Network and Communications Security for SSCP

Sample Practice Questions

1. Question 1

   Which of the following attacks could capture network user passwords?
   1. A. Data diddling
   2. B. Sniffing
   3. C. IP Spoofing
   4. D. Smurfing
   Explanation

   The correct answer is: B. Sniffing.

   Sniffing attacks can capture network user passwords by passively monitoring network traffic for credentials transmitted in cleartext — protocols like Telnet, FTP, HTTP basic auth, and POP3 expose passwords on the wire. Promiscuous-mode network interface monitoring is the sniffing technique. Data diddling is the manipulation of data during entry, not network traffic capture. IP Spoofing impersonates a source IP, not credential capture. Smurfing is an ICMP amplification denial-of-service attack, not credential capture. Defend against sniffing through encryption (TLS, SSH, IPsec) and switched-network architectures that limit broadcast domains.

2. Question 2

   The number of violations that will be accepted or forgiven before a violation record is produced is called which of the following?
   1. A. clipping level
   2. B. acceptance level
   3. C. forgiveness level
   4. D. logging level
   Explanation

   The correct answer is: A. clipping level.

   The clipping level is the number of violations accepted or forgiven before a violation record is produced — a threshold for normal user errors that filters out routine fat-finger mistakes while ensuring suspicious bursts of activity are surfaced. The threshold-based filter is the clipping concept. "Acceptance level" is not a standard term in this context. "Forgiveness level" is also not standard. "Logging level" refers to log verbosity (debug, info, warn, error); not violation thresholds. Tune clipping levels carefully so they catch credential-stuffing and brute-force patterns without overwhelming analysts with normal user-error noise.

3. Question 3

   Which of the following is NOT a system-sensing wireless proximity card?
   1. A. magnetically striped card
   2. B. passive device
   3. C. field-powered device
   4. D. transponder
   Explanation

   The correct answer is: A. magnetically striped card.

   A magnetically striped card is NOT a system-sensing wireless proximity card — magnetic stripe cards require physical contact (swiping) with the reader, not wireless proximity sensing. Magnetic stripe is contact-based. Passive devices in proximity cards do not have their own power source; they rely on the reader's field for power. Field-powered devices are the same as passive devices, drawing power from the reader's RF field. Transponders actively transmit data when interrogated by the reader. RFID and NFC cards have largely replaced magnetic-stripe for access control because they offer the contactless convenience and harder-to-clone security of wireless proximity sensing.

4. Question 4

   Which of the following is NOT a type of motion detector?
   1. A. Photoelectric sensor
   2. B. Passive infrared sensors
   3. C. Microwave Sensor.
   4. D. Ultrasonic Sensor.
   Explanation

   The correct answer is: A. Photoelectric sensor.

   The suggested answer is A. A photoelectric sensor does not "directly" sense motion there is a narrow beam that won't set off the sensor unless the beam is broken. Photoelectric sensors, along with dry contact switches, are a type of perimeter intrusion detector. All of the other answers are valid types of motion detectors types. The content below on the different types of sensors is from Wikepedia: Indoor Sensors - These types of sensors are designed for indoor use. Outdoor use would not be advised due to false alarm vulnerability and weather durability.Passive infrared detectors Passive Infrared Sensor - The passive infrared detector (PIR) is one of the most common detectors found in household and small business environments because it offers affordable and reliable functionality. The term passive means the detector is able to function without the need to generate and radiate its own energy (unlike ultrasonic and microwave volumetric intrusion detectors that are "active" in operation). PIRs are able to distinguish if an infrared emitting object is present by first learning the ambient temperature of the monitored space and then detecting a change in the temperature caused by the presence of an object. Using the principle of differentiation, which is a check of presence or nonpresence, PIRs verify if an intruder or object is actually there. Creating individual zones of detection where each zone comprises one or more layers can achieve differentiation. Between the zones there are areas of no sensitivity (dead zones) that are used by the sensor for comparison. Ultrasonic detectors - Using frequencies between 15 kHz and 75 kHz, these active detectors transmit ultrasonic sound waves that are inaudible to humans. The Doppler shift principle is the underlying method of operation, in which a change in frequency is detected due to object motion. This is caused when a moving object changes the frequency of sound waves around it. Two conditions must occur to successfully detect a Doppler shift event: There must be motion of an object either towards or away from the receiver. The motion of the object must cause a change in the ultrasonic frequency to the receiver relative to the transmitting frequency. The ultrasonic detector operates by the transmitter emitting an ultrasonic signal into the area to be protected. The sound waves are reflected by solid objects (such as the surrounding floor, walls and ceiling) and then detected by the receiver. Because ultrasonic waves are transmitted through air, then hard-surfaced objects tend to reflect most of the ultrasonic energy, while soft surfaces tend to absorb most energy. When the surfaces are stationary, the frequency of the waves detected by the receiver will be equal to the transmitted frequency. However, a change in frequency will occur as a result of the Doppler principle, when a person or object is moving towards or away from the detector. Such an event initiates an alarm signal. This technology is considered obsolete by many alarm professionals, and is not actively installed. Microwave detectors - This device emits microwaves from a transmitter and detects any reflected microwaves or reduction in beam intensity using a receiver. The transmitter and receiver are usually combined inside a single housing (monostatic) for indoor applications, and separate housings (bistatic) for outdoor applications. To reduce false alarms this type of detector is usually combined with a passive infrared detector or "Dualtec" alarm. Microwave detectors respond to a Doppler shift in the frequency of the reflected energy, by a phase shift, or by a sudden reduction of the level of received energy. Any of these effects may indicate motion of an intruder. Photo-electric beams - Photoelectric beam systems detect the presence of an intruder by transmitting visible or infrared light beams across an area, where these beams may be obstructed. To improve the detection surface area, the beams are often employed in stacks of two or more. However, if an intruder is aware of the technology's presence, it can be avoided. The technology can be an effective long-range detection system, if installed in stacks of three or more where the transmitters and receivers are staggered to create a fence-like barrier. Systems are available for both internal and external applications. To prevent a clandestine attack using a secondary light source being used to hold the detector in a 'sealed' condition whilst an intruder passes through, most systems use and detect a modulated light source. Glass break detectors - The glass break detector may be used for internal perimeter building protection. When glass breaks it generates sound in a wide band of frequencies. These can range from infrasonic, which is below 20 hertz (Hz) and can not be heard by the human ear, through the audio band from 20 Hz to 20 kHz which humans can hear, right up to ultrasonic, which is above 20 kHz and again cannot be heard. Glass break acoustic detectors are mounted in close proximity to the glass panes and listen for sound frequencies associated with glass breaking. Seismic glass break detectors are different in that they are installed on the glass pane. When glass breaks it produces specific shock frequencies which travel through the glass and often through the window frame and the surrounding walls and ceiling. Typically, the most intense frequencies generated are between 3 and 5 kHz, depending on the type of glass and the presence of a plastic interlayer. Seismic glass break detectors "feel" these shock frequencies and in turn generate an alarm condition. The more primitive detection method involves gluing a thin strip of conducting foil on the inside of the glass and putting low-power electrical current through it. Breaking the glass is practically guaranteed to tear the foil and break the circuit. Smoke, heat, and carbon monoxide detectors Heat Detection System - Most systems may also be equipped with smoke, heat, and/or carbon monoxide detectors. These are also known as 24 hour zones (which are on at all times). Smoke detectors and heat detectors protect from the risk of fire and carbon monoxide detectors protect from the risk of carbon monoxide. Although an intruder alarm panel may also have these detectors connected, it may not meet all the local fire code requirements of a fire alarm system. Other types of volumetric sensors could be: Active Infrared - Passive Infrared/Microware combined Radar - Accoustical Sensor/Audio - Vibration Sensor (seismic) Air Turbulence A

5. Question 5

   Which of the following classes is defined in the TCSEC (Orange Book) as discretionary protection?
   1. A. C
   2. B. B
   3. C. A
   4. D. D
   Explanation

   The correct answer is: A. C.

   Class C in the TCSEC (Orange Book) is defined as discretionary protection — C1 (Discretionary Security Protection) and C2 (Controlled Access Protection) are the discretionary-protection classes in TCSEC. Class B is mandatory protection (B1 Labelled, B2 Structured, B3 Security Domain). Class A is verified protection (A1 Verified Design); the highest TCSEC class. Class D is minimal protection; the floor below all higher classes. TCSEC has been superseded by Common Criteria, but its hierarchy (D, C1, C2, B1, B2, B3, A1) remains a textbook reference for high-assurance system evaluation.

Other SSCP domains

• Access Controls (203 questions)
• Cryptography (185 questions)
• Incident Response and Recovery (112 questions)
• Risk Identification, Monitoring, and Analysis (59 questions)
• Security Concepts and Practices (237 questions)
• Systems and Application Security (26 questions)