Browse Exams Pricing

ExamsSSCPQuestions

SSCP Exam Questions

1,274 real SSCP exam questions with expert-verified answers and explanations. Page 3 of 26.

Question #104Access Controls
Which of the following is not a two-factor authentication mechanism?
AuthenticationMulti-factor AuthenticationTwo-factor AuthenticationAuthentication Factors
Question #105Access Controls
Which of the following access control models introduces user security clearance and data classification?
Access Control ModelsMandatory Access Control (MAC)Security ClearanceData Classification
Question #106Access Controls
Password management falls into which control category?
Password ManagementSecurity ControlsPreventive ControlsControl Types
Question #107Access Controls
Which of the following access control models requires security clearance for subjects?
Access Control ModelsMandatory Access ControlSecurity Clearance
Question #108Access Controls
Which of the following access control models requires defining classification for objects?
Access Control ModelsMandatory Access ControlObject ClassificationSecurity Labels
Question #109Access Controls
In the context of access control, locks, gates, guards are examples of which of the following?
Access ControlPhysical ControlsSecurity Controls
Question #110Cryptography
Which of the following statements pertaining to using Kerberos without any extension is false?
KerberosAuthentication ProtocolsSymmetric Cryptography
Question #111Access Controls
Which of the following statements pertaining to Kerberos is false?
KerberosAuthenticationSymmetric CryptographyKey Distribution Center
Question #112Access Controls
Which access control model would a lattice-based access control model be an example of?
Access Control ModelsMandatory Access Control (MAC)Lattice-Based Access Control
Question #113Access Controls
Which of the following is an example of discretionary access control?
Discretionary Access Control (DAC)Access Control ModelsIdentity-based access control
Question #114Access Controls
Which of the following would be used to implement Mandatory Access Control (MAC)?
Mandatory Access Control (MAC)Lattice-based Access ControlAccess Control ModelsSecurity Models
Question #115Security Concepts and Practices
Which type of attack involves impersonating a user or a system?
Spoofing attackImpersonationAttack typesSecurity threats
Question #116Access Controls
Which of the following is NOT an advantage that TACACS+ has over TACACS?
TACACS+TACACSAuthentication ProtocolsAAA (Authentication, Authorization, Accounting)
Question #117Access Controls
Which of the following remote access authentication systems is the most robust?
Remote Access AuthenticationTACACS+RADIUSAAA Protocols
Question #118Security Concepts and Practices
Which of the following is an example of a passive attack?
Passive attackAttack typesShoulder surfingThreats
Question #119Access Controls
What does the Clark-Wilson security model focus on?
Security ModelsClark-WilsonIntegrity
Question #120Access Controls
What does the simple security (ss) property mean in the Bell-LaPadula model?
Bell-LaPadula modelSimple Security PropertyAccess Control ModelsConfidentiality
Question #121Access Controls
What does the (star) property mean in the Bell-LaPadula model?
Bell-LaPadula ModelConfidentiality ModelAccess Control ModelsSecurity Models
Question #122Access Controls
What does the (star) integrity axiom mean in the Biba model?
Security ModelsBiba ModelIntegrityAccess Control Axioms
Question #123Access Controls
What does the simple integrity axiom mean in the Biba model?
Biba ModelIntegrity ModelsAccess Control Models
Question #124Security Concepts and Practices
What is the Biba security model concerned with?
Biba security modelIntegrity modelSecurity modelsInformation security principles
Question #125Security Concepts and Practices
Which security model uses division of operations into different parts and requires different users to perform each part?
Security ModelsClark-Wilson ModelSeparation of DutiesIntegrity Models
Question #126Access Controls
What is the main objective of proper separation of duties?
Separation of DutiesAccess Control PrinciplesSecurity GovernancePreventive Controls
Question #127Security Concepts and Practices
Which of the following is related to physical security and is not considered a technical control?
Physical SecuritySecurity ControlsTechnical ControlsPhysical Controls
Question #128Security Concepts and Practices
Which of the following floors would be most appropriate to locate information processing facilities in a 6-stories building?
Physical SecurityFacility LocationRisk MitigationEnvironmental Protection
Question #129Security Operations and Administration
Which of the following Operation Security controls is intended to prevent unauthorized intruders from internally or externally accessing the system, and to lower the amount and imp...
Security ControlsPreventative ControlsOperational SecurityControl Types
Question #130Risk Identification, Monitoring and Analysis
This baseline sets certain thresholds for specific errors or mistakes allowed and the amount of these occurrences that can take place before it is considered suspicious?
Clipping levelSecurity monitoringThresholdsSuspicious activity detection
Question #131Risk Identification, Monitoring and Analysis
Which type of control is concerned with avoiding occurrences of risks?
Security ControlsPreventive ControlsRisk MitigationControl Types
Question #132Security Concepts and Practices
Which type of control is concerned with restoring controls?
Security controlsCorrective controlsControl types
Question #133Access Controls
Which of the following biometric parameters are better suited for authentication use over a long period of time?
BiometricsAuthenticationBiometric characteristicsIris scan
Question #134Security Concepts and Practices
In the CIA triad, what does the letter A stand for?
CIA triadAvailabilityInformation security principlesConfidentialityIntegrity
Question #135Access Controls
Which TCSEC class specifies discretionary protection?
TCSECDiscretionary Access ControlSecurity ModelsAccess Control
Question #136Access Controls
Which of the following access control techniques best gives the security officers the ability to specify and enforce enterprise-specific security policies in a way that maps natura...
Access control modelsRole-based access controlSecurity policiesOrganizational structure
Question #137Access Controls
Which access control model was proposed for enforcing access control in government and military applications?
Access Control ModelsBell-LaPadulaConfidentialityMulti-level Security
Question #138Access Controls
Which access control model achieves data integrity through well-formed transactions and separation of duties?
Access Control ModelsClark-Wilson ModelData IntegritySeparation of Duties
Question #139Security Concepts and Practices
For maximum security design, what type of fence is most effective and cost-effective method (Foot are being used as measurement unit below)?
Physical SecurityPerimeter SecurityFencingDefense-in-Depth
Question #140Security Operations and Administration
Which of the following protection devices is used for spot protection within a few inches of the object, rather than for overall room security monitoring?
Physical SecuritySecurity DevicesIntrusion DetectionCapacitance Detectors
Question #141Security Concepts and Practices
Physical security is accomplished through proper facility construction, fire and water protection, anti-theft mechanisms, intrusion detection systems, and security procedures that...
Physical SecuritySecurity ControlsAdministrative ControlsTechnical Controls
Question #142Security Operations and Administration
The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated up to?
NIST StandardsPhysical SecurityPerimeter ProtectionIllumination
Question #143Access Controls
This is a common security issue that is extremely hard to control in large environments. It occurs when a user has more computer rights, permissions, and access than what is requir...
Least PrivilegeAccess ControlPrivilege ManagementSecurity Principles
Question #144Access Controls
Which of the following are additional access control objectives?
Access control objectivesReliabilityUtilityAccess Control
Question #145Access Controls
Logical or technical controls involve the restriction of access to systems and the protection of information. Which of the following statements pertaining to these types of control...
Security ControlsLogical ControlsTechnical ControlsAccess Control Mechanisms
Question #146Access Controls
Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished:
AccountabilityAccess ControlIdentificationAuthentication
Question #147Access Controls
In Discretionary Access Control the subject has authority, within certain limitations,
Discretionary Access Control (DAC)Access Control ModelsSubject Authority
Question #148Access Controls
In non-discretionary access control using Role Based Access Control (RBAC), a central authority determines what subjects can have access to certain objects based on the organizatio...
Role-Based Access Control (RBAC)Non-Discretionary Access ControlAccess Control Models
Question #149Access Controls
In an organization where there are frequent personnel changes, non-discretionary access control using Role Based Access Control (RBAC) is useful because:
RBACAccess Control ModelsNon-discretionary Access ControlRole-Based Security
Question #150Access Controls
Another type of access control is lattice-based access control. In this type of control a lattice model is applied. How is this type of access control concept applied?
Lattice-Based Access Control (LBAC)Mandatory Access Control (MAC)Access Control ModelsSecurity Labels
Question #151Security Operations and Administration
Detective/Technical measures:
Intrusion Detection SystemsDetective ControlsSecurity MonitoringViolation Reports
Question #152Access Controls
Identification and authentication are the keystones of most access control systems. Identification establishes:
IdentificationAccountabilityAccess ControlAuthentication
Question #153Access Controls
Passwords can be required to change monthly, quarterly, or at other intervals:
Password PoliciesAccess ControlsInformation CriticalitySecurity Best Practices

PreviousPage 3 of 26Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.