Browse Exams Pricing

ExamsSSCPQuestions

SSCP Exam Questions

1,274 real SSCP exam questions with expert-verified answers and explanations. Page 4 of 26.

Question #154Access Controls
When submitting a passphrase for authentication, the passphrase is converted into ...
AuthenticationPassphrase HashingCredential ManagementAccess Control Mechanisms
Question #155Access Controls
An alternative to using passwords for authentication in logical or technical access control is:
AuthenticationBiometricsAccess ControlAuthentication Factors
Question #156Access Controls
Almost all types of detection permit a system's sensitivity to be increased or decreased during an inspection process. If the system's sensitivity is increased, such as in a biomet...
BiometricsAuthenticationFalse Rejection Rate (FRR)System Sensitivity
Question #157Access Controls
In the context of Biometric authentication, what is a quick way to compare the accuracy of devices. In general, the device that have the lowest value would be the most accurate. Wh...
BiometricsAuthenticationError RatesCER (Crossover Error Rate)
Question #158Systems and Application Security
Because all the secret keys are held and authentication is performed on the Kerberos TGS and the authentication servers, these servers are vulnerable to:
KerberosServer SecurityAuthentication Systems SecurityAttack Vectors
Question #159Access Controls
The throughput rate is the rate at which individuals, once enrolled, can be processed and identified or authenticated by a biometric system. Acceptable throughput rates are in the...
BiometricsThroughput RateAuthentication
Question #160Access Controls
In addition to the accuracy of the biometric systems, there are other factors that must also be considered:
BiometricsAccess ControlSystem EvaluationUsability
Question #161Access Controls
Which of the following biometric devices has the lowest user acceptance level?
BiometricsUser AcceptanceRetina ScanAuthentication Factors
Question #162Access Controls
Which of the following would be an example of the best password?
Password securityStrong passwordsAuthenticationPassword best practices
Question #163Network and Communications Security
A network-based vulnerability assessment is a type of test also referred to as:
Vulnerability AssessmentNetwork ScanningActive Scanning
Question #164Security Concepts and Practices
Which of the following is NOT a form of detective administrative control?
Administrative controlsDetective controlsPreventative controlsSeparation of duties
Question #165Access Controls
Which TCSEC level is labeled Controlled Access Protection?
TCSECEvaluation criteriaControlled Access ProtectionSecurity models
Question #166Access Controls
Which security model is based on the military classification of data and people with clearances?
Security modelsBell-LaPadulaConfidentiality modelMilitary classification
Question #167Security Operations and Administration
What mechanism automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local po...
Alarm systemsPhysical securityEmergency services integration
Question #168Access Controls
Which of the following does not apply to system-generated passwords?
Password securitySystem-generated passwordsPassword attacksPassword complexity
Question #169Access Controls
Which of the following is not a preventive login control?
Login controlsPreventive controlsDetective controlsAccess control mechanisms
Question #170Access Controls
Which of the following forms of authentication would most likely apply a digital signature algorithm to every bit of data that is sent from the claimant to the verifier?
AuthenticationContinuous AuthenticationDigital SignaturesData Integrity
Question #171Access Controls
Who first described the DoD multilevel military security policy in abstract, formal terms?
Bell-LaPadula ModelMultilevel SecuritySecurity ModelsAccess Control Models
Question #172Access Controls
What is the most critical characteristic of a biometric identifying system?
BiometricsAccess Control SystemsSystem AccuracyIdentification
Question #173Access Controls
What is considered the most important type of error to avoid for a biometric access control system?
BiometricsAccess Control ErrorsFalse Acceptance Rate (FAR)Security Risks
Question #174Access Controls
How can an individual/person best be identified or authenticated to prevent local masquarading attacks?
Authentication factorsBiometric authenticationMasquerading attacksAccess control
Question #175Access Controls
Which authentication technique best protects against hijacking?
AuthenticationContinuous AuthenticationSession HijackingAccess Control
Question #176Access Controls
Which of the following is not a security goal for remote access?
Remote Access SecuritySecurity GoalsAuthenticationAccess Control
Question #177Access Controls
Which of the following questions is less likely to help in assessing identification and authentication controls?
IdentificationAuthenticationAccess Control AssessmentSecurity Controls
Question #178Access Controls
In response to Access-request from a client such as a Network Access Server (NAS), which of the following is not one of the response from a RADIUS Server?
RADIUSAAA ProtocolsNetwork Access ControlAuthentication Protocols
Question #179Network and Communications Security
Which of the following statements pertaining to RADIUS is incorrect:
RADIUSAuthentication ProtocolsAAADIAMETER
Question #180Access Controls
Which of the following is used by RADIUS for communication between clients and servers?
RADIUSUDPAuthentication ProtocolsNetwork Protocols
Question #181Access Controls
Which of the following protocol was used by the INITIAL version of the Terminal Access Controller Access Control System TACACS for communication between clients and servers?
TACACSAAA protocolsUDPAccess control protocols
Question #182Network and Communications Security
Which of the following can best eliminate dial-up access through a Remote Access Server as a hacking vector?
Remote AccessNetwork SegmentationFirewallsSecurity Architecture
Question #183Access Controls
In the Bell-LaPadula model, the Star-property is also called:
Bell-LaPadula modelStar-propertyConfidentialityAccess Control Models
Question #184Security Concepts and Practices
An attack initiated by an entity that is authorized to access system resources but uses them in a way not approved by those who granted the authorization is known as a(n):
Insider threatAttack typesThreat actors
Question #185Network and Communications Security
Which of the following can be defined as a framework that supports multiple, optional authentication mechanisms for PPP, including cleartext passwords, challenge-response, and arbi...
Extensible Authentication Protocol (EAP)PPP AuthenticationNetwork ProtocolsAuthentication Mechanisms
Question #186Security Operations and Administration
What is a common problem when using vibration detection devices for perimeter control?
Physical security systemsPerimeter intrusion detectionEnvironmental interferenceSecurity sensor limitations
Question #187Access Controls
Which of the following security controls might force an operator into collusion with personnel assigned organizationally within a different function in order to gain access to unau...
Access ControlCollusionLeast PrivilegeSeparation of Duties
Question #188Access Controls
What is the name of the first mathematical model of a multi-level security policy used to define the concept of a secure state, the modes of access, and rules for granting access?
Security ModelsBell-LaPadula ModelAccess Control ModelsConfidentiality Models
Question #189Access Controls
Which of the following models does NOT include data integrity or conflict of interest?
Security modelsBell-LaPadulaConfidentialityIntegrity models
Question #190Access Controls
What is the PRIMARY use of a password?
PasswordsAuthenticationAccess ControlUser Identity Management
Question #191Access Controls
The three classic ways of authenticating yourself to the computer security software are: something you know, something you have, and something:
Authentication factorsBiometricsMulti-factor authenticationAccess control
Question #192Access Controls
An access system that grants users only those rights necessary for them to perform their work is operating on which security principle?
Least PrivilegeAccess Control PrinciplesSecurity PrinciplesUser Permissions
Question #193Access Controls
Pin, Password, Passphrases, Tokens, smart cards, and biometric devices are all items that can be used for Authentication. When one of these item listed above in conjunction with a...
AuthenticationTwo-factor authentication (2FA)Multi-factor authentication (MFA)Authentication factors
Question #194Security Concepts and Practices
What is one disadvantage of content-dependent protection of information?
Content-dependent securityData protectionSecurity control overheadPerformance impact
Question #195Security Operations and Administration
Which of the following is most appropriate to notify an internal user that session monitoring is being conducted?
Session monitoringUser notificationLegal complianceSecurity policy enforcement
Question #196Access Controls
What mechanism does a system use to compare the security labels of a subject and an object?
Reference MonitorAccess ControlSecurity LabelsSecurity Architecture
Question #197Systems and Application Security
As per the Orange Book, what are two types of system assurance?
Orange BookTCSECSystem AssuranceSecurity Evaluation Criteria
Question #198Systems and Application Security
Which of the following are required for Life-Cycle Assurance?
Life-Cycle AssuranceSecurity TestingTrusted DistributionSDLC Security
Question #199Systems and Application Security
Memory management in TCSEC levels B3 and A1 operating systems may utilize "data hiding". What does this mean?
Operating System SecurityTCSECData HidingInformation Hiding
Question #200Systems and Application Security
What does "System Integrity" mean?
System IntegrityHardware SecurityFirmware SecuritySystem Verification
Question #201Security Concepts and Practices
The Orange Book states that "Hardware and software features shall be provided that can be used to periodically validate the correct operation of the on-site hardware and firmware e...
TCSEC (Orange Book)Trusted Computing Base (TCB)System IntegritySecurity Models
Question #202Security Concepts and Practices
Which of the following can be used as a covert channel?
covert channelsinformation flowsystem security
Question #203Security Operations and Administration
Configuration Management controls what?
Configuration ManagementChange ControlTrusted Computing Base (TCB)Auditing

PreviousPage 4 of 26Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.