(ISC)2 SSCP Systems Security Certified Practitioner Official Practice Tests. Mike Chapple
Читать онлайн книгу.
of a flood in this area?10010.10.01
6 Which of the following strategies is not a reasonable approach for remediating a vulnerability identified by a vulnerability scanner?Install a patch.Use a workaround fix.Update the banner or version number.Use an application layer firewall or IPS to prevent attacks against the identified vulnerability.
7 Bruce is seeing quite a bit of suspicious activity on his network. It appears that an outside entity is attempting to connect to all of his systems using a TCP connection on port 22. What type of scanning is the outsider likely engaging in?FTP scanningTelnet scanningSSH scanningHTTP scanning
8 Jim would like to identify compromised systems on his network that may be participating in a botnet. He plans to do this by watching for connections made to known command-and-control servers. Which one of the following techniques would be most likely to provide this information if Jim has access to a list of known servers?Netflow recordsIDS logsAuthentication logsRFC logs
9 Susan needs to scan a system for vulnerabilities, and she wants to use an open source tool to test the system remotely. Which of the following tools will meet her requirements and allow vulnerability scanning?NmapOpenVASMBSANessus
10 Jim is designing his organization’s log management systems and knows that he needs to carefully plan to handle the organization’s log data. Which of the following is not a factor that Jim should be concerned with?The volume of log dataA lack of sufficient log sourcesData storage security requirementsNetwork bandwidth
Kara used nmap to perform a scan of a system under her control and received the results shown here. Refer to these results to answer questions 30 and 31.
1 If Kara’s primary concern is preventing eavesdropping attacks, which port should she block?22804431433
2 If Kara’s primary concern is preventing administrative connections to the server, which port should she block?22804431433
3 During a port scan, Susan discovers a system running services on TCP and UDP 137-139 and TCP 445, as well as TCP 1433. What type of system is she likely to find if she connects to the machine?A Linux email serverA Windows SQL serverA Linux file serverA Windows workstation
4 After conducting a qualitative risk assessment of her organization, Sally recommends purchasing cybersecurity breach insurance. What type of risk response behavior is she recommending?AcceptTransferReduceReject
5 What is the best way to provide accountability for the use of identities?LoggingAuthorizationDigital signaturesType 1 authentication
6 Robin recently conducted a vulnerability scan and found a critical vulnerability on a server that handles sensitive information. What should Robin do next?PatchingReportingRemediationValidation
7 Rolando is a risk manager with a large-scale enterprise. The firm recently evaluated the risk of California mudslides on its operations in the region and determined that the cost of responding outweighed the benefits of any controls it could implement. The company chose to take no action at this time. What risk management strategy did Rolando’s organization pursue?Risk avoidanceRisk mitigationRisk transferenceRisk acceptance
8 During a log review, Danielle discovers a series of logs that show login failures.Jan 31 11:39:12 ip-10-0-0-2 sshd[29092]: Invalid user admin from remotehost passwd=aaaaaaaa Jan 31 11:39:20 ip-10-0-0-2 sshd[29098]: Invalid user admin from remotehost passwd=aaaaaaab Jan 31 11:39:23 ip-10-0-0-2 sshd[29100]: Invalid user admin from remotehost passwd=aaaaaaac Jan 31 11:39:31 ip-10-0-0-2 sshd[29106]: Invalid user admin from remotehost passwd=aaaaaaad Jan 31 20:40:53 ip-10-0-0-254 sshd[30520]: Invalid user admin from remotehost passwd=aaaaaaaeWhat type of attack has Danielle discovered?A pass-the-hash attackA brute-force attackA man-in-the-middle attackA dictionary attack
9 During a third-party audit, Jim’s company receives a finding that states, “The administrator should review backup success and failure logs on a daily basis, and take action in a timely manner to resolve reported exceptions.” What is the biggest issue that is likely to result if Jim’s IT staff need to restore from a backup?They will not know if the backups succeeded or failed.The backups may not be properly logged.The backups may not be usable.The backup logs may not be properly reviewed.
For questions 39–41, please refer to the following scenario.
Ben’s organization has begun to use STRIDE to assess its software and has identified threat agents and the business impacts that these threats could have. Now they are working to identify appropriate controls for the issues they have identified.
1 Ben’s development team needs to address an authorization issue, resulting in an elevation of privilege threat. Which of the following controls is most appropriate to this type of issue?Auditing and logging are enabled.Role-based access control is used for specific operations.Data type and format checks are enabled.User input is tested against a whitelist.
2 Ben’s team is attempting to categorize a transaction identification issue that is caused by use of a symmetric key shared by multiple servers. What STRIDE category should this fall into?Information disclosureDenial of serviceTamperingRepudiation
3 Ben wants to prevent or detect tampering with data. Which of the following is not an appropriate solution?HashesDigital signaturesFilteringAuthorization controls
4 During a port scan of his network, Alex finds that a number of hosts respond on TCP ports 80, 443, 515, and 9100 in offices throughout his organization. What type of devices is Alex likely discovering?Web serversFile serversWireless access pointsPrinters
5 Alan is performing threat modeling and decides that it would be useful to decompose the system into the key elements shown here. What tool is he using?Image reprinted from CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 7th Edition © John Wiley & Sons 2015, reprinted with permission.Vulnerability assessmentFuzzingReduction analysisData modeling
6 Which of the following is not a hazard associated with penetration testing?Application crashesDenial of serviceExploitation of vulnerabilitiesData corruption
7 Nmap is an example of what type of tool?Vulnerability scannerWeb application fuzzerNetwork design and layoutPort scanner
8 Which of the following is a method used to design new software tests and to ensure the quality of tests?Code auditingStatic code analysisRegression testingMutation testing
9 When a Windows system is rebooted, what type of log is generated?ErrorWarningInformationFailure audit
10 What is the first step that should occur before a penetration test is performed?Data gatheringPort scanningGetting permissionPlanning
11 Bobbi is investigating a security incident and discovers that an attacker began with a normal user account but managed to exploit a system vulnerability to provide that account with administrative rights. What type of attack took place under the STRIDE threat model?SpoofingRepudiationTamperingElevation of privilege
For questions 50–53, please refer to the following scenario.
Ann is a security professional for a midsize business and typically handles log analysis and security monitoring tasks for her organization. One of her roles is to monitor alerts originating from the organization’s intrusion detection system. The system typically generates several dozen alerts each day, and many of those alerts turn out to be false alarms after her investigation.
This morning, the intrusion detection system alerted because the network began to receive an unusually high volume of inbound traffic. Ann received this alert and began looking into the origin of the traffic.
1 At this point in the incident response process, what term best describes what has occurred in Ann’s organization?Security occurrenceSecurity incidentSecurity eventSecurity intrusion
2 Ann continues her investigation and