Exam (elaborations)
SYSTEMS SECURITY CERTIFIED PRACTITIONER (SSCP) EXAM QUESTIONS WITH CORRECT ANSWERS RATED A+
- Course
- Institution
SYSTEMS SECURITY CERTIFIED PRACTITIONER (SSCP) EXAM QUESTIONS WITH CORRECT ANSWERS RATED A+
[Show more]
Content preview
HOSMERITSYSTEMS SECURITY CERTIFIED PRACTITIONER
(SSCP) EXAM QUESTIONS WITH CORRECT
ANSWERS RATED A+
Access Control Object – A passive entity that typically receives or contains some form of data
Access Control Subject – An active entity and can be any user, program, or process that
requests permission to cause data to flow from an access control object to the access control
subject or between access control objects.
Asynchronous Password Token – A one-time password is generated without the use of a clock,
either from a one-time pad or cryptographic algorithm.
Information Rights Management (IRM) – Assigns specific properties to an object such as how
long the object may exist, what users or systems may access it, and if any notifications need to
occur when the file is opened, modified, or printed.
Integrity – The property of information whereby it is recorded, used, and maintained in a way
that ensures its completeness, accuracy, internal consistency, and usefulness for a stated
purpose.
IT Asset Management (ITAM) – Entails collecting inventory and financial and contractual data
to manage the IT asset throughout its life cycle.
Least Privilege – A security principle in which any user/process is given only the necessary,
minimum level of access rights (privileges) explicitly, for the minimum amount of time, in
order for it to complete its operation.
Non-repudiation – A service that is used to provide assurance of the integrity and origin of data
in such a way that the integrity and origin can be verified by a third party as having originated
from a specific entity in possession of the private key of the claimed signatory.
,Confidentiality – Refers to the property of information in which it is only made available to
those who have a legitimate need to know.
Configuration Management (CM) – A discipline that seeks to manage configuration changes
so that they are appropriately approved and documented, so that the integrity of the security
state is maintained, and so that disruptions to performance and availability are minimized.
Corrective Control – These controls remedy the circumstances that enabled unwarranted
activity, and/ or return conditions to where they were prior to the unwanted activity.
COTS – A Federal Acquistion Regulation (FAR) term for commercial off-the-shelf (COTS)
items, that can be purchased n the commercial marketplace and used under government
contract.
Deduplication – A process that scans the entire collection of information looking for similar
chunks of data that can be consolidated.
Defense-in-depth – Provision of several overlapping subsequent limiting barriers with no
respect to one safety or security threshold, so that the threshold can only be surpassed if all
barriers have failed.
Degaussing – A technique of erasing data on disk or tape (including video tapes) that, when
performed properly, ensures that there is insufficient magnetic remanence to reconstruct data.
Pre-action System – A fire suppression system that contains water in the pipes but will not
release the water until detectors in the area have been activated. This can eliminate concerns of
water damage due to accidental or false activation.
Authorization – Determines whether a user is permitted to access a particular resource.
Connected Tokens – Must be physically connected to the computer to which the user is
authenticating.
, Contactless Tokens – Form a logical connection to the client computer but do not require a
physical connection.
Disconnected Tokens – Have neither a physical nor logical connection to the client computer.
Entitlement – A set of rules, defined by the resource owner, for managing access to a resource
(asset, service, or entity) and for what purpose.
Identity Management - ANS - The task of controlling information about users on computers.
Proof of Identity - ANS - Verify people's identities before the enterprise issues them accounts
and credentials.
Kerberos - ANS - A popular network authentication protocol for indirect (third-party)
authentication services.
Lightweight Directory Access Protocol (LDAP) - ANS - A client/server-based directory query
protocol loosely based on X.500, commonly used to manage user information. LDAP is a front
end and not used to manage or synchronize data per se as opposed to DNS.
Single Sign-On (SSO) - ANS - Designed to provide strong authentication using secret-key
cryptography, allowing a single identity to be shared across multiple applications.
Static Password Token - ANS - The device contains a password that is physically hidden (not
visible to the possessor) but that is transmitted for each authentication.
Synchronous Dynamic Password Token - ANS - A timer is used to rotate through various
combinations produced by a cryptographic algorithm.
Trust Path - ANS - A series of trust relationships that authentication requests must follow
between domains
Availability - ANS - Refers to the ability to access and use information systems when and as
needed to support an organization's operations.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Lectpearl. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
77988 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now
