Incident Response and Recovery for SSCP

Sample Practice Questions

1. Question 1

   Which of the following is most appropriate to notify an external user that session monitoring is being conducted?
   1. A. Logon Banners
   2. B. Wall poster
   3. C. Employee Handbook
   4. D. Written agreement
   Explanation

   The correct answer is: A. Logon Banners.

   Logon banners are the most appropriate way to notify external users that session monitoring is being conducted because external users have no employee handbook or signed agreement and the banner is the one notice they will encounter every time they connect. The banner gives consent-style notice at the natural point of system entry. A wall poster is irrelevant to external users who never enter the physical premises. An employee handbook applies to employees by definition and so does not cover the external-user case. A written agreement is the gold standard for internal users with named accounts but rarely exists for external connections that may be casual or anonymous. Use logon banners on every internet-facing access path and review their wording for legal and regulatory adequacy in each jurisdiction.

2. Question 2

   Which of the following is NOT a compensating measure for access violations?
   1. A. Backups
   2. B. Business continuity planning
   3. C. Insurance
   4. D. Security awareness
   Explanation

   The correct answer is: D. Security awareness.

   Security awareness is a preventive control rather than a compensating one — it works to stop access violations from happening in the first place by educating users about acceptable behaviour, policy, and threats. Compensating measures, by contrast, address the consequences of a violation that has already occurred. Backups compensate for data loss caused by an unauthorised modification or destruction. Business continuity planning compensates for the operational disruption caused by significant security events. Insurance compensates for the financial loss from incidents that controls did not prevent. Combine preventive controls (awareness, access management, segregation of duties) with compensating measures (backups, BCP, insurance) so the organisation is covered both before and after an event.

3. Question 3

   In addition to the accuracy of the biometric systems, there are other factors that must also be considered:
   1. A. These factors include the enrollment time and the throughput rate, but not acceptability.
   2. B. These factors do not include the enrollment time, the throughput rate, and acceptability.
   3. C. These factors include the enrollment time, the throughput rate, and acceptability.
   4. D. These factors include the enrollment time, but not the throughput rate, neither the acceptability.
   Explanation

   The correct answer is: C. These factors include the enrollment time, the throughput rate, and acceptability..

   Beyond accuracy, biometric systems must also be evaluated on enrollment time, throughput rate, and acceptability — together these factors determine whether the system is usable, scalable, and accepted by the people who will encounter it. Enrollment time governs how disruptive it is to register new users; throughput rate governs how many people can pass through per hour during peak periods; acceptability captures whether users find the technology tolerable and consistent with cultural and privacy norms. Saying only enrollment time and throughput matter ignores acceptability, which has scuttled many otherwise capable biometric rollouts. Saying none of these factors matter is plainly wrong — every biometric procurement gives weight to them. Saying only enrollment time matters again ignores the other dimensions. Evaluate biometric systems on the full triangle of accuracy, performance, and user acceptance before deployment.

4. Question 4

   Which of the following is often the greatest challenge of distributed computing solutions?
   1. A. scalability
   2. B. security
   3. C. heterogeneity
   4. D. usability
   Explanation

   The correct answer is: B. security.

   Security is consistently the greatest challenge of distributed computing solutions because trust boundaries multiply across the components, attack surface expands, data crosses untrusted networks, and authentication and authorization must be maintained across heterogeneous platforms. Each added node and protocol increases the security engineering burden. Scalability is a recognised distributed-computing challenge but modern patterns (sharding, replication, microservices) have given it well-understood treatments. Heterogeneity is a challenge that produces integration friction but is mitigated through standards-based interfaces, message brokers, and protocol abstractions. Usability matters at the application layer but is not the dominant cross-cutting concern that security represents. Engineer distributed systems with zero-trust principles, strong authentication for every service-to-service call, encryption in transit, and continuous monitoring across the distributed surface.

5. Question 5

   Which of the following is NOT an example of an operational control?
   1. A. backup and recovery
   2. B. Auditing
   3. C. contingency planning
   4. D. operations procedures
   Explanation

   The correct answer is: B. Auditing.

   Auditing is a management control in the classic three-category control taxonomy (management, operational, technical) used by NIST SP 800-12 and similar references; it sits at the governance layer where management reviews how the program operates rather than at the day-to-day operational layer. Backup and recovery are operational controls executed routinely as part of running the environment. Contingency planning is operational in the sense that it produces and exercises the procedures that operations teams will follow when something goes wrong. Operations procedures are by definition operational. The taxonomy keeps governance and oversight activities (audit, policy, risk management) at the management level and the procedural execution at the operational level. Know which control class each activity falls into for control-mapping work in any framework.

Other SSCP domains

• Access Controls (203 questions)
• Cryptography (185 questions)
• Network and Communications Security (252 questions)
• Risk Identification, Monitoring, and Analysis (59 questions)
• Security Concepts and Practices (237 questions)
• Systems and Application Security (26 questions)