OFFICIAL (ISC)² SSCP EXAM
QUESTIONS AND ANSWERS 100%
CORRECT
Access Control Object - ANSWER-A passive entity that typically receives or contains
some form of data.
Access Control Subject - ANSWER-An active entity and can be any user, program, or
process that requests permission to cause data to flow from an access control object to
the access control subject or between access control objects.
Asynchronous Password Token - ANSWER-A one-time password is generated without
the use of a clock, either from a one-time pad or cryptographic algorithm.
Authorization - ANSWER-Determines whether a user is permitted to access a particular
resource.
Connected Tokens - ANSWER-Must be physically connected to the computer to which
the user is authenticating.
Contactless Tokens - ANSWER-Form a logical connection to the client computer but do
not require a physical connection.
Disconnected Tokens - ANSWER-Have neither a physical nor logical connection to the
client computer.
Entitlement - ANSWER-A set of rules, defined by the resource owner, for managing
access to a resource (asset, service, or entity) and for what purpose.
Identity Management - ANSWER-The task of controlling information about users on
computers.
Proof of Identity - ANSWER-Verify people's identities before the enterprise issues them
accounts and credentials.
Kerberos - ANSWER-A popular network authentication protocol for indirect (third-party)
authentication services.
Lightweight Directory Access Protocol (LDAP) - ANSWER-A client/server-based
directory query protocol loosely based on X.500, commonly used to manage user
information. LDAP is a front end and not used to manage or synchronize data per se as
opposed to DNS.
,Single Sign-On (SSO) - ANSWER-Designed to provide strong authentication using
secret-key cryptography, allowing a single identity to be shared across multiple
applications.
Static Password Token - ANSWER-The device contains a password that is physically
hidden (not visible to the possessor) but that is transmitted for each authentication.
Synchronous Dynamic Password Token - ANSWER-A timer is used to rotate through
various combinations produced by a cryptographic algorithm.
Trust Path - ANSWER-A series of trust relationships that authentication requests must
follow between domains
6to4 - ANSWER-Transition mechanism for migrating from IPv4 to IPv6. It allows
systems to use IPv6 to communicate if their traffic has to transverse an IPv4 network.
Absolute addresses - ANSWER-Hardware addresses used by the CPU.
Abstraction - ANSWER-The capability to suppress unnecessary details so the
important, inherent properties can be examined and reviewed.
Accepted ways for handling risk - ANSWER-Accept, transfer, mitigate, avoid.
Access - ANSWER-The flow of information between a subject and an object.
Access control matrix - ANSWER-A table of subjects and objects indicating what
actions individual subjects can take upon individual objects.
Access control model - ANSWER-An access control model is a framework that dictates
how subjects access objects.
Access controls - ANSWER-Are security features that control how users and systems
communicate and interact with other systems and resources.
Accreditation - ANSWER-Formal acceptance of the adequacy of a system's overall
security by management.
Active attack - ANSWER-Attack where the attacker does interact with processing or
communication activities.
ActiveX - ANSWER-A Microsoft technology composed of a set of OOP technologies
and tools based on COM and DCOM. It is a framework for defining reusable software
components in a programming language-independent manner
,Address bus - ANSWER-Physical connections between processing components and
memory segments used to communicate the physical memory addresses being used
during processing procedures.
Address resolution protocol (ARP) - ANSWER-A networking protocol used for resolution
of network layer IP addresses into link layer MAC addresses.
Address space layout randomization (ASLR) - ANSWER-Memory protection mechanism
used by some operating systems. The addresses used by components of a process are
randomized so that it is harder for an attacker to exploit specific memory vulnerabilities.
Availability - ANSWER-Reliable and timely access to data and resources is provided to
authorized individuals.
Avalanche effect - ANSWER-Algorithm design requirement so that slight changes to the
input result in drastic changes to the output.
Base registers - ANSWER-Beginning of address space assigned to a process. Used to
ensure a process does not make a request outside its assigned memory boundaries.
Baseband transmission - ANSWER-Uses the full bandwidth for only one communication
channel and has a low data transfer rate compared to broadband.
Bastion host - ANSWER-A highly exposed device that will most likely be targeted for
attacks, and thus should be hardened.
Behavior blocking - ANSWER-Allowing the suspicious code to execute within the
operating system and watches its interactions with the operating system, looking for
suspicious activities.
Confidentiality - ANSWER-data is not disclosed to unauthorized users
Integrity - ANSWER-prevents any unauthorized or unwanted modification of data
Availability - ANSWER-ensures that IT systems and data are available when needed
Backups - ANSWER-Copies of data stored in case the original is stolen or becomes
corrupt
Algebraic attack - ANSWER-Cryptanalysis attack that exploits vulnerabilities within the
intrinsic algebraic structure of mathematical functions.
Algorithm - ANSWER-Set of mathematical and logic rules used in cryptographic
functions.
, Analog signals - ANSWER-Continuously varying electromagnetic wave that represents
and transmits data.
Analytic attack - ANSWER-Cryptanalysis attack that exploits vulnerabilities within the
algorithm structure.
Annualized loss expectancy (ALE) - ANSWER-Annual expected loss if a specific
vulnerability is exploited and how it affects a single asset. SLE × ARO = ALE.
Application programming interface (API) - ANSWER-Software interface that enables
process-to-
process interaction. Common way to provide access to standard routines to a set of
software programs.
Arithmetic logic unit (ALU) - ANSWER-A component of the computer's processing unit,
in which arithmetic and matching operations are performed.
AS/NZS 4360 - ANSWER-Australia and New Zealand business risk management
assessment approach.
Assemblers - ANSWER-Tools that convert assembly code into the necessary machine-
compatible binary language for processing activities to take place.
Assembly language - ANSWER-A low-level programming language that is the
mnemonic representation of machine-level instructions.
Assurance evaluation criteria - ANSWER-Check-list and process of examining the
security-relevant parts of a system (TCB, reference monitor, security kernel) and
assigning the system an assurance rating.
Asymmetric algorithm - ANSWER-Encryption method that uses two different key types,
public and private. Also called public key cryptography.
Asymmetric mode multiprocessing - ANSWER-When a computer has two or more
CPUs and one CPU is dedicated to a specific program while the other CPUs carry out
general processing procedures
Asynchronous communication - ANSWER-Transmission sequencing technology that
uses start and stop bits or similar encoding mechanism. Used in environments that
transmit a variable amount of data in a periodic fashion.
Asynchronous token generating method - ANSWER-Employs a challenge/response
scheme to authenticate the user.
Attack surface - ANSWER-Components available to be used by an attacker against the
product itself.
QUESTIONS AND ANSWERS 100%
CORRECT
Access Control Object - ANSWER-A passive entity that typically receives or contains
some form of data.
Access Control Subject - ANSWER-An active entity and can be any user, program, or
process that requests permission to cause data to flow from an access control object to
the access control subject or between access control objects.
Asynchronous Password Token - ANSWER-A one-time password is generated without
the use of a clock, either from a one-time pad or cryptographic algorithm.
Authorization - ANSWER-Determines whether a user is permitted to access a particular
resource.
Connected Tokens - ANSWER-Must be physically connected to the computer to which
the user is authenticating.
Contactless Tokens - ANSWER-Form a logical connection to the client computer but do
not require a physical connection.
Disconnected Tokens - ANSWER-Have neither a physical nor logical connection to the
client computer.
Entitlement - ANSWER-A set of rules, defined by the resource owner, for managing
access to a resource (asset, service, or entity) and for what purpose.
Identity Management - ANSWER-The task of controlling information about users on
computers.
Proof of Identity - ANSWER-Verify people's identities before the enterprise issues them
accounts and credentials.
Kerberos - ANSWER-A popular network authentication protocol for indirect (third-party)
authentication services.
Lightweight Directory Access Protocol (LDAP) - ANSWER-A client/server-based
directory query protocol loosely based on X.500, commonly used to manage user
information. LDAP is a front end and not used to manage or synchronize data per se as
opposed to DNS.
,Single Sign-On (SSO) - ANSWER-Designed to provide strong authentication using
secret-key cryptography, allowing a single identity to be shared across multiple
applications.
Static Password Token - ANSWER-The device contains a password that is physically
hidden (not visible to the possessor) but that is transmitted for each authentication.
Synchronous Dynamic Password Token - ANSWER-A timer is used to rotate through
various combinations produced by a cryptographic algorithm.
Trust Path - ANSWER-A series of trust relationships that authentication requests must
follow between domains
6to4 - ANSWER-Transition mechanism for migrating from IPv4 to IPv6. It allows
systems to use IPv6 to communicate if their traffic has to transverse an IPv4 network.
Absolute addresses - ANSWER-Hardware addresses used by the CPU.
Abstraction - ANSWER-The capability to suppress unnecessary details so the
important, inherent properties can be examined and reviewed.
Accepted ways for handling risk - ANSWER-Accept, transfer, mitigate, avoid.
Access - ANSWER-The flow of information between a subject and an object.
Access control matrix - ANSWER-A table of subjects and objects indicating what
actions individual subjects can take upon individual objects.
Access control model - ANSWER-An access control model is a framework that dictates
how subjects access objects.
Access controls - ANSWER-Are security features that control how users and systems
communicate and interact with other systems and resources.
Accreditation - ANSWER-Formal acceptance of the adequacy of a system's overall
security by management.
Active attack - ANSWER-Attack where the attacker does interact with processing or
communication activities.
ActiveX - ANSWER-A Microsoft technology composed of a set of OOP technologies
and tools based on COM and DCOM. It is a framework for defining reusable software
components in a programming language-independent manner
,Address bus - ANSWER-Physical connections between processing components and
memory segments used to communicate the physical memory addresses being used
during processing procedures.
Address resolution protocol (ARP) - ANSWER-A networking protocol used for resolution
of network layer IP addresses into link layer MAC addresses.
Address space layout randomization (ASLR) - ANSWER-Memory protection mechanism
used by some operating systems. The addresses used by components of a process are
randomized so that it is harder for an attacker to exploit specific memory vulnerabilities.
Availability - ANSWER-Reliable and timely access to data and resources is provided to
authorized individuals.
Avalanche effect - ANSWER-Algorithm design requirement so that slight changes to the
input result in drastic changes to the output.
Base registers - ANSWER-Beginning of address space assigned to a process. Used to
ensure a process does not make a request outside its assigned memory boundaries.
Baseband transmission - ANSWER-Uses the full bandwidth for only one communication
channel and has a low data transfer rate compared to broadband.
Bastion host - ANSWER-A highly exposed device that will most likely be targeted for
attacks, and thus should be hardened.
Behavior blocking - ANSWER-Allowing the suspicious code to execute within the
operating system and watches its interactions with the operating system, looking for
suspicious activities.
Confidentiality - ANSWER-data is not disclosed to unauthorized users
Integrity - ANSWER-prevents any unauthorized or unwanted modification of data
Availability - ANSWER-ensures that IT systems and data are available when needed
Backups - ANSWER-Copies of data stored in case the original is stolen or becomes
corrupt
Algebraic attack - ANSWER-Cryptanalysis attack that exploits vulnerabilities within the
intrinsic algebraic structure of mathematical functions.
Algorithm - ANSWER-Set of mathematical and logic rules used in cryptographic
functions.
, Analog signals - ANSWER-Continuously varying electromagnetic wave that represents
and transmits data.
Analytic attack - ANSWER-Cryptanalysis attack that exploits vulnerabilities within the
algorithm structure.
Annualized loss expectancy (ALE) - ANSWER-Annual expected loss if a specific
vulnerability is exploited and how it affects a single asset. SLE × ARO = ALE.
Application programming interface (API) - ANSWER-Software interface that enables
process-to-
process interaction. Common way to provide access to standard routines to a set of
software programs.
Arithmetic logic unit (ALU) - ANSWER-A component of the computer's processing unit,
in which arithmetic and matching operations are performed.
AS/NZS 4360 - ANSWER-Australia and New Zealand business risk management
assessment approach.
Assemblers - ANSWER-Tools that convert assembly code into the necessary machine-
compatible binary language for processing activities to take place.
Assembly language - ANSWER-A low-level programming language that is the
mnemonic representation of machine-level instructions.
Assurance evaluation criteria - ANSWER-Check-list and process of examining the
security-relevant parts of a system (TCB, reference monitor, security kernel) and
assigning the system an assurance rating.
Asymmetric algorithm - ANSWER-Encryption method that uses two different key types,
public and private. Also called public key cryptography.
Asymmetric mode multiprocessing - ANSWER-When a computer has two or more
CPUs and one CPU is dedicated to a specific program while the other CPUs carry out
general processing procedures
Asynchronous communication - ANSWER-Transmission sequencing technology that
uses start and stop bits or similar encoding mechanism. Used in environments that
transmit a variable amount of data in a periodic fashion.
Asynchronous token generating method - ANSWER-Employs a challenge/response
scheme to authenticate the user.
Attack surface - ANSWER-Components available to be used by an attacker against the
product itself.
