account
provisioning.
Alex has access to B, C, and D. What concern should he raise to the university's identity management
team?
B - Application Servers
C - Database Servers
D - Active Directory
F - Incident Management System
E - Directory Server - correct answer ✔✔Privilege creep may be taking place. - As Alex has changed roles,
he retained access to systems that he no longer administers. The provisioning system has provided rights
to workstations and the application servers he manages, but he should not have access to the databases
he no longer administers. Privilege levels are not specified, so we can't determine whether he has
excessive rights. Logging may or may not be enabled, but it isn't possible to tell from the problem.
,When Alex changes roles, what should occur? - correct answer ✔✔He should be provisioned for only the
rights that match his role. - When a user's role changes, they should be provisioned based on their role
and other access entitlements. Deprovisioning and reprovisioning is time-consuming and can lead to
problems with changed IDs and how existing credentials work. Simply adding new rights leads to
privilege creep, and matching another user's rights can lead to excessive privileges because of privilege
creep for that other user.
Vivian works for a chain of retail stores and would like to use a software product that restricts the
software used on point-of-sale terminals to those packages on a preapproved list. What approach should
Vivian use? - correct answer ✔✔Whitelist - The blacklist approach to application control blocks certain
prohibited packages but allows the installation of other software on systems. The whitelist approach
uses the reverse philosophy and allows only approved software. Antivirus software would only detect
the installation of malicious software after the fact. Heuristic detection is a variant of antivirus software.
What type of motion detector senses changes in the electromagnetic fields in monitored areas? - correct
answer ✔✔Capacitance - Capacitance motion detectors monitor the electromagnetic field in a
monitored area, sensing disturbances that correspond to motion.
Don's company is considering the use of an object-based storage system where data is placed in a
vendor-managed storage environment through the use of API calls. What type of cloud computing
service is in use? - correct answer ✔✔IaaS - In this scenario, the vendor is providing object-based
storage, a core infrastructure service. Therefore, this is an example of infrastructure as a service (IaaS).
What is the minimum interval at which an organization should conduct business continuity plan
refresher training for those with specific business continuity roles? - correct answer ✔✔Annually -
Individuals with specific business continuity roles should receive training on at least an annual basis.
Which one of the following technologies is not normally a capability of mobile device management
(MDM) solutions? - correct answer ✔✔Assuming control of a nonregistered BYOD mobile device - MDM
products do not have the capability of assuming control of a device not currently managed by the
organization. This would be equivalent to hacking into a device owned by someone else and might
constitute a crime.
Alex is preparing to solicit bids for a penetration test of his company's network and systems. He wants to
maximize the effectiveness of the testing rather than the realism of the test. What type of penetration
test should he require in his bidding process? - correct answer ✔✔Crystal box - Crystal-box penetration
testing, which is also sometimes called white-box penetration testing, provides the tester with
information about networks, systems, and configurations, allowing highly effective testing. It doesn't
, simulate an actual attack like black- and gray-box testing can and thus does not have the same realism,
and it can lead to attacks succeeding that would fail in a zero- or limited-knowledge attack.
What RADIUS alternative is commonly used for Cisco network gear and supports two-factor
authentication? - correct answer ✔✔TACACS+ - TACACS+ is the most modern version of TACACS, the
Terminal Access Controller Access-Control System. It is a Cisco proprietary protocol with added features
beyond what RADIUS provides, meaning it is commonly used on Cisco networks. XTACACS is an earlier
version, Kerberos is a network authentication protocol rather than a remote user authentication
protocol, and RADIUS+ is a made-up term.
Exam Tip
TACACS+ encrypts the entire authentication session. In contrast, RADIUS encrypts only the user's
password.
Exam Tip
RADIUS is not only for dial-up. It also provides AAA services for VPN remote access connections. Other
implementations include configuring RADIUS as an 802.1x authentication server to require
authentication for wireless clients, commonly known as WPA2-Enterprise.
What type of fire extinguisher is useful against liquid-based fires? - correct answer ✔✔Class B - Class B
fire extinguishers use carbon dioxide, halon, or soda acid as their suppression material and are useful
against liquid-based fires. Water may not be used against liquid-based fires because it may cause the
burning liquid to splash, and many burning liquids, such as oil, will float on water.
Which one of the following components should be included in an organization's emergency response
guidelines? - correct answer ✔✔Immediate response procedures - The emergency response guidelines
should include the immediate steps an organization should follow in response to an emergency situation.
These include immediate response procedures, a list of individuals who should be notified of the
emergency, and secondary response procedures for first responders. They do not include long-term
actions such as activating business continuity protocols, ordering equipment, or activating DR sites.
Which one of the following disaster recovery test types involves the actual activation of the disaster
recovery facility? - correct answer ✔✔Parallel test - During a parallel test, the team activates the disaster
recovery site for testing, but the primary site remains operational. A simulation test involves a roleplay of
a prepared scenario overseen by a moderator. Responses are assessed to help improve the organization's
response process. The checklist review is the least disruptive type of disaster recovery test. During a
checklist review, team members each review the contents of their disaster recovery checklists on their
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Sakayobako30. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $22.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
72349 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now