System Security Practitioner (SSCP)
Final Test - CET 2688C
Host-based IDS
An HIDS (host-based intrusion detection system) is considered as technical/logical control. It monitors
activity on a single computer only, including process calls and information recorded in system,
application, security, and host-based firewall logs. - correct answer ✔✔Which of the following items is
not considered as a physical access control?
Vulnerabilities: Shortcomings in a system
Risks: Measured by the likelihood that any particular threat may be carried out
Threats: Possible violations - correct answer ✔✔What factors must you consider for the design and
implementation of access control mechanisms?
Detective - correct answer ✔✔Which of the following types of access control seeks to discover evidence
of an unwanted, unauthorized, or illicit behavior or an activity?
Security Awareness Program
Information Security Policy - correct answer ✔✔What are the examples of administrative access
controls?
Each correct answer represents a complete solution. Choose all that apply
Biba
,The Biba model, also called the Biba Integrity model, is a formal state transition system of computer
security policy used to depict a set of access control rules designed for ensuring data integrity. - correct
answer ✔✔Which of the following models is designed for ensuring data integrity?
Access control matrix - correct answer ✔✔A large table includes multiple subjects and objects and
identifies the access to various objects. What is this table called?
KryptoKnight
Kerberos
SESAME - correct answer ✔✔Single sign-on (SSO) is a centralized access control technique that allows a
subject to be authenticated only once on a system. Which of the following are examples of SSO?
Each correct answer represents a complete solution. Choose all that apply.
Mandatory - correct answer ✔✔Which type of access control defines the statement below?
"It uses a predefined set of access privileges for an object of the system."
Principle of least privilege - correct answer ✔✔Which of the following ensures that a user is assigned
with only required access and permission to complete their work?
- Do not share computer accounts or passwords with others.
- Do not use the same password for more than one account.
- Do not ever write down a password.
- Do not communicate a password by telephone, email, or instant messaging.
- Change passwords whenever there is a doubt, as they may have been compromised.
- Use alpha-numeric passwords. - correct answer ✔✔What are the guidelines of a good password policy?
,Each correct answer represents a complete solution. Choose all that apply.
It follows the principle of least privilege
It indicates about the privileges granted to users - correct answer ✔✔Which of the following statements
are true about entitlement?
Each correct answer represents a complete solution. Choose two.
Promote and preserve public trust and confidence in information and systems.
Promote the understanding and acceptance of prudent information security measures.
Preserve and strengthen the integrity of the public infrastructure. - correct answer ✔✔Which of the
following 'Code of Ethics Canons' are described under 'Protect society, the commonwealth, and the
infrastructure'?
Each correct answer represents a complete solution. Choose all that apply.
Asset management - correct answer ✔✔Which of the following specifies systems that inspects and
maintains things that are of value to an entity or group?
Confidential
Private
Sensitive
Public - correct answer ✔✔Which of the following levels are included in the commercial
business/private sector data classification?
Each correct answer represents a complete solution. Choose all that apply.
, It specifies the step that manages important items within an organization.
It helps organizations to track hardware and software of the systems. - correct answer ✔✔Which of the
following statements are true about asset management?
Each correct answer represents a complete solution. Choose all that apply.
Life cycle assurance: Ensures that a trusted computer base is designed with the controlled standards
Operational assurance: Concerned with the basic features and architecture of a system - correct answer
✔✔Which type of assurances are defined by the TCSEC (Trusted Computer System Evaluation Criteria)
book?
Each correct answer represents a complete solution. Choose all that apply.
It involves a computer-to-computer transaction
It controls the transfer of business documents
Electronic Data Interchange is a set of standards that involves only a computer-to-computer transaction
for controlling the exchange of business documents, such as purchase orders, invoices, and sales orders,
between organizations. This standard is used for American domestic trade. - correct answer ✔✔Which
of the following statements are related to EDI?
Each correct answer represents a complete solution. Choose all that apply.
Confidentiality - correct answer ✔✔Which of the following principles prevents the disclosure of
information to unauthorized individuals or systems?
Sniffing - correct answer ✔✔Which of the following is a process that captures network packets, break
them apart, and examine the contents?
Final Test - CET 2688C
Host-based IDS
An HIDS (host-based intrusion detection system) is considered as technical/logical control. It monitors
activity on a single computer only, including process calls and information recorded in system,
application, security, and host-based firewall logs. - correct answer ✔✔Which of the following items is
not considered as a physical access control?
Vulnerabilities: Shortcomings in a system
Risks: Measured by the likelihood that any particular threat may be carried out
Threats: Possible violations - correct answer ✔✔What factors must you consider for the design and
implementation of access control mechanisms?
Detective - correct answer ✔✔Which of the following types of access control seeks to discover evidence
of an unwanted, unauthorized, or illicit behavior or an activity?
Security Awareness Program
Information Security Policy - correct answer ✔✔What are the examples of administrative access
controls?
Each correct answer represents a complete solution. Choose all that apply
Biba
,The Biba model, also called the Biba Integrity model, is a formal state transition system of computer
security policy used to depict a set of access control rules designed for ensuring data integrity. - correct
answer ✔✔Which of the following models is designed for ensuring data integrity?
Access control matrix - correct answer ✔✔A large table includes multiple subjects and objects and
identifies the access to various objects. What is this table called?
KryptoKnight
Kerberos
SESAME - correct answer ✔✔Single sign-on (SSO) is a centralized access control technique that allows a
subject to be authenticated only once on a system. Which of the following are examples of SSO?
Each correct answer represents a complete solution. Choose all that apply.
Mandatory - correct answer ✔✔Which type of access control defines the statement below?
"It uses a predefined set of access privileges for an object of the system."
Principle of least privilege - correct answer ✔✔Which of the following ensures that a user is assigned
with only required access and permission to complete their work?
- Do not share computer accounts or passwords with others.
- Do not use the same password for more than one account.
- Do not ever write down a password.
- Do not communicate a password by telephone, email, or instant messaging.
- Change passwords whenever there is a doubt, as they may have been compromised.
- Use alpha-numeric passwords. - correct answer ✔✔What are the guidelines of a good password policy?
,Each correct answer represents a complete solution. Choose all that apply.
It follows the principle of least privilege
It indicates about the privileges granted to users - correct answer ✔✔Which of the following statements
are true about entitlement?
Each correct answer represents a complete solution. Choose two.
Promote and preserve public trust and confidence in information and systems.
Promote the understanding and acceptance of prudent information security measures.
Preserve and strengthen the integrity of the public infrastructure. - correct answer ✔✔Which of the
following 'Code of Ethics Canons' are described under 'Protect society, the commonwealth, and the
infrastructure'?
Each correct answer represents a complete solution. Choose all that apply.
Asset management - correct answer ✔✔Which of the following specifies systems that inspects and
maintains things that are of value to an entity or group?
Confidential
Private
Sensitive
Public - correct answer ✔✔Which of the following levels are included in the commercial
business/private sector data classification?
Each correct answer represents a complete solution. Choose all that apply.
, It specifies the step that manages important items within an organization.
It helps organizations to track hardware and software of the systems. - correct answer ✔✔Which of the
following statements are true about asset management?
Each correct answer represents a complete solution. Choose all that apply.
Life cycle assurance: Ensures that a trusted computer base is designed with the controlled standards
Operational assurance: Concerned with the basic features and architecture of a system - correct answer
✔✔Which type of assurances are defined by the TCSEC (Trusted Computer System Evaluation Criteria)
book?
Each correct answer represents a complete solution. Choose all that apply.
It involves a computer-to-computer transaction
It controls the transfer of business documents
Electronic Data Interchange is a set of standards that involves only a computer-to-computer transaction
for controlling the exchange of business documents, such as purchase orders, invoices, and sales orders,
between organizations. This standard is used for American domestic trade. - correct answer ✔✔Which
of the following statements are related to EDI?
Each correct answer represents a complete solution. Choose all that apply.
Confidentiality - correct answer ✔✔Which of the following principles prevents the disclosure of
information to unauthorized individuals or systems?
Sniffing - correct answer ✔✔Which of the following is a process that captures network packets, break
them apart, and examine the contents?
