(ISC)2 SSCP Systems Security Certified Practitioner Official Practice Tests. Mike Chapple

Читать онлайн книгу.

(ISC)2 SSCP Systems Security Certified Practitioner Official Practice Tests - Mike Chapple


Скачать книгу
switch logsDatabase logs

      17 Li has completed the discovery of assets across her organization’s network. What is the most likely next step in her vulnerability management lifecycle?Prioritizing the assetsApplying patches to any vulnerable systemsTesting the vulnerabilities using proof-of-concept exploitsIdentifying all vulnerabilities that have not been patched since the last scan

      18 Diego’s organization has applied controls to all risks that it has prioritized. It would not be cost effective to remediate or prevent the remaining risks, and he needs to determine what to do with them. What risk response option is most appropriate to this scenario?Transferring the risksIgnoring the risksReviewing for possible new mitigationsAccepting the risks

      19 Kathleen’s organization has a mature risk assessment process with strong sponsorship from leadership, but also has very low tolerance for risk. Which of the following is most likely to be true about their process for handling risks?They are likely to accept many risks.They are likely to spend resources to mitigate as many risks as possible.They are likely to ignore as many risks as possible.They are likely to spend as few resources as possible to mitigate risks.

      20 Megan is reviewing her organization’s risks and identifies a single point of failure due to the fiber-optic cable connection to a local fiber ring that her organization built and maintains. What type of risk does this describe?An intrinsic riskAn architecture riskA supplier riskA contractual risk

      21 Unusual outbound network traffic, irregularities in geographic or time-based login information, privileged users account activity changes, and unexpected traffic on nonstandard ports are all common examples of what?Vulnerability scanning artifactsSQL injection log entriesIndicators of CompromiseKey performance indicators

      22 Susan wants to use her SIEM to deliver notifications when events occur. Which of the following should she ensure is set to prevent responders from ignoring the notifications?An automated daily email with dashboard informationA required login when notifications are sentAutomated timeline creation for incident dataAppropriate thresholds for notification

       THE SSCP EXAM TOPICS COVERED IN THIS CHAPTER INCLUDE:

       Domain 4.0 Incident Response and Recovery4.1 Support incident lifecycle (e.g., National Institute of Standards and Technology (NIST), International Organization for Standardization (ISO))PreparationDetection, analysis, and escalationContainmentEradicationRecoveryLessons learned/implementation of new countermeasure4.2 Understand and support forensic investigationsLegal (e.g., civil, criminal, administrative) and ethical principlesEvidence handling (e.g., first responder, triage, chain of custody, preservation of scene)Reporting of analysis4.3 Understand and support Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) activitiesEmergency response plans and procedures (e.g., information system contingency plan, natural disaster, crisis management)Interim or alternate processing strategiesRestoration planningBackup and redundancy implementationTesting and drills

      1 Tara recently detected a security incident in progress on her network. What action should be her highest priority at this point?EradicationRecoveryContainmentDetection

      2 Alan is responding to a security incident and receives a hard drive image from a cooperating organization that contains evidence. What additional information should he request to verify the integrity of the evidence?Private keyPublic keyHashDrive capacity

      3 Jeff discovers a series of JPEG photos on a drive that he is analyzing for evidentiary purposes. He uses exiftool to collect metadata from those files. Which information is not likely to be included in that metadata?GPS locationCamera typeNumber of copies madeTimestamp

      4 Chris would like to use John the Ripper to test the security of passwords on a compromised Linux system. What files does he need to conduct this analysis?/etc/shadow and /etc/user/etc/passwd and /etc/user/etc/user and /etc/account/etc/passwd and /etc/shadow

      5 Alex’s organization uses the NIST incident classification scheme. Alex discovers that a laptop belonging to a senior executive had keylogging software installed on it. How should Alex classify this occurrence?EventAdverse eventIncidentPolicy violation

      6 When working to restore systems to their original configuration after a long-term APT compromise, Charles has three options:Option 1: He can restore from a backup and then update patches on the system.Option 2: He can rebuild and patch the system using the original installation media and application software and his organization’s build documentation.Option 3: He can remove the compromised accounts and rootkit tools and then fix the issues that allowed the attackers to access the systems.Which option should Charles choose in this scenario?Option 1Option 2Option 3None of the above. Charles should hire a third party to assess the systems before proceeding.

      7 If Danielle wants to purge a drive, which of the following options will accomplish her goal?Cryptographic eraseReformatOverwritePartition

      8 Cynthia is building a series of scripts to detect malware beaconing behavior on her network. Which of the following is not a typical means of identifying malware beaconing?Persistence of the beaconingBeacon protocolBeaconing intervalRemoval of known traffic

      9 While performing post-rebuild validation efforts, Scott scans a server from a remote network and sees no vulnerabilities. Joanna, the administrator of the machine, runs a scan and discovered two critical vulnerabilities and five moderate issues. What is most likely causing the difference in their reports?Different patch levels during the scansScanning through a load balancerFirewall between the remote network and the serverRunning the scan with different settings

      10 Mika wants to analyze the contents of a drive without causing any changes to the drive. What method is best suited to ensuring this?Set the read-only jumper on the drive.Use a write blocker.Use a read blocker.Use a forensic software package.

      11 What type of forensic investigation-related form is shown here?Chain of custodyReport of examinationForensic discovery logPolicy custody release

      12 Eric has access to a full suite of network monitoring tools and wants to use appropriate tools to monitor network bandwidth consumption. Which of the following is not a common method of monitoring network bandwidth usage?SNMPPortmonPacket sniffingNetflow

      13 After completing an incident response process and providing a final report to management, what step should Casey use to identify improvement to her incident response plan?Update system documentation.Conduct a lessons-learned session.Review patching status and vulnerability scans.Engage third-party consultants.

      14 The senior management of Kathleen’s company is concerned about rogue devices on the network. If Kathleen wants to identify rogue devices on her wired network, which of the following solutions will quickly provide the most accurate information?Discovery scan with a port scannerRouter and switch-based MAC address reportingPhysical surveyReviewing a central administration tool, such as SCCM

      15 During a forensic investigation, Charles discovers that he needs to capture a virtual machine that is part of the critical operations of his company’s website. If he cannot suspend or shut down the machine for business reasons, what imaging process should he follow?Perform a snapshot of the system, boot it, suspend the copied version, and copy the directory it resides in.Copy the virtual disk files and then use a memory capture tool.Escalate to management to get permission to suspend the system to allow a true forensic copy.Use a tool like the Volatility Framework to capture the live machine completely.

      16 Lauren is the IT manager for a small company and occasionally serves as the organization’s information security officer. Which of the following roles should she include as the leader of her organization’s CSIRT?Her lead IT support staff technicianHer organization’s legal counselA third-party IR team leadShe should select herself.

      17 Because of external factors, Eric has only a limited time period to collect an image from a workstation. If he collects only specific files of interest, what type of acquisition has he performed?LogicalBit-by-bitSparseNone of the above

      18 NIST defines five major types of threat information types in NIST SP 800-150


Скачать книгу