100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Official (ISC)² SSCP questions with correct answers $23.49   Add to cart

Exam (elaborations)

Official (ISC)² SSCP questions with correct answers

 6 views  0 purchase
  • Course
  • SSCP - Systems Security Certified Practitioner
  • Institution
  • SSCP - Systems Security Certified Practitioner

Official (ISC)² SSCP questions with correct answers

Preview 4 out of 257  pages

  • September 21, 2024
  • 257
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • SSCP - Systems Security Certified Practitioner
  • SSCP - Systems Security Certified Practitioner
avatar-seller
Sakayobako30
Official (ISC)² SSCP

Access Control Object - correct answer ✔✔A passive entity that typically receives or contains some form
of data.



Access Control Subject - correct answer ✔✔An active entity and can be any user, program, or process
that requests permission to cause data to flow from an access control object to the access control
subject or between access control objects.



Asynchronous Password Token - correct answer ✔✔A one-time password is generated without the use
of a clock, either from a one-time pad or cryptographic algorithm.



Authorization - correct answer ✔✔Determines whether a user is permitted to access a particular
resource.



Connected Tokens - correct answer ✔✔Must be physically connected to the computer to which the user
is authenticating.



Contactless Tokens - correct answer ✔✔Form a logical connection to the client computer but do not
require a physical connection.



Disconnected Tokens - correct answer ✔✔Have neither a physical nor logical connection to the client
computer.



Entitlement - correct answer ✔✔A set of rules, defined by the resource owner, for managing access to a
resource (asset, service, or entity) and for what purpose.



Identity Management - correct answer ✔✔The task of controlling information about users on
computers.

,Proof of Identity - correct answer ✔✔Verify people's identities before the enterprise issues them
accounts and credentials.



Kerberos - correct answer ✔✔A popular network authentication protocol for indirect (third-party)
authentication services.



Lightweight Directory Access Protocol (LDAP) - correct answer ✔✔A client/server-based directory query
protocol loosely based on X.500, commonly used to manage user information. LDAP is a front end and
not used to manage or synchronize data per se as opposed to DNS.



Single Sign-On (SSO) - correct answer ✔✔Designed to provide strong authentication using secret-key
cryptography, allowing a single identity to be shared across multiple applications.



Static Password Token - correct answer ✔✔The device contains a password that is physically hidden (not
visible to the possessor) but that is transmitted for each authentication.



Synchronous Dynamic Password Token - correct answer ✔✔A timer is used to rotate through various
combinations produced by a cryptographic algorithm.



Trust Path - correct answer ✔✔A series of trust relationships that authentication requests must follow
between domains



6to4 - correct answer ✔✔Transition mechanism for migrating from IPv4 to IPv6. It allows systems to use
IPv6 to communicate if their traffic has to transverse an IPv4 network.



Absolute addresses - correct answer ✔✔Hardware addresses used by the CPU.



Abstraction - correct answer ✔✔The capability to suppress unnecessary details so the important,
inherent properties can be examined and reviewed.



Accepted ways for handling risk - correct answer ✔✔Accept, transfer, mitigate, avoid.

,Access - correct answer ✔✔The flow of information between a subject and an object.



Access control matrix - correct answer ✔✔A table of subjects and objects indicating what actions
individual subjects can take upon individual objects.



Access control model - correct answer ✔✔An access control model is a framework that dictates how
subjects access objects.



Access controls - correct answer ✔✔Are security features that control how users and systems
communicate and interact with other systems and resources.



Accreditation - correct answer ✔✔Formal acceptance of the adequacy of a system's overall security by
management.



Active attack - correct answer ✔✔Attack where the attacker does interact with processing or
communication activities.



ActiveX - correct answer ✔✔A Microsoft technology composed of a set of OOP technologies and tools
based on COM and DCOM. It is a framework for defining reusable software components in a
programming language-independent manner



Address bus - correct answer ✔✔Physical connections between processing components and memory
segments used to communicate the physical memory addresses being used during processing
procedures.



Address resolution protocol (ARP) - correct answer ✔✔A networking protocol used for resolution of
network layer IP addresses into link layer MAC addresses.



Address space layout randomization (ASLR) - correct answer ✔✔Memory protection mechanism used by
some operating systems. The addresses used by components of a process are randomized so that it is
harder for an attacker to exploit specific memory vulnerabilities.

, Algebraic attack - correct answer ✔✔Cryptanalysis attack that exploits vulnerabilities within the intrinsic
algebraic structure of mathematical functions.



Algorithm - correct answer ✔✔Set of mathematical and logic rules used in cryptographic functions.



Analog signals - correct answer ✔✔Continuously varying electromagnetic wave that represents and
transmits data.



Analytic attack - correct answer ✔✔Cryptanalysis attack that exploits vulnerabilities within the algorithm
structure.



Annualized loss expectancy (ALE) - correct answer ✔✔Annual expected loss if a specific vulnerability is
exploited and how it affects a single asset. SLE × ARO = ALE.



Application programming interface (API) - correct answer ✔✔Software interface that enables process-to-

process interaction. Common way to provide access to standard routines to a set of software programs.



Arithmetic logic unit (ALU) - correct answer ✔✔A component of the computer's processing unit, in
which arithmetic and matching operations are performed.



AS/NZS 4360 - correct answer ✔✔Australia and New Zealand business risk management assessment
approach.



Assemblers - correct answer ✔✔Tools that convert assembly code into the necessary machine-
compatible binary language for processing activities to take place.



Assembly language - correct answer ✔✔A low-level programming language that is the mnemonic
representation of machine-level instructions.



Assurance evaluation criteria - correct answer ✔✔Check-list and process of examining the security-
relevant parts of a system (TCB, reference monitor, security kernel) and assigning the system an
assurance rating.

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Sakayobako30. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $23.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

81531 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$23.49
  • (0)
  Add to cart