Black Friday Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

ISC SSCP Exam Made Easy: Step-by-Step Preparation Guide

Questions 221

Which of the following statements regarding an off-site information processing facility is TRUE?

Options:

A.

It should have the same amount of physical access restrictions as the primary processing site.

B.

It should be located in proximity to the originating site so that it can quickly be made operational.

C.

It should be easily identified from the outside so in the event of an emergency it can be easily found.

D.

Need not have the same level of environmental monitoring as the originating site since this would be cost prohibitive.

Buy Now
Questions 222

Which of the following recovery plan test results would be most useful to management?

Options:

A.

elapsed time to perform various activities.

B.

list of successful and unsuccessful activities.

C.

amount of work completed.

D.

description of each activity.

Buy Now
Questions 223

What is called an exception to the search warrant requirement that allows an officer to conduct a search without having the warrant in-hand if probable cause is present and destruction of the evidence is deemed imminent?

Options:

A.

Evidence Circumstance Doctrine

B.

Exigent Circumstance Doctrine

C.

Evidence of Admissibility Doctrine

D.

Exigent Probable Doctrine

Buy Now
Questions 224

The IP header contains a protocol field. If this field contains the value of 51, what type of data is contained within the ip datagram?

Options:

A.

Transmission Control Protocol (TCP)

B.

Authentication Header (AH)

C.

User datagram protocol (UDP)

D.

Internet Control Message Protocol (ICMP)

Buy Now
Questions 225

What is defined as inference of information from other, intermediate, relevant facts?

Options:

A.

Secondary evidence

B.

Conclusive evidence

C.

Hearsay evidence

D.

Circumstantial evidence

Buy Now
Questions 226

Which of the following is NOT a part of a risk analysis?

Options:

A.

Identify risks

B.

Quantify the impact of potential threats

C.

Provide an economic balance between the impact of the risk and the cost of the associated countermeasure

D.

Choose the best countermeasure

Buy Now
Questions 227

Of the reasons why a Disaster Recovery plan gets outdated, which of the following is not true?

Options:

A.

Personnel turnover

B.

Large plans can take a lot of work to maintain

C.

Continous auditing makes a Disaster Recovery plan irrelevant

D.

Infrastructure and environment changes

Buy Now
Questions 228

What can be defined as a batch process dumping backup data through communications lines to a server at an alternate location?

Options:

A.

Remote journaling

B.

Electronic vaulting

C.

Data clustering

D.

Database shadowing

Buy Now
Questions 229

Risk mitigation and risk reduction controls for providing information security are classified within three main categories, which of the following are being used?

Options:

A.

preventive, corrective, and administrative

B.

detective, corrective, and physical

C.

Physical, technical, and administrative

D.

Administrative, operational, and logical

Buy Now
Questions 230

A business continuity plan should list and prioritize the services that need to be brought back after a disaster strikes. Which of the following services is more likely to be of primary concern in the context of what your Disaster Recovery Plan would include?

Options:

A.

Marketing/Public relations

B.

Data/Telecomm/IS facilities

C.

IS Operations

D.

Facilities security

Buy Now
Questions 231

What ensures that the control mechanisms correctly implement the security policy for the entire life cycle of an information system?

Options:

A.

Accountability controls

B.

Mandatory access controls

C.

Assurance procedures

D.

Administrative controls

Buy Now
Questions 232

Which of the following would be LESS likely to prevent an employee from reporting an incident?

Options:

A.

They are afraid of being pulled into something they don't want to be involved with.

B.

The process of reporting incidents is centralized.

C.

They are afraid of being accused of something they didn't do.

D.

They are unaware of the company's security policies and procedures.

Buy Now
Questions 233

Which of the following is an IDS that acquires data and defines a "normal" usage profile for the network or host?

Options:

A.

Statistical Anomaly-Based ID

B.

Signature-Based ID

C.

dynamical anomaly-based ID

D.

inferential anomaly-based ID

Buy Now
Questions 234

Which of the following are the two MOST common implementations of Intrusion Detection Systems?

Options:

A.

Server-based and Host-based.

B.

Network-based and Guest-based.

C.

Network-based and Client-based.

D.

Network-based and Host-based.

Buy Now
Questions 235

What is the primary goal of setting up a honeypot?

Options:

A.

To lure hackers into attacking unused systems

B.

To entrap and track down possible hackers

C.

To set up a sacrificial lamb on the network

D.

To know when certain types of attacks are in progress and to learn about attack techniques so the network can be fortified.

Buy Now
Questions 236

What is the essential difference between a self-audit and an independent audit?

Options:

A.

Tools used

B.

Results

C.

Objectivity

D.

Competence

Buy Now
Questions 237

In the process of gathering evidence from a computer attack, a system administrator took a series of actions which are listed below. Can you identify which one of these actions has compromised the whole evidence collection process?

Options:

A.

Using a write blocker

B.

Made a full-disk image

C.

Created a message digest for log files

D.

Displayed the contents of a folder

Buy Now
Questions 238

Who should measure the effectiveness of Information System security related controls in an organization?

Options:

A.

The local security specialist

B.

The business manager

C.

The systems auditor

D.

The central security manager

Buy Now
Questions 239

If an organization were to monitor their employees' e-mail, it should not:

Options:

A.

Monitor only a limited number of employees.

B.

Inform all employees that e-mail is being monitored.

C.

Explain who can read the e-mail and how long it is backed up.

D.

Explain what is considered an acceptable use of the e-mail system.

Buy Now
Questions 240

Who is responsible for providing reports to the senior management on the effectiveness of the security controls?

Options:

A.

Information systems security professionals

B.

Data owners

C.

Data custodians

D.

Information systems auditors

Buy Now