(ISC)2 – SSCP EXAM-with 100% verified
solutions -personalized success
1. 1. Prevention: something like a lock
What are the three security
on the door
cat- egories?
2. Detection: something like an
alarm system
3. Recovery: actions taken after an
un- wanted occurrence
2. 1. Identification: user provides
identifi- cation What are the four steps of
2. Authentication: second type of Ac- cess Control?
iden- tification proving the user is who
they claim to be
3. Authorization: assigns rights &
privi- leges based on user's profile
after they are authenticated
4. Accounting: tracing and recording
the use of assets.
3. Auditing What is the act of reviewing
or monitoring data obtained
during the Accounting
process?
4. - Prudent Man - Two-Man Rule
- Due Dilligence - Transparency
- Due Care
5. - M of N requirement
, (ISC)2 – SSCP EXAM-with 100% verified
solutions -personalized success
- This concept refers
to actions that may
be reasonably taken
(or are obvious) to
safeguard cor- porate
assets and data, as
well as following best
practices from similar
organizations
- This is verifying that
a control or process is
performing as intend-
ed
- This refers to taking
actions that are
prudent and
reasonable to protect
the assets of the
orga- nization
- This process allows
multiple people out of
a group to be able to
take a certain action,
and can
, (ISC)2 – SSCP EXAM-with 100% verified
solutions -personalized success
8.
6. - Privilege Management or Privilege
Life- cycle
- Rights and Privilege Audit
- Account Deactivation
- Orphan account
7. - Deniability
- Disclosure
, (ISC)2 – SSCP EXAM-with 100% verified
solutions -personalized success
also require a certain number of
individuals to agree prior to ac- tion
being taken
- This is a procedure popular in very
high-security locations and situations. It
features two individ- uals who must
agree upon ac- tion yet are physically
separated and must therefore take
action independent of the other
- This principle allows anyone to access,
view, and test hardware or software
systems. For exam- ple: testing a new
cryptographic algorithm
- These are events related to things like
an employee getting promoted, getting
fired, leaving the company, or retiring
- This ensures that a user's per-
missions match the minimum re- quired
to do their job and do not exceed it
- This ensures that access rights are
taken away immediately upon a user
getting fired, leav- ing, or retiring.
- What is an account called when an
employee has been gone for a long time
but it is still active?
- What is the term used to de- scribe
the violation of non-repu- diation?
- What term is used to describe the
violation of confidentiality?
solutions -personalized success
1. 1. Prevention: something like a lock
What are the three security
on the door
cat- egories?
2. Detection: something like an
alarm system
3. Recovery: actions taken after an
un- wanted occurrence
2. 1. Identification: user provides
identifi- cation What are the four steps of
2. Authentication: second type of Ac- cess Control?
iden- tification proving the user is who
they claim to be
3. Authorization: assigns rights &
privi- leges based on user's profile
after they are authenticated
4. Accounting: tracing and recording
the use of assets.
3. Auditing What is the act of reviewing
or monitoring data obtained
during the Accounting
process?
4. - Prudent Man - Two-Man Rule
- Due Dilligence - Transparency
- Due Care
5. - M of N requirement
, (ISC)2 – SSCP EXAM-with 100% verified
solutions -personalized success
- This concept refers
to actions that may
be reasonably taken
(or are obvious) to
safeguard cor- porate
assets and data, as
well as following best
practices from similar
organizations
- This is verifying that
a control or process is
performing as intend-
ed
- This refers to taking
actions that are
prudent and
reasonable to protect
the assets of the
orga- nization
- This process allows
multiple people out of
a group to be able to
take a certain action,
and can
, (ISC)2 – SSCP EXAM-with 100% verified
solutions -personalized success
8.
6. - Privilege Management or Privilege
Life- cycle
- Rights and Privilege Audit
- Account Deactivation
- Orphan account
7. - Deniability
- Disclosure
, (ISC)2 – SSCP EXAM-with 100% verified
solutions -personalized success
also require a certain number of
individuals to agree prior to ac- tion
being taken
- This is a procedure popular in very
high-security locations and situations. It
features two individ- uals who must
agree upon ac- tion yet are physically
separated and must therefore take
action independent of the other
- This principle allows anyone to access,
view, and test hardware or software
systems. For exam- ple: testing a new
cryptographic algorithm
- These are events related to things like
an employee getting promoted, getting
fired, leaving the company, or retiring
- This ensures that a user's per-
missions match the minimum re- quired
to do their job and do not exceed it
- This ensures that access rights are
taken away immediately upon a user
getting fired, leav- ing, or retiring.
- What is an account called when an
employee has been gone for a long time
but it is still active?
- What is the term used to de- scribe
the violation of non-repu- diation?
- What term is used to describe the
violation of confidentiality?
