(ISC)2 SSCP Systems Security Certified Practitioner Official Practice Tests. Mike Chapple

Чтение книги онлайн.

СКАЧАТЬ to test for vulnerable accounts.Identify interesting ports for further scanning.Use sqlmap against the open databases.

      2 Based on the scan results, what operating system (OS) was the system that was scanned most likely running?Windows DesktopLinuxNetwork deviceWindows Server

      3 Ben’s manager expresses concern about the coverage of his scan. Why might his manager have this concern?Ben did not test UDP services.Ben did not discover ports outside the “well-known ports.”Ben did not perform OS fingerprinting.Ben tested only a limited number of ports.

      4 What is the formula used to determine risk?Risk = Threat * VulnerabilityRisk = Threat / VulnerabilityRisk = Asset * ThreatRisk = Asset / Threat

      5 A zero-day vulnerability is announced for the popular Apache web server in the middle of a workday. In Jacob’s role as an information security analyst, he needs to quickly scan his network to determine what servers are vulnerable to the issue. What is Jacob’s best route to quickly identify vulnerable systems?Immediately run Nessus against all of the servers to identify which systems are vulnerable.Review the CVE database to find the vulnerability information and patch information.Create a custom IDS or IPS signature.Identify affected versions and check systems for that version number using an automated scanner.

      6 During a review of access logs, Alex notices that Danielle logged into her workstation in New York at 8 a.m. daily but that she was recorded as logging into her department’s main web application shortly after 3 a.m. daily. What common logging issue has Alex likely encountered?Inconsistent log formattingModified logsInconsistent timestampsMultiple log sources

      7 What is the final step of a quantitative risk analysis?Determine asset value.Assess the annualized rate of occurrence.Derive the annualized loss expectancy.Conduct a cost/benefit analysis.

      8 Carrie is analyzing the application logs for her web-based application and comes across the following string:../../../../../../../../../etc/passwdWhat type of attack was likely attempted against Carrie’s application?Command injectionSession hijackingDirectory traversalBrute force

      9 Allie is responsible for reviewing authentication logs on her organization’s network. She does not have the time to review all logs, so she decides to choose only records where there have been four or more invalid authentication attempts. What technique is Allie using to reduce the size of the pool?SamplingRandom selectionClippingStatistical analysis

      10 Isaac wants to be able to describe the severity of a vulnerability to his team. What standard could he use to easily describe vulnerabilities using a numerical score?CVSSATT&CKMITRESAML

      11 Which type of business impact assessment tool is most appropriate when attempting to evaluate the impact of a failure on customer confidence?QuantitativeQualitativeAnnualized loss expectancyReduction

      12 What type of vulnerabilities will not be found by a vulnerability scanner?Local vulnerabilitiesService vulnerabilitiesZero-day vulnerabilitiesVulnerabilities that require authentication

      13 Which of the following vulnerabilities is unlikely to be found by a web vulnerability scanner?Path disclosureLocal file inclusionRace conditionBuffer overflow

      14 Jim has been contracted to conduct a gray box penetration test, and his clients have provided him with the following information about their networks so that he can scan them:Data center: 10.10.10.0/24Sales: 10.10.11.0/24Billing: 10.10.12.0/24Wireless: 192.168.0.0/16What problem will Jim encounter if he is contracted to conduct a scan from offsite?The IP ranges are too large to scan efficiently.The IP addresses provided cannot be scanned.The IP ranges overlap and will cause scanning issues.The IP addresses provided are RFC 1918 addresses.

      15 Naomi wants to put a system in place that will allow her team to aggregate and correlate event information from a variety of systems and devices in her organization. She then wants to automate the investigation process using workflows with the correlated data. What type of system should she put in place?A NASAn IPSA SOARAn MDR

      16 Murali wants to determine if SQL injection attacks are being attempted against his web application. Which of the following potential source systems will not be useful when identifying SQL injection?Application logsWAF logsNetwork switch logsDatabase logs

      17 Li has completed the discovery of assets across her organization’s network. What is the most likely next step in her vulnerability management lifecycle?Prioritizing the assetsApplying patches to any vulnerable systemsTesting the vulnerabilities using proof-of-concept exploitsIdentifying all vulnerabilities that have not been patched since the last scan

      18 Diego’s organization has applied controls to all risks that it has prioritized. It would not be cost effective to remediate or prevent the remaining risks, and he needs to determine what to do with them. What risk response option is most appropriate to this scenario?Transferring the risksIgnoring the risksReviewing for possible new mitigationsAccepting the risks

      19 Kathleen’s organization has a mature risk assessment process with strong sponsorship from leadership, but also has very low tolerance for risk. Which of the following is most likely to be true about their process for handling risks?They are likely to accept many risks.They are likely to spend resources to mitigate as many risks as possible.They are likely to ignore as many risks as possible.They are likely to spend as few resources as possible to mitigate risks.

      20 Megan is reviewing her organization’s risks and identifies a single point of failure due to the fiber-optic cable connection to a local fiber ring that her organization built and maintains. What type of risk does this describe?An intrinsic riskAn architecture riskA supplier riskA contractual risk

      21 Unusual outbound network traffic, irregularities in geographic or time-based login information, privileged users account activity changes, and unexpected traffic on nonstandard ports are all common examples of what?Vulnerability scanning artifactsSQL injection log entriesIndicators of CompromiseKey performance indicators

      22 Susan wants to use her SIEM to deliver notifications when events occur. Which of the following should she ensure is set to prevent responders from ignoring the notifications?An automated daily email with dashboard informationA required login when notifications are sentAutomated timeline creation for incident dataAppropriate thresholds for notification

Chapter 4 Incident Response and Recovery (Domain 4)

       THE SSCP EXAM TOPICS COVERED IN THIS CHAPTER INCLUDE:

       Domain 4.0 Incident Response and Recovery4.1 Support incident lifecycle (e.g., National Institute of Standards and Technology (NIST), International Organization for Standardization (ISO))PreparationDetection, analysis, and escalationContainmentEradicationRecoveryLessons learned/implementation of new countermeasure4.2 Understand and support forensic investigationsLegal (e.g., civil, criminal, administrative) and ethical principlesEvidence handling (e.g., first responder, triage, chain of custody, preservation of scene)Reporting of analysis4.3 Understand and support Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) activitiesEmergency response plans and procedures (e.g., information system contingency plan, natural disaster, crisis management)Interim or alternate processing strategiesRestoration planningBackup and redundancy implementationTesting and drills

      1 Tara recently detected a security incident in progress on her network. What action should be her highest priority at this point?EradicationRecoveryContainmentDetection

      2 Alan is responding to a security incident and receives a hard drive image from a cooperating organization that contains evidence. What additional information should he request to verify the integrity of the evidence?Private keyPublic keyHashDrive capacity

      3 Jeff СКАЧАТЬ