Exam (elaborations)
SSCP Test Questions and Correct Answers
- Course
- Institution
SSCP Test Questions and Correct Answers
[Show more]
Content preview
SSCPYour company adopts a new end-user security awareness program. This training includes malware
introduction, social media issues, password guidelines, data exposure, and lost
devices. How often should end users receive this training?
A) upon new hire
B) twice a year
C) one a year and upon termination
D) upon termination
E) upon new hire and once a year thereafter
F) once a year - Answer-E)
End users should receive security awareness training upon new hire and once a year thereafter. This
ensures that new hires understand security issues immediately. It also
ensures that end users receive updates to their security awareness knowledge on an annual basis
What is the term used to describe the risk management strategy of an organization altering a business
task to work around a specific event or activity in order to prevent
compromise?
,A) Deterrence
B) Acceptance
C) Transference
D) Avoidance - Answer-D)
Avoidance is the term used to describe the risk management strategy of an organization altering a
business task in order to work around a specific event or activity in order to
prevent compromise. By adjusting business processes to work around a risky activity or event, the
impact of a realized threat can be eliminated or reduced. This can be an
effective tool when designing a risk management strategy. Risk avoidance or risk removal is sometimes
considered a sub-category of risk mitigation. However, risk avoidance is not the dominate concept or
defining factor.
Which of the following types of activities is NOT commonly performed in preparation for a security
assessment?
A) Apply patches.
B) Collect host configuration documentation.
C) Review the security policies.
D) Analyze the change management procedures. - Answer-A)
Applying patches is not an activity commonly performed in preparation for a security assessment.
Applying patches is often part of the remediation actions taken after the security
assessment. The security assessment will determine where security is lax or where improvements to
security can be made. This may then require remediation activities such as
removing equipment, changing configuration, altering business processes, and applying patches.
When an organization has limited visibility of their risk, in addition to how risk affects daily operations, in
what state or condition is the organization?
A) Processing state
,B) Proactive state
C) Preventive state
D) Reactive state - Answer-D)
When an organization has limited visibility of their risk and on how risk affects daily operations, they are
in a reactive state. A reactive state or condition occurs when an
organization is only equipped to respond to compromises as they occur. This is a condition of always
being behind and being pushed by security violations into taking actions, often
without planning or consideration. Organizations should strive to break out of the reactive state in order
to become proactive. By implementing a risk management and response strategy, an organization can
become more aware of their ongoing and operational risks. They can take efforts to plan for potential
compromises and how to response
appropriately. By implementing a sound security strategy, risk can be managed rather than being only
reacted to.
How can a user be given the power to set privileges on an object for other users when within a DAC
operating system?
A) Give the user the modify privilege on the object.
B) Remove special permissions for the user on the object.
C) Grant the user full control over the object.
D) Issue an administrative job label to the user - Answer-C)
Granting the user full control over the object will provide a user with the power to set privileges on an
object for other users when within a DAC operating system. Three other
methods within a DAC environment to accomplish this are to 1) have the user be an owner of the object,
2) grant the user the change permissions special permission, or 3) be a member of the administrators
group. Any user who creates a new object is automatically the owner of that object, but administrators
can either take ownership or grant ownership
to other users. Administrators can take ownership in order to gain full access over an object.
Why is it important to evaluate intangible assets while performing a risk assessment?
, A) Intangible assets cannot be harmed by threats.
B) They can be sold for operating funds.
C) Only tangible assets have value.
D) Not all assets are tangible. - Answer-It is important to evaluate intangible assets while performing a
risk assessment because not all assets are tangible. Many assets are intangible, such as trade secrets,
intellectual
property, proprietary data, customer databases, contracts, agreements, public opinion, market share,
customer loyalty, and any and all data storage. Generally, an intangible asset is one that is not a physical
item. However, intangible assets can be very valuable and thus need protection. Evaluating the risks to
intangible assets is an early step towards implementing proper security measures.
How is subject-based access control different from object-based?
A) The focus is on an attribute or setting on the subject.
B) Labels on resources are the primary concern.
C) It always based on ACLs.
D) It is based on the content of the object - Answer-A)
Subject-based access control focuses on an attribute or setting on the subject for making authorization
decisions. It is also referred to as attribute-based access control. The
attributes or setting on a subject can be time of day, location, or internal or external to the private
network, and whether a valid authentication was performed within a specific
period of time. Another aspect of subject-based access control is to assign privileges to subjects based
specifically on their job responsibilities, as that is used in role-based access
control.
How is the chosen risk response strategy of risk acceptance proven and supported in a court of law?
A) With a document signed by senior management
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Zanaya. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $16.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
77254 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now