Browse Exams Pricing

ExamsSSCPQuestions

SSCP Exam Questions

1,274 real SSCP exam questions with expert-verified answers and explanations. Page 7 of 26.

Question #305Security Concepts and Practices
The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system is refe...
AvailabilityCIA TriadSecurity principles
Question #306Security Concepts and Practices
Which of the following is most concerned with personnel security?
Security ControlsOperational ControlsPersonnel SecurityControl Categories
Question #307Security Concepts and Practices
Which of the following would best classify as a management control?
Management ControlsSecurity Controls ClassificationControl TypesSecurity Governance
Question #308Security Concepts and Practices
Which of the following is not a form of passive attack?
Passive attacksActive attacksAttack typesInformation gathering
Question #309Security Concepts and Practices
Which of the following statements pertaining to a security policy is incorrect?
Security PolicyPolicy CharacteristicsSecurity GovernancePolicy vs. Procedure
Question #310Systems and Application Security
Which of the following statements pertaining to software testing is incorrect?
Software TestingSecure SDLCTest Data ManagementData Privacy
Question #311Systems and Application Security
Which of the following can be defined as the process of rerunning a portion of the test scenario or test plan to ensure that changes or corrections have not introduced new errors?
Regression testingSoftware testingQuality assuranceSystems security
Question #312Systems and Application Security
Which of the following statements pertaining to software testing approaches is correct?
Software TestingDocumentationQuality AssuranceSDLC Security
Question #313Systems and Application Security
Which of the following test makes sure the modified or new system includes appropriate access controls and does not introduce any security holes that might compromise other systems...
Security testingSystem testingVulnerability assessmentAccess control validation
Question #314Systems and Application Security
Which of the following phases of a software development life cycle normally addresses Due Care and Due Diligence?
SDLCDue CareDue DiligenceSecurity Requirements
Question #315Systems and Application Security
Which of the following phases of a software development life cycle normally incorporates the security specifications, determines access controls, and evaluates encryption options?
SDLC phasesSecure software designAccess control designCryptography evaluation
Question #316Security Operations and Administration
Which of the following is less likely to be included in the change control sub-phase of the maintenance phase of a software product?
Change ManagementSoftware Development Life Cycle (SDLC)Security OperationsSoftware Maintenance
Question #317Security Concepts and Practices
What is the act of obtaining information of a higher sensitivity by combining information from lower levels of sensitivity?
AggregationInformation disclosureData sensitivitySecurity concepts
Question #318Security Concepts and Practices
Which expert system operating mode allows determining if a given hypothesis is valid?
Expert SystemsBackward ChainingArtificial IntelligenceInference Engines
Question #319Systems and Application Security
Why does compiled code pose more of a security risk than interpreted code?
Code SecurityCompiled CodeInterpreted CodeMalware
Question #320Systems and Application Security
Which software development model is actually a meta-model that incorporates a number of the software development models?
Software Development Life CycleSDLC ModelsSpiral ModelSecure Software Development
Question #321Systems and Application Security
Which of the following is used in database information security to hide information?
Database SecurityPolyinstantiationInformation HidingMandatory Access Control
Question #322Systems and Application Security
Which of the following computer design approaches is based on the fact that in earlier technologies, the instruction fetch was the longest part of the cycle?
CISCComputer ArchitectureProcessor DesignInstruction Set Architecture
Question #323Access Controls
What is used to protect programs from all unauthorized modification or executional interference?
Protection domainsAccess controlOperating system securityProgram protection
Question #324Systems and Application Security
What is called a system that is capable of detecting that a fault has occurred and has the ability to correct the fault or operate around it?
Fault toleranceSystem availabilitySystem resilience
Question #325Security Concepts and Practices
What is defined as the hardware, firmware and software elements of a trusted computing base that implement the reference monitor concept?
Security KernelTrusted Computing Base (TCB)Reference MonitorOperating System Security
Question #326Access Controls
Which of the following rules is least likely to support the concept of least privilege?
Least Privilege PrincipleAccess ControlSecurity PrinciplesNetwork Security
Question #327Systems and Application Security
Which of the following is an unintended communication path that is NOT protected by the system's normal security mechanisms?
Covert channelsInformation leakageSystem securityVulnerabilities
Question #328Security Operations and Administration
Which of the following is used to interrupt the opportunity to use or perform collusion to subvert operation for fraudulent purposes?
Rotation of dutiesCollusion preventionFraud preventionAdministrative controls
Question #329Security Concepts and Practices
Which of the following is best defined as an administrative declaration by a designated authority that an information system is approved to operate in a particular security configu...
AccreditationSystem authorizationSecurity governanceCertification and Accreditation (C&A)
Question #330Security Concepts and Practices
Which of the following is best defined as a circumstance in which a collection of information items is required to be classified at a higher security level than any of the individu...
AggregationData ClassificationInformation Security Concepts
Question #331Systems and Application Security
Which of the following best defines add-on security?
Add-on securitySystem security implementationSecurity lifecycleRetrofit security
Question #332Security Concepts and Practices
Which of the following is best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detec...
Fail-safeSecurity principlesSystem terminationSecure state
Question #333Security Concepts and Practices
The preliminary steps to security planning include all of the following EXCEPT which of the following?
Security PlanningSecurity Program ManagementPlanning PhasesSecurity Audit
Question #334Security Concepts and Practices
Step-by-step instructions used to satisfy control requirements is called a:
ProceduresSecurity DocumentationControl ImplementationPolicies, Standards, Guidelines
Question #335Security Concepts and Practices
One purpose of a security awareness program is to modify:
Security AwarenessSecurity TrainingEmployee BehaviorSecurity Culture
Question #336Security Concepts and Practices
Whose role is it to assign classification level to information?
Information classificationData ownerRoles and responsibilitiesData governance
Question #338Security Concepts and Practices
What is the most secure way to dispose of information on a CD-ROM?
Data disposalMedia sanitizationPhysical destructionOptical media
Question #339Access Controls
The Reference Validation Mechanism that ensures the authorized access relationships between subjects and objects is implementing which of the following concept:
Reference MonitorAccess ControlSecurity ModelsTrusted Computing Base
Question #340Access Controls
Which of the following describes a logical form of separation used by secure computing systems?
Logical SeparationProcess IsolationSecurity DomainsAccess Control Mechanisms
Question #341Systems and Application Security
What security problem is most likely to exist if an operating system permits objects to be used sequentially by multiple users without forcing a refresh of the objects?
Residual dataOS securityData remanenceInformation disclosure
Question #342Systems and Application Security
At what stage of the applications development process should the security department become involved?
Secure Software Development LifecycleSecurity by DesignRequirements EngineeringApplication Security
Question #343Systems and Application Security
In what way could Java applets pose a security threat?
Java AppletsApplication SecurityMalicious CodeWeb Security
Question #344Security Operations and Administration
Which of the following is needed for System Accountability?
AccountabilityAuditingSecurity PrinciplesLogging
Question #345Security Concepts and Practices
A timely review of system access audit records would be an example of which of the basic security functions?
Security ControlsDetective ControlsAudit LogsSecurity Functions
Question #346Risk Identification, Monitoring and Analysis
Which of the following would assist the most in Host Based intrusion detection?
Intrusion DetectionHost-Based SecurityAudit TrailsSecurity Monitoring
Question #347Risk Identification, Monitoring and Analysis
Who should measure the effectiveness of Information System security related controls in an organization?
Security auditControl effectivenessAuditor responsibilitiesIndependent assurance
Question #348Security Operations and Administration
In an online transaction processing system (OLTP), which of the following actions should be taken when erroneous or invalid transactions are detected?
OLTP SecurityData IntegrityError Handling ProceduresAudit Trail
Question #350Security Concepts and Practices
Attributable data should be:
AccountabilityNon-repudiationAudit trailsSecurity principles
Question #351Security Operations and Administration
Which of the following best describes signature-based detection?
Signature-based detectionIntrusion DetectionThreat DetectionSecurity Monitoring
Question #352Risk Identification, Monitoring and Analysis
Which of the following is used to monitor network traffic or to monitor host audit logs in real time to determine violations of system security policy that have taken place?
Intrusion Detection SystemSecurity MonitoringReal-time MonitoringPolicy Violation Detection
Question #353Network and Communications Security
Which of the following monitors network traffic in real time?
IDSNetwork-based IDSNetwork MonitoringIntrusion Detection
Question #354Network and Communications Security
Which one of the following statements about the advantages and disadvantages of network- based Intrusion detection systems is true
Intrusion Detection SystemsNetwork-based IDSNetwork Security MonitoringDeployment considerations
Question #355Network and Communications Security
Which protocol is NOT implemented in the Network layer of the OSI Protocol Stack?
OSI ModelNetwork LayerNetwork Protocols
Question #356Network and Communications Security
The session layer provides a logical persistent connection between peer hosts. Which of the following is one of the modes used in the session layer to establish this connection?
OSI ModelSession LayerCommunication ModesNetwork Protocols

PreviousPage 7 of 26Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.