Book Image

SSCP Systems Security Certified Practitioner Official Practice Tests

By : Mike Chapple, David Seidl
Book Image

SSCP Systems Security Certified Practitioner Official Practice Tests

By: Mike Chapple, David Seidl

Overview of this book

The SSCP certification is offered by the International Information System Security Certification Consortium (ISC)2. The SSCP is the entry-level credential in this series. With SSCP certification, you’ll meet the requirements of the Department of Defense for entry-level Information Assurance Technical (IAT I) roles, positioning you for a successful career in cybersecurity. This book's first seven chapters cover each of the seven domains on the SSCP exam with sixty or more questions per domain, so you can focus your study efforts exactly where you need more review. The book also contains two complete practice exams that you can use as time trials to assess your readiness for the SSCP and a future in the field of information assurance. By the end of the book, you would have strengthened your weak areas and reinforced your learning to ace the test and earn the certification.
Table of Contents (14 chapters)
Chapter 1 Access Controls (Domain 1)
Chapter 2 Security Operations and Administration (Domain 2)
Chapter 3 Risk Identification, Monitoring, and Analysis (Domain 3)
Chapter 4 Incident Response and Recovery (Domain 4)
Chapter 5 Cryptography (Domain 5)
Chapter 6 Network and Communications Security (Domain 6)
Chapter 7 Systems and Application Security (Domain 7)
Chapter 8 Practice Test 1
Chapter 9 Practice Test 2
End User License Agreement

Chapter 9
Practice Test 2

  1. During a system audit, Casey notices that the private key for her organization’s web server has been stored in a public Amazon S3 storage bucket for more than a year. What should she do?

    1. Remove the key from the bucket.
    2. Notify all customers that their data may have been exposed.
    3. Request a new certificate using a new key.
    4. Nothing, because the private key should be accessible for validation
  2. Which of the following is not a common threat to access control mechanisms?

    1. Fake login pages
    2. Phishing
    3. Dictionary attacks
    4. Man-in-the-middle attacks
  3. Which one of the following would be considered an example of infrastructure as a service cloud computing?

    1. Payroll system managed by a vendor and delivered over the web
    2. Application platform managed by a vendor that runs customer code
    3. Servers provisioned by customers on a vendor-managed virtualization platform
    4. Web-based email service provided by a vendor
  4. Referring to the fire triangle shown here, which...