SSCP Certification (ISC)² 2023/2024 Test
Exam Review Questions with all Answers
verified for accuracy
Roaming - correct answer Supported by RADIUS; ability of
an authenticated endpoint and user to move from one physical
point of connection into the network to another
Kerberos and Lightweight Directory Access Protocol (LDAP) -
correct answer Used to further protect information assets
themselves once a requesting endpoint and user subject have
been allowed to access to the network via RADIUS
authentication
Terminal Access Controller Access Control System (TACACS) -
correct answer Grew out of early Department of Defense
network needs for automating authentication of remote users ;
widespread use in Unix-based server systems
TACACS+ - correct answer Splits authentication,
authorization, and accounting into separate functions providing
systems administrators with greater degree of control over and
visibility into each of these processes ; uses TCP for greater
connection ; can define policies based on user type, role,
location, device, time of day, or other ; integrates well with
Microsoft's Active Directory and provides key functionality for
single sign-on (SSO) ; provides greater command logging and
central management features making it well suited for systems
administrators to use to meet the AAA needs of their network
,Business Impact Analysis - correct answer Captures
leadership's deliberations about risk tolerance and risk as it's
applied to key objectives, goals, outcomes, processes, or assets ;
drives vulnerability assessment processes for the information
architecture and the IT infrastructure, systems, and apps that
support it ;
Centralized Access Control - correct answer Implemented
using one system to provide ALL identity management and
access control mechanisms
Decentralized Access Control - correct answer Segments the
organization's total set of subjects and objects (its access control
problem) into partitions with an access control system and its
servers for each such partition ; often seen in applications or
platforms built around database engines in which the
application, platform, or database uses its own access control
logic and database for authentication, authorization, and
accounting
Nondiscretionary Access Control (NAC) - correct answer
allow the organization to choose when and how to make access
control decisions based upon a wide range of specific needs
Policy Objects - correct answer Software and data
constructs that the administrators use to enable, disable, or tune
specific features and functions that the OS provides to users ;
can enforce administrative about password complexity, renewal
frequency, allowable number of retries, lockout upon repeated
failed login attempts, and the like
,Trusted Installer - correct answer Identity, for instance, is
what gets invoked to install software updates, new apps, or
patches to the OS; this happens when you click yes to that 'this
task wants to make changes to your computer' prompt
Things the User Has - correct answer Type of authentication
that may include identification cards or documents, electronic
code-generating identity devices (I.e key fobs or apps on a
smartphone) or machine-readable identity cards
Information the user knows - correct answer Type of
authentication where users personally identifying information
such as passwords, answers to secret questions, or details of
their own personals or professional life
What the User Is - correct answer Type of authentication
where biometric devices can measure their fingerprints, retinal
patterns, voice patterns, and many other physiological
characteristics that are reasonably unique to a specific individual
and hard to mimic ; each type of factor, by itself is subject to
being illicitly copied and used to attempt to spoof identity for
systems access
False positive errors (false acceptance rate) - correct answer
Acceptance of a presented factor that is not the authentic one ;
when an unauthorized or unrecognized subject is mistakenly
allowed access ; when you tolerate too much error
False negative errors (false rejection rate) - correct answer
Rejection of authentic factors and can be things that legitimate
users may forget (such as passwords, or leaving their second-
, factor authentication device or card at home) - when a
legitimate, trusted access request by a subject is denied in
error ; when you tolerate too little errors
Type 1 Error - correct answer another name for false
negative /false rejection
Type 2 Error - correct answer Another name for false
positive
Server-Based Identity Management and Access Control Systems -
correct answer Scale much more easily than node-by-node,
device-by-device attempts at solutions and often provide
significantly greater authentication, authorization and
accounting functions
Performance, reliability, and availability - correct answer 3
Things that dictate a local IAM server and repository
Integrated Identity Management and Access Control Systems -
correct answer When business further expands and needs to
share information resources or provide platform access to
partners, clients, or vendors = identity access management
functions become more complicated
Directory System - correct answer Method of integrated
identity management and access control systems that ensures
each time an application needs to validate an access request or
operation, it uses that same set of credentials requiring a server
