SSCP Exam Questions
1,274 real SSCP exam questions with expert-verified answers and explanations. Page 2 of 26.
- Question #54Security Concepts and Practices
Technical controls such as encryption and access control can be built into the operating system, be software applications, or can be supplemental hardware/software units. Such cont...
Security ControlsPreventive ControlsTechnical ControlsLogical Controls - Question #55Access Controls
What is called the use of technologies such as fingerprint, retina, and iris scans to authenticate the individuals requesting access to resources?
BiometricsAuthenticationAccess ControlIdentification - Question #56Systems and Application Security
What are called user interfaces that limit the functions that can be selected by a user?
User Interface SecuritySecurity DesignApplication SecurityLeast Privilege - Question #57Access Controls
What would be the name of a Logical or Virtual Table dynamically generated to restrict the information a user can access in a database?
Database ViewsAccess ControlData RestrictionDatabase Security - Question #58Security Concepts and Practices
The control measures that are intended to reveal the violations of security policy using software and hardware are associated with:
Security ControlsDetective ControlsTechnical ControlsControl Classification - Question #59Security Concepts and Practices
The controls that usually require a human to evaluate the input from sensors or cameras to determine if a real threat exists are associated with:
Security ControlsDetective ControlsPhysical SecurityControl Types - Question #60Access Controls
A central authority determines what subjects can have access to certain objects based on the organizational security policy is called:
Access Control ModelsNon-Discretionary Access ControlCentralized Access ControlSecurity Policy Enforcement - Question #61Access Controls
What is called the act of a user professing an identity to a system, usually in the form of a log-on ID?
IdentificationAccess ControlSecurity FundamentalsUser Identity - Question #62Access Controls
What is called the verification that the user's claimed identity is valid and is usually implemented through a user password at log-on time?
AuthenticationIdentity VerificationAccess ControlPasswords - Question #63Access Controls
Which one of the following factors is NOT one on which Authentication is based?
Authentication factorsAuthentication typesAuthorizationAccess Control - Question #64Access Controls
Which type of password provides maximum security because a new password is required for each new log-on?
One-time passwordDynamic passwordAuthenticationPassword security - Question #65Access Controls
What is called a password that is the same for each log-on session?
Password typesAuthenticationStatic passwordDynamic password - Question #66Access Controls
What is called a sequence of characters that is usually longer than the allotted number for a password?
PassphrasesAuthenticationPassword SecurityAccess Control - Question #67Access Controls
Which of the following would be true about Static password tokens?
Authentication tokensStatic passwordsIdentity authentication - Question #68Access Controls
In Synchronous dynamic password tokens:
Synchronous dynamic password tokensMulti-factor authenticationAuthentication mechanismsTime-based OTP - Question #69Access Controls
Which of the following choices describe a Challenge-response tokens generation?
AuthenticationChallenge-responseTokensMulti-factor authentication - Question #70Access Controls
What is called an automated means of identifying or authenticating the identity of a living person based on physiological or behavioral characteristics?
BiometricsAuthenticationIdentificationAccess Control - Question #71Access Controls
In biometrics, "one-to-many" search against database of stored biometric images is done in:
BiometricsIdentificationAccess Control Mechanisms - Question #72Access Controls
In biometrics, the "one-to-one" search used to verify claim to an identity made by a person is considered:
BiometricsAuthenticationAccess ControlOne-to-one verification - Question #73Access Controls
What is called the percentage of valid subjects that are falsely rejected by a Biometric Authentication system?
BiometricsAuthentication errorsFRRType I Error - Question #74Access Controls
What is called the percentage at which the False Rejection Rate equals the False Acceptance Rate?
BiometricsCrossover Error RateFalse Rejection RateFalse Acceptance Rate - Question #75Access Controls
Considerations of privacy, invasiveness, and psychological and physical comfort when using the system are important elements for which of the following?
BiometricsUser acceptancePrivacy considerationsAccess control implementation - Question #76Access Controls
Which of the following best ensures accountability of users for the actions taken within a system or domain?
AuthenticationAccountabilityIdentificationAccess Control Fundamentals - Question #77Access Controls
Which of the following statements pertaining to biometrics is FALSE?
BiometricsAuthentication FactorsAccess ControlCrossover Error Rate - Question #78Access Controls
Which of the following biometric devices offers the LOWEST CER?
BiometricsCrossover Error Rate (CER)Iris ScanAuthentication - Question #79Access Controls
Which of the following is the LEAST user accepted biometric device?
BiometricsAuthentication factorsUser acceptanceAccess control systems - Question #80Access Controls
Which of the following is the WEAKEST authentication mechanism?
Authentication mechanismsPassword securityOne-time passwordsToken authentication - Question #81Access Controls
Which of the following statements pertaining to access control is false?
Access Control PrinciplesImplicit DenyLeast PrivilegeRole-Based Access Control (RBAC) - Question #82Access Controls
Which of the following is NOT part of the Kerberos authentication protocol?
KerberosAuthentication ProtocolsSymmetric Cryptography - Question #83Access Controls
Which access control model enables the OWNER of the resource to specify what subjects can access specific resources based on their identity?
Access Control ModelsDiscretionary Access Control (DAC)Resource OwnershipIdentity-based Access - Question #84Access Controls
Which of the following access control models is based on sensitivity labels?
Access Control ModelsMandatory Access ControlSensitivity Labels - Question #85Access Controls
Which access control model is also called Non Discretionary Access Control (NDAC)?
Access Control ModelsNon-Discretionary Access Control (NDAC)Role-Based Access Control (RBAC) - Question #86Access Controls
Which access model is most appropriate for companies with a high employee turnover?
Access Control ModelsRole-Based Access Control (RBAC)User Lifecycle Management - Question #87Access Controls
What can be defined as a list of subjects along with their access rights that are authorized to access a specific object?
Access Control ListsPermissionsAccess Control Models - Question #88Access Controls
What is the difference between Access Control Lists (ACLs) and Capability Tables?
Access Control ListsCapability TablesAccess Control ModelsAuthorization - Question #89Access Controls
What can be defined as a table of subjects and objects indicating what actions individual subjects can take upon individual objects?
Access control matrixAccess control modelsSubjects and objectsPermissions - Question #90Access Controls
Which access control model is best suited in an environment where a high security level is required and where it is desired that only the administrator grants access control?
Access Control ModelsMandatory Access Control (MAC)Security LevelsCentralized Access Control - Question #91Access Controls
Which access control model provides upper and lower bounds of access capabilities for a subject?
Access Control ModelsLattice-based Access ControlMandatory Access ControlSecurity Models - Question #92Security Concepts and Practices
How are memory cards and smart cards different?
Smart CardsMemory CardsHardware SecurityDevice Capabilities - Question #93Systems and Application Security
Why do buffer overflows happen? What is the main cause?
Buffer OverflowApplication SecurityVulnerabilities - Question #94Access Controls
What is the main focus of the Bell-LaPadula security model?
Bell-LaPadulaSecurity ModelsConfidentialityAccess Control - Question #95Access Controls
Which of the following statements pertaining to the Bell-LaPadula is TRUE if you are NOT making use of the strong star property?
Bell-LaPadula ModelAccess Control ModelsConfidentiality ModelStar Property - Question #96Access Controls
Which security model introduces access to objects only through programs?
Security ModelsClark-Wilson modelIntegrityAccess Control - Question #97Security Concepts and Practices
Which security model ensures that actions that take place at a higher security level do not affect actions that take place at a lower level?
Security ModelsNoninterference ModelInformation FlowConfidentiality - Question #98Security Concepts and Practices
Which of the following security models does NOT concern itself with the flow of data?
Security ModelsBell-LaPadulaBibaNoninterference - Question #99Security Concepts and Practices
What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
Orange BookTCSECSecurity EvaluationSystem Assurance - Question #100Access Controls
Which division of the Orange Book deals with discretionary protection (need-to-know)?
Orange BookTCSECDiscretionary Access ControlNeed-to-know - Question #101Security Concepts and Practices
Which of the following is most affected by denial-of-service (DOS) attacks?
Denial of Service (DoS)AvailabilityCIA TriadAttack Impact - Question #102Access Controls
What refers to legitimate users accessing networked services that would normally be restricted to them?
Logon abuseInsider threatAccess controlUser authorization - Question #103Security Concepts and Practices
In regards to information classification what is the main responsibility of information (data) owner?
Information ClassificationData OwnerRoles and ResponsibilitiesData Governance