(ISC)2 SSCP 問題練習

Question No : 1
A _________ is an information path that is not normally used for communication within a
computer system. It is not protected by the any of the systems security mechanisms.

• A.Trojaned program
• B.Backdoor
• C.Covert channel
• D.Hijacked session
• E.Back-path

答えを確認する

正解:

Question No : 2
The Trusted Computer Security Evaluation Criteria book (TCSEC) defines two types of
assurance.
What are they? (Choose two)

• A.Life cycle assurance
• B.Quality assurance
• C.System architecture assurance
• D.OS hardening methods and assurance
• E.Operational assurance

答えを確認する

正解:

Question No : 3
The Trusted Computer Security Evaluation Criteria book (TCSEC) is also referred to as:

• A.The blue book
• B.The orange book
• C.ISO 792
• D.RFC 1700
• E.BS 1412

答えを確認する

正解:

Question No : 4
Penetration testing involves three steps. At which step should an approve penetration test stop?

• A.War Driving
• B.Network reconnaissance
• C.Network Penetration
• D.System Control
• E.Denial of system services
• F.Network scanning

答えを確認する

正解:

Question No : 5
Penetration testing involves three steps. Identify the three steps below:<br>(Choose three)

• A.War Driving
• B.Network reconnaissance
• C.Network Penetration
• D.System Control
• E.Denial of system services
• F.Network scanning

答えを確認する

正解:

Question No : 6
The amount of risk remaining after security controls have been applied is referred to as:

• A.Remaining risk
• B.Residual risk
• C.Acceptable risk
• D.Outstanding risk
• E.Enduring risk

答えを確認する

正解:

Question No : 7
Total risk is defined as:

• A.Threats * Vulnerability * Asset Control Gap = Total Risk
• B.Threats * Vulnerability * Asset Replacement Cost = Total Risk
• C.Threats * Estimated Downtime * Asset Value = Total Risk
• D.Total Risk = Asset Value * Exposure
• E.Threats * Vulnerability * Asset Value = Total Risk

答えを確認する

正解:

Question No : 8
While there are many different models for IT system life cycle, most contain five unique phases.
Which of the following would be the last phase?

• A.Development
• B.Initiation
• C.Disposal
• D.Operation / Maintenance
• E.Implementation

答えを確認する

正解:

Question No : 9
Risk can be totally eliminated through planning, control, procedures, and insurance.<br>(True /
False)

• A.True
• B.False

答えを確認する

正解:

Question No : 10
While there are many different models for IT system life cycle most contain five unique phases.
Which of the following would be the first phase?

• A.Development
• B.Initiation
• C.Disposal
• D.Operation / Maintenance
• E.Implementation

答えを確認する

正解:

Question No : 11
Define the term tuple.

• A.A record in a relational database
• B.An unordered set of values
• C.An ordered set of rules placed in an ACL
• D.A method of joining HIDS and NIDS together
• E.Values placed in a flat database such as Excel

答えを確認する

正解:

Question No : 12
Volatile memory is referred to as ROM.

• A.Yes
• B.No

答えを確認する

正解:

Question No : 13
Which of the following criteria is used to determine the proper classification of a data
object?<br>(Choose three)

• A.Sensitivity
• B.Value
• C.Useful life
• D.Storage cost
• E.Age

答えを確認する

正解:

Question No : 14
The change control process:

• A.Should allow for quick changes without the burden on paperwork or formal committee review
• B.Every incorporated required change does not need to be traceable to an approved change request
• C.Should be a well defined in that it provides stakeholders with a formal mechanism for proposing changes in requirements
• D.The change control process should not let you track the status of all proposed changes
• E.Should allow for design or implementation work to be performed without approval

答えを確認する

正解:

Question No : 15
Which of the following is considered the LEAST secure?

• A.Confidential
• B.Public
• C.Private
• D.Sensitive

答えを確認する

正解: