OFFICIAL (ISC)² SSCP EXAM
QUESTIONS AND ANSWERS
Access Control Object - Correct Answers -A passive entity that typically receives or
contains some form of data.
Access Control Subject - Correct Answers -An active entity and can be any user,
program, or process that requests permission to cause data to flow from an access
control object to the access control subject or between access control objects.
Asynchronous Password Token - Correct Answers -A one-time password is generated
without the use of a clock, either from a one-time pad or cryptographic algorithm.
Authorization - Correct Answers -Determines whether a user is permitted to access a
particular resource.
Connected Tokens - Correct Answers -Must be physically connected to the computer to
which the user is authenticating.
Contactless Tokens - Correct Answers -Form a logical connection to the client computer
but do not require a physical connection.
Disconnected Tokens - Correct Answers -Have neither a physical nor logical connection
to the client computer.
Entitlement - Correct Answers -A set of rules, defined by the resource owner, for
managing access to a resource (asset, service, or entity) and for what purpose.
Identity Management - Correct Answers -The task of controlling information about users
on computers.
Proof of Identity - Correct Answers -Verify people's identities before the enterprise
issues them accounts and credentials.
Kerberos - Correct Answers -A popular network authentication protocol for indirect
(third-party) authentication services.
Lightweight Directory Access Protocol (LDAP) - Correct Answers -A client/server-based
directory query protocol loosely based on X.500, commonly used to manage user
,information. LDAP is a front end and not used to manage or synchronize data per se as
opposed to DNS.
Single Sign-On (SSO) - Correct Answers -Designed to provide strong authentication
using secret-key cryptography, allowing a single identity to be shared across multiple
applications.
Static Password Token - Correct Answers -The device contains a password that is
physically hidden (not visible to the possessor) but that is transmitted for each
authentication.
Synchronous Dynamic Password Token - Correct Answers -A timer is used to rotate
through various combinations produced by a cryptographic algorithm.
Trust Path - Correct Answers -A series of trust relationships that authentication requests
must follow between domains
6to4 - Correct Answers -Transition mechanism for migrating from IPv4 to IPv6. It allows
systems to use IPv6 to communicate if their traffic has to transverse an IPv4 network.
Absolute addresses - Correct Answers -Hardware addresses used by the CPU.
Abstraction - Correct Answers -The capability to suppress unnecessary details so the
important, inherent properties can be examined and reviewed.
Accepted ways for handling risk - Correct Answers -Accept, transfer, mitigate, avoid.
Access - Correct Answers -The flow of information between a subject and an object.
Access control matrix - Correct Answers -A table of subjects and objects indicating what
actions individual subjects can take upon individual objects.
Access control model - Correct Answers -An access control model is a framework that
dictates how subjects access objects.
Access controls - Correct Answers -Are security features that control how users and
systems communicate and interact with other systems and resources.
Accreditation - Correct Answers -Formal acceptance of the adequacy of a system's
overall security by management.
Active attack - Correct Answers -Attack where the attacker does interact with
processing or communication activities.
,ActiveX - Correct Answers -A Microsoft technology composed of a set of OOP
technologies and tools based on COM and DCOM. It is a framework for defining
reusable software components in a programming language-independent manner
Address bus - Correct Answers -Physical connections between processing components
and memory segments used to communicate the physical memory addresses being
used during processing procedures.
Address resolution protocol (ARP) - Correct Answers -A networking protocol used for
resolution of network layer IP addresses into link layer MAC addresses.
Address space layout randomization (ASLR) - Correct Answers -Memory protection
mechanism used by some operating systems. The addresses used by components of a
process are randomized so that it is harder for an attacker to exploit specific memory
vulnerabilities.
Algebraic attack - Correct Answers -Cryptanalysis attack that exploits vulnerabilities
within the intrinsic algebraic structure of mathematical functions.
Algorithm - Correct Answers -Set of mathematical and logic rules used in cryptographic
functions.
Analog signals - Correct Answers -Continuously varying electromagnetic wave that
represents and transmits data.
Analytic attack - Correct Answers -Cryptanalysis attack that exploits vulnerabilities
within the algorithm structure.
Annualized loss expectancy (ALE) - Correct Answers -Annual expected loss if a specific
vulnerability is exploited and how it affects a single asset. SLE × ARO = ALE.
Application programming interface (API) - Correct Answers -Software interface that
enables process-to-
process interaction. Common way to provide access to standard routines to a set of
software programs.
Arithmetic logic unit (ALU) - Correct Answers -A component of the computer's
processing unit, in which arithmetic and matching operations are performed.
AS/NZS 4360 - Correct Answers -Australia and New Zealand business risk
management assessment approach.
Assemblers - Correct Answers -Tools that convert assembly code into the necessary
machine-compatible binary language for processing activities to take place.
, Assembly language - Correct Answers -A low-level programming language that is the
mnemonic representation of machine-level instructions.
Assurance evaluation criteria - Correct Answers -Check-list and process of examining
the security-relevant parts of a system (TCB, reference monitor, security kernel) and
assigning the system an assurance rating.
Asymmetric algorithm - Correct Answers -Encryption method that uses two different key
types, public and private. Also called public key cryptography.
Asymmetric mode multiprocessing - Correct Answers -When a computer has two or
more CPUs and one CPU is dedicated to a specific program while the other CPUs carry
out general processing procedures
Asynchronous communication - Correct Answers -Transmission sequencing technology
that uses start and stop bits or similar encoding mechanism. Used in environments that
transmit a variable amount of data in a periodic fashion.
Asynchronous token generating method - Correct Answers -Employs a
challenge/response scheme to authenticate the user.
Attack surface - Correct Answers -Components available to be used by an attacker
against the product itself.
Attenuation - Correct Answers -Gradual loss in intensity of any kind of flux through a
medium. As an electrical signal travels down a cable, the signal can degrade and distort
or corrupt the data it is carrying.
Attribute - Correct Answers -A column in a two-dimensional database.
Authentication Header (AH) Protocol - Correct Answers -Protocol within the IPSec suite
used for integrity and authentication.
Authenticode - Correct Answers -A type of code signing, which is the process of digitally
signing software components and scripts to confirm the software author and guarantee
that the code has not been altered or corrupted since it was digitally signed.
Authenticode is Microsoft's implementation of code signing.
Availability - Correct Answers -Reliable and timely access to data and resources is
provided to authorized individuals.
Avalanche effect - Correct Answers -Algorithm design requirement so that slight
changes to the input result in drastic changes to the output.
QUESTIONS AND ANSWERS
Access Control Object - Correct Answers -A passive entity that typically receives or
contains some form of data.
Access Control Subject - Correct Answers -An active entity and can be any user,
program, or process that requests permission to cause data to flow from an access
control object to the access control subject or between access control objects.
Asynchronous Password Token - Correct Answers -A one-time password is generated
without the use of a clock, either from a one-time pad or cryptographic algorithm.
Authorization - Correct Answers -Determines whether a user is permitted to access a
particular resource.
Connected Tokens - Correct Answers -Must be physically connected to the computer to
which the user is authenticating.
Contactless Tokens - Correct Answers -Form a logical connection to the client computer
but do not require a physical connection.
Disconnected Tokens - Correct Answers -Have neither a physical nor logical connection
to the client computer.
Entitlement - Correct Answers -A set of rules, defined by the resource owner, for
managing access to a resource (asset, service, or entity) and for what purpose.
Identity Management - Correct Answers -The task of controlling information about users
on computers.
Proof of Identity - Correct Answers -Verify people's identities before the enterprise
issues them accounts and credentials.
Kerberos - Correct Answers -A popular network authentication protocol for indirect
(third-party) authentication services.
Lightweight Directory Access Protocol (LDAP) - Correct Answers -A client/server-based
directory query protocol loosely based on X.500, commonly used to manage user
,information. LDAP is a front end and not used to manage or synchronize data per se as
opposed to DNS.
Single Sign-On (SSO) - Correct Answers -Designed to provide strong authentication
using secret-key cryptography, allowing a single identity to be shared across multiple
applications.
Static Password Token - Correct Answers -The device contains a password that is
physically hidden (not visible to the possessor) but that is transmitted for each
authentication.
Synchronous Dynamic Password Token - Correct Answers -A timer is used to rotate
through various combinations produced by a cryptographic algorithm.
Trust Path - Correct Answers -A series of trust relationships that authentication requests
must follow between domains
6to4 - Correct Answers -Transition mechanism for migrating from IPv4 to IPv6. It allows
systems to use IPv6 to communicate if their traffic has to transverse an IPv4 network.
Absolute addresses - Correct Answers -Hardware addresses used by the CPU.
Abstraction - Correct Answers -The capability to suppress unnecessary details so the
important, inherent properties can be examined and reviewed.
Accepted ways for handling risk - Correct Answers -Accept, transfer, mitigate, avoid.
Access - Correct Answers -The flow of information between a subject and an object.
Access control matrix - Correct Answers -A table of subjects and objects indicating what
actions individual subjects can take upon individual objects.
Access control model - Correct Answers -An access control model is a framework that
dictates how subjects access objects.
Access controls - Correct Answers -Are security features that control how users and
systems communicate and interact with other systems and resources.
Accreditation - Correct Answers -Formal acceptance of the adequacy of a system's
overall security by management.
Active attack - Correct Answers -Attack where the attacker does interact with
processing or communication activities.
,ActiveX - Correct Answers -A Microsoft technology composed of a set of OOP
technologies and tools based on COM and DCOM. It is a framework for defining
reusable software components in a programming language-independent manner
Address bus - Correct Answers -Physical connections between processing components
and memory segments used to communicate the physical memory addresses being
used during processing procedures.
Address resolution protocol (ARP) - Correct Answers -A networking protocol used for
resolution of network layer IP addresses into link layer MAC addresses.
Address space layout randomization (ASLR) - Correct Answers -Memory protection
mechanism used by some operating systems. The addresses used by components of a
process are randomized so that it is harder for an attacker to exploit specific memory
vulnerabilities.
Algebraic attack - Correct Answers -Cryptanalysis attack that exploits vulnerabilities
within the intrinsic algebraic structure of mathematical functions.
Algorithm - Correct Answers -Set of mathematical and logic rules used in cryptographic
functions.
Analog signals - Correct Answers -Continuously varying electromagnetic wave that
represents and transmits data.
Analytic attack - Correct Answers -Cryptanalysis attack that exploits vulnerabilities
within the algorithm structure.
Annualized loss expectancy (ALE) - Correct Answers -Annual expected loss if a specific
vulnerability is exploited and how it affects a single asset. SLE × ARO = ALE.
Application programming interface (API) - Correct Answers -Software interface that
enables process-to-
process interaction. Common way to provide access to standard routines to a set of
software programs.
Arithmetic logic unit (ALU) - Correct Answers -A component of the computer's
processing unit, in which arithmetic and matching operations are performed.
AS/NZS 4360 - Correct Answers -Australia and New Zealand business risk
management assessment approach.
Assemblers - Correct Answers -Tools that convert assembly code into the necessary
machine-compatible binary language for processing activities to take place.
, Assembly language - Correct Answers -A low-level programming language that is the
mnemonic representation of machine-level instructions.
Assurance evaluation criteria - Correct Answers -Check-list and process of examining
the security-relevant parts of a system (TCB, reference monitor, security kernel) and
assigning the system an assurance rating.
Asymmetric algorithm - Correct Answers -Encryption method that uses two different key
types, public and private. Also called public key cryptography.
Asymmetric mode multiprocessing - Correct Answers -When a computer has two or
more CPUs and one CPU is dedicated to a specific program while the other CPUs carry
out general processing procedures
Asynchronous communication - Correct Answers -Transmission sequencing technology
that uses start and stop bits or similar encoding mechanism. Used in environments that
transmit a variable amount of data in a periodic fashion.
Asynchronous token generating method - Correct Answers -Employs a
challenge/response scheme to authenticate the user.
Attack surface - Correct Answers -Components available to be used by an attacker
against the product itself.
Attenuation - Correct Answers -Gradual loss in intensity of any kind of flux through a
medium. As an electrical signal travels down a cable, the signal can degrade and distort
or corrupt the data it is carrying.
Attribute - Correct Answers -A column in a two-dimensional database.
Authentication Header (AH) Protocol - Correct Answers -Protocol within the IPSec suite
used for integrity and authentication.
Authenticode - Correct Answers -A type of code signing, which is the process of digitally
signing software components and scripts to confirm the software author and guarantee
that the code has not been altered or corrupted since it was digitally signed.
Authenticode is Microsoft's implementation of code signing.
Availability - Correct Answers -Reliable and timely access to data and resources is
provided to authorized individuals.
Avalanche effect - Correct Answers -Algorithm design requirement so that slight
changes to the input result in drastic changes to the output.
