New Year Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

ISC SSCP Exam Made Easy: Step-by-Step Preparation Guide

Questions 261

Why would anomaly detection IDSs often generate a large number of false positives?

Options:
A.

Because they can only identify correctly attacks they already know about.

B.

Because they are application-based are more subject to attacks.

C.

Because they can't identify abnormal behavior.

D.

Because normal patterns of user and system behavior can vary wildly.

ISC SSCP Premium Access
Questions 262

Which of the following tools is less likely to be used by a hacker?

Options:
A.

l0phtcrack

B.

Tripwire

C.

OphCrack

D.

John the Ripper

Questions 263

Which of the following is an issue with signature-based intrusion detection systems?

Options:
A.

Only previously identified attack signatures are detected.

B.

Signature databases must be augmented with inferential elements.

C.

It runs only on the windows operating system

D.

Hackers can circumvent signature evaluations.

Questions 264

Which of the following reviews system and event logs to detect attacks on the host and determine if the attack was successful?

Options:
A.

host-based IDS

B.

firewall-based IDS

C.

bastion-based IDS

D.

server-based IDS

Questions 265

Which protocol is NOT implemented in the Network layer of the OSI Protocol Stack?

Options:
A.

hyper text transport protocol

B.

Open Shortest Path First

C.

Internet Protocol

D.

Routing Information Protocol

Questions 266

A periodic review of user account management should not determine:

Options:
A.

Conformity with the concept of least privilege.

B.

Whether active accounts are still being used.

C.

Strength of user-chosen passwords.

D.

Whether management authorizations are up-to-date.

Questions 267

Which of the following best describes signature-based detection?

Options:
A.

Compare source code, looking for events or sets of events that could cause damage to a system or network.

B.

Compare system activity for the behaviour patterns of new attacks.

C.

Compare system activity, looking for events or sets of events that match a predefined pattern of events that describe a known attack.

D.

Compare network nodes looking for objects or sets of objects that match a predefined pattern of objects that may describe a known attack.

Questions 268

How often should a Business Continuity Plan be reviewed?

Options:
A.

At least once a month

B.

At least every six months

C.

At least once a year

D.

At least Quarterly

Questions 269

Which of the following is NOT a valid reason to use external penetration service firms rather than corporate resources?

Options:
A.

They are more cost-effective

B.

They offer a lack of corporate bias

C.

They use highly talented ex-hackers

D.

They ensure a more complete reporting

Questions 270

What setup should an administrator use for regularly testing the strength of user passwords?

Options:
A.

A networked workstation so that the live password database can easily be accessed by the cracking program.

B.

A networked workstation so the password database can easily be copied locally and processed by the cracking program.

C.

A standalone workstation on which the password database is copied and processed by the cracking program.

D.

A password-cracking program is unethical; therefore it should not be used.

Questions 271

Which of the following monitors network traffic in real time?

Options:
A.

network-based IDS

B.

host-based IDS

C.

application-based IDS

D.

firewall-based IDS

Questions 272

Which of the following is not a preventive operational control?

Options:
A.

Protecting laptops, personal computers and workstations.

B.

Controlling software viruses.

C.

Controlling data media access and disposal.

D.

Conducting security awareness and technical training.

Questions 273

Which of the following questions are least likely to help in assessing controls covering audit trails?

Options:
A.

Does the audit trail provide a trace of user actions?

B.

Are incidents monitored and tracked until resolved?

C.

Is access to online logs strictly controlled?

D.

Is there separation of duties between security personnel who administer the access control function and those who administer the audit trail?

Questions 274

Which of the following is NOT a fundamental component of an alarm in an intrusion detection system?

Options:
A.

Communications

B.

Enunciator

C.

Sensor

D.

Response

Questions 275

Which of the following is required in order to provide accountability?

Options:
A.

Authentication

B.

Integrity

C.

Confidentiality

D.

Audit trails

Questions 276

Which of the following tools is NOT likely to be used by a hacker?

Options:
A.

Nessus

B.

Saint

C.

Tripwire

D.

Nmap