Systems Security Certified Practitioner
(SSCP) - Exam Prep
Access Control Object - correct answer ✔✔A passive entity that typically receives or contains some form
of data.
Access Control Subject - correct answer ✔✔An active entity and can be any user, program, or process
that requests permission to cause data to flow from an access control object to the access control
subject or between access control objects.
Asynchronous Password Token - correct answer ✔✔A one-time password is generated without the use
of a clock, either from a one-time pad or cryptographic algorithm.
Authorization - correct answer ✔✔Determines whether a user is permitted to access a particular
resource.
Connected Tokens - correct answer ✔✔Must be physically connected to the computer to which the user
is authenticating.
Contactless Tokens - correct answer ✔✔Form a logical connection to the client computer but do not
require a physical connection.
Disconnected Tokens - correct answer ✔✔Have neither a physical nor logical connection to the client
computer.
Entitlement - correct answer ✔✔A set of rules, defined by the resource owner, for managing access to a
resource (asset, service, or entity) and for what purpose.
Identity Management - correct answer ✔✔The task of controlling information about users on
computers.
,Proof of Identity - correct answer ✔✔Verify people's identities before the enterprise issues them
accounts and credentials.
Kerberos - correct answer ✔✔A popular network authentication protocol for indirect (third-party)
authentication services.
Lightweight Directory Access Protocol (LDAP) - correct answer ✔✔A client/server-based directory query
protocol loosely based on X.500, commonly used to manage user information. LDAP is a front end and
not used to manage or synchronize data per se as opposed to DNS.
Single Sign-On (SSO) - correct answer ✔✔Designed to provide strong authentication using secret-key
cryptography, allowing a single identity to be shared across multiple applications.
Static Password Token - correct answer ✔✔The device contains a password that is physically hidden (not
visible to the possessor) but that is transmitted for each authentication.
Synchronous Dynamic Password Token - correct answer ✔✔A timer is used to rotate through various
combinations produced by a cryptographic algorithm.
Trust Path - correct answer ✔✔A series of trust relationships that authentication requests must follow
between domains
Availability - correct answer ✔✔Refers to the ability to access and use information systems when and as
needed to support an organization's operations.
Breach - correct answer ✔✔The intentional or unintentional release of secure information to an
untrusted environment.
CMDB - correct answer ✔✔A configuration management database (CMDB) is a repository that contains a
collection of IT assets that are referred to as configuration items.
Compensating Controls - correct answer ✔✔Introduced when the existing capabilities of a system do not
support the requirements of a policy.
, Confidentiality - correct answer ✔✔Refers to the property of information in which it is only made
available to those who have a legitimate need to know.
Configuration Management (CM) - correct answer ✔✔A discipline that seeks to manage configuration
changes so that they are appropriately approved and documented, so that the integrity of the security
state is maintained, and so that disruptions to performance and availability are minimized.
Corrective Control - correct answer ✔✔These controls remedy the circumstances that enabled
unwarranted activity, and/ or return conditions to where they were prior to the unwanted activity.
COTS - correct answer ✔✔A Federal Acquistion Regulation (FAR) term for commercial off-the-shelf
(COTS) items, that can be purchased n the commercial marketplace and used under government
contract.
Deduplication - correct answer ✔✔A process that scans the entire collection of information looking for
similar chunks of data that can be consolidated.
Defense-in-depth - correct answer ✔✔Provision of several overlapping subsequent limiting barriers with
no respect to one safety or security threshold, so that the threshold can only be surpassed if all barriers
have failed.
Degaussing - correct answer ✔✔A technique of erasing data on disk or tape (including video tapes) that,
when performed properly, ensures that there is insufficient magnetic remanence to reconstruct data.
Deluge System - correct answer ✔✔A fire suppression system with open sprinker heads, water is held
back until a detector in the area is activated.
Deterrent Control - correct answer ✔✔Controls that prescribe some sort of punishment, randing from
embarrassment to job termination or jail time for noncompliance. Their intent is to dissuade people
from performing unwanted acts.
Directive Control - correct answer ✔✔Controls dictated by organizational and legal authorities.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Sakayobako30. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $17.99. You're not tied to anything after your purchase.