System Security Certified Practitioner
Exam Questions, Answers,
Cleared paper. Thanks
to www.exams.ws and www.4exam.com. But you don't need
to have it from both of them, Qs from only one are
sufficient regarding paper.
Q 1: DES - Data Encryption
standard has a 128 bit key and is very difficult to
Q 2: What is the main difference between computer
abuse and computer crime?
A. Amount of damage
B. Intentions of the perpetrator
C. Method of compromise
D. Abuse = company insider; crime = company outsider
Q 3: A standardized list of the most common security
weaknesses and exploits is the __________.
A. SANS Top 10
B. CSI/FBI Computer Crime Study
C. CVE - Common Vulnerabilities and Exposures
D. CERT Top 10
Q 4: A salami attack refers to what type of activity?
A. Embedding or hiding data inside of a legitimate
communication - a picture, etc.
B. Hijacking a session and stealing passwords
C. Committing computer crimes in such small doses
that they almost go unnoticed
D. Setting a program to attack a website at 11:59
am on New Year's Eve
Q 5: Multi-partite viruses perform which functions?
A. Infect multiple partitions.
B. Infect multiple boot sectors
C. Infect numerous workstations
D. Combine both boot and file virus behavior
Q 6: What security principle is based on the division
of job responsibilities - designed to prevent fraud?
A. Mandatory Access Control
B. Separation of Duties
C. Information Systems Auditing
D. Concept of Least Privilege
Q 7: _____ is the authoritative entity which lists
C. Network Solutions
Q 8: Cable modems are less secure than DSL connections
because cable modems are shared with other subscribers?
Q 9: ____________ is a file system that was poorly
designed and has numerous security flaws.
E. None of the above
Q 10: Trend Analysis involves analyzing historical
___________ files in order to look for patterns of
abuse or misuse.
Answer: Log files
Q 11: HTTP, FTP, SMTP reside at which layer of the
A. Layer 1 - Physical
B. Layer 3 - Network
C. Layer 4 - Transport
D. Layer 7 - Application
E. Layer 2 - Data Link
Q 12: Layer 4 in the DoD model overlaps with which
layer(s) of the OSI model?
A. Layer 7 - Application Layer
B. Layers 2, 3, & 4 - Data Link, Network, and
C. Layer 3 - Network Layer
D. Layers 5, 6, & 7 - Session, Presentation, and
Q 13: A Security Reference Monitor relates to which
DoD security standard?
E. None of the items listed
Q 14: The ability to identify and audit a user and
his / her actions is known as ____________.
Q 15: There are 5 classes of IP addresses available,
but only 3 classes are in common use today, identify
the three: (Choose three)
A. Class A: 1-126
B. Class B: 128-191
C. Class C: 192-223
D. Class D: 224-255
E. Class E: 0.0.0.0 - 127.0.0.1
Answer: A, B, C