Official (ISC)² SSCP Exam Questions &
Answers 2023/2024
Access Control Object - ANSWER-A passive entity that typically receives or contains some form of data.
Access Control Subject - ANSWER-An active entity and can be any user, program, or process that
requests permission to cause data to flow from an access control object to the access control subject or
between access control objects.
Asynchronous Password Token - ANSWER-A one-time password is generated without the use of a clock,
either from a one-time pad or cryptographic algorithm.
Authorization - ANSWER-Determines whether a user is permitted to access a particular resource.
Connected Tokens - ANSWER-Must be physically connected to the computer to which the user is
authenticating.
Contactless Tokens - ANSWER-Form a logical connection to the client computer but do not require a
physical connection.
Disconnected Tokens - ANSWER-Have neither a physical nor logical connection to the client computer.
Entitlement - ANSWER-A set of rules, defined by the resource owner, for managing access to a resource
(asset, service, or entity) and for what purpose.
Identity Management - ANSWER-The task of controlling information about users on computers.
Proof of Identity - ANSWER-Verify people's identities before the enterprise issues them accounts and
credentials.
,Kerberos - ANSWER-A popular network authentication protocol for indirect (third-party) authentication
services.
Lightweight Directory Access Protocol (LDAP) - ANSWER-A client/server-based directory query protocol
loosely based on X.500, commonly used to manage user information. LDAP is a front end and not used to
manage or synchronize data per se as opposed to DNS.
Single Sign-On (SSO) - ANSWER-Designed to provide strong authentication using secret-key cryptography,
allowing a single identity to be shared across multiple applications.
Static Password Token - ANSWER-The device contains a password that is physically hidden (not visible to
the possessor) but that is transmitted for each authentication.
Synchronous Dynamic Password Token - ANSWER-A timer is used to rotate through various combinations
produced by a cryptographic algorithm.
Trust Path - ANSWER-A series of trust relationships that authentication requests must follow between
domains
6to4 - ANSWER-Transition mechanism for migrating from IPv4 to IPv6. It allows systems to use IPv6 to
communicate if their traffic has to transverse an IPv4 network.
Absolute addresses - ANSWER-Hardware addresses used by the CPU.
Abstraction - ANSWER-The capability to suppress unnecessary details so the important, inherent
properties can be examined and reviewed.
Accepted ways for handling risk - ANSWER-Accept, transfer, mitigate, avoid.
Access - ANSWER-The flow of information between a subject and an object.
,Access control matrix - ANSWER-A table of subjects and objects indicating what actions individual
subjects can take upon individual objects.
Access control model - ANSWER-An access control model is a framework that dictates how subjects
access objects.
Access controls - ANSWER-Are security features that control how users and systems communicate and
interact with other systems and resources.
Accreditation - ANSWER-Formal acceptance of the adequacy of a system's overall security by
management.
Active attack - ANSWER-Attack where the attacker does interact with processing or communication
activities.
ActiveX - ANSWER-A Microsoft technology composed of a set of OOP technologies and tools based on
COM and DCOM. It is a framework for defining reusable software components in a programming
language-independent manner
Address bus - ANSWER-Physical connections between processing components and memory segments
used to communicate the physical memory addresses being used during processing procedures.
Address resolution protocol (ARP) - ANSWER-A networking protocol used for resolution of network layer
IP addresses into link layer MAC addresses.
Address space layout randomization (ASLR) - ANSWER-Memory protection mechanism used by some
operating systems. The addresses used by components of a process are randomized so that it is harder
for an attacker to exploit specific memory vulnerabilities.
Algebraic attack - ANSWER-Cryptanalysis attack that exploits vulnerabilities within the intrinsic algebraic
structure of mathematical functions.
Algorithm - ANSWER-Set of mathematical and logic rules used in cryptographic functions.
, Analog signals - ANSWER-Continuously varying electromagnetic wave that represents and transmits
data.
Analytic attack - ANSWER-Cryptanalysis attack that exploits vulnerabilities within the algorithm structure.
Annualized loss expectancy (ALE) - ANSWER-Annual expected loss if a specific vulnerability is exploited
and how it affects a single asset. SLE × ARO = ALE.
Application programming interface (API) - ANSWER-Software interface that enables process-to-
process interaction. Common way to provide access to standard routines to a set of software programs.
Arithmetic logic unit (ALU) - ANSWER-A component of the computer's processing unit, in which
arithmetic and matching operations are performed.
AS/NZS 4360 - ANSWER-Australia and New Zealand business risk management assessment approach.
Assemblers - ANSWER-Tools that convert assembly code into the necessary machine-compatible binary
language for processing activities to take place.
Assembly language - ANSWER-A low-level programming language that is the mnemonic representation
of machine-level instructions.
Assurance evaluation criteria - ANSWER-Check-list and process of examining the security-relevant parts
of a system (TCB, reference monitor, security kernel) and assigning the system an assurance rating.
Asymmetric algorithm - ANSWER-Encryption method that uses two different key types, public and
private. Also called public key cryptography.
Asymmetric mode multiprocessing - ANSWER-When a computer has two or more CPUs and one CPU is
dedicated to a specific program while the other CPUs carry out general processing procedures
Answers 2023/2024
Access Control Object - ANSWER-A passive entity that typically receives or contains some form of data.
Access Control Subject - ANSWER-An active entity and can be any user, program, or process that
requests permission to cause data to flow from an access control object to the access control subject or
between access control objects.
Asynchronous Password Token - ANSWER-A one-time password is generated without the use of a clock,
either from a one-time pad or cryptographic algorithm.
Authorization - ANSWER-Determines whether a user is permitted to access a particular resource.
Connected Tokens - ANSWER-Must be physically connected to the computer to which the user is
authenticating.
Contactless Tokens - ANSWER-Form a logical connection to the client computer but do not require a
physical connection.
Disconnected Tokens - ANSWER-Have neither a physical nor logical connection to the client computer.
Entitlement - ANSWER-A set of rules, defined by the resource owner, for managing access to a resource
(asset, service, or entity) and for what purpose.
Identity Management - ANSWER-The task of controlling information about users on computers.
Proof of Identity - ANSWER-Verify people's identities before the enterprise issues them accounts and
credentials.
,Kerberos - ANSWER-A popular network authentication protocol for indirect (third-party) authentication
services.
Lightweight Directory Access Protocol (LDAP) - ANSWER-A client/server-based directory query protocol
loosely based on X.500, commonly used to manage user information. LDAP is a front end and not used to
manage or synchronize data per se as opposed to DNS.
Single Sign-On (SSO) - ANSWER-Designed to provide strong authentication using secret-key cryptography,
allowing a single identity to be shared across multiple applications.
Static Password Token - ANSWER-The device contains a password that is physically hidden (not visible to
the possessor) but that is transmitted for each authentication.
Synchronous Dynamic Password Token - ANSWER-A timer is used to rotate through various combinations
produced by a cryptographic algorithm.
Trust Path - ANSWER-A series of trust relationships that authentication requests must follow between
domains
6to4 - ANSWER-Transition mechanism for migrating from IPv4 to IPv6. It allows systems to use IPv6 to
communicate if their traffic has to transverse an IPv4 network.
Absolute addresses - ANSWER-Hardware addresses used by the CPU.
Abstraction - ANSWER-The capability to suppress unnecessary details so the important, inherent
properties can be examined and reviewed.
Accepted ways for handling risk - ANSWER-Accept, transfer, mitigate, avoid.
Access - ANSWER-The flow of information between a subject and an object.
,Access control matrix - ANSWER-A table of subjects and objects indicating what actions individual
subjects can take upon individual objects.
Access control model - ANSWER-An access control model is a framework that dictates how subjects
access objects.
Access controls - ANSWER-Are security features that control how users and systems communicate and
interact with other systems and resources.
Accreditation - ANSWER-Formal acceptance of the adequacy of a system's overall security by
management.
Active attack - ANSWER-Attack where the attacker does interact with processing or communication
activities.
ActiveX - ANSWER-A Microsoft technology composed of a set of OOP technologies and tools based on
COM and DCOM. It is a framework for defining reusable software components in a programming
language-independent manner
Address bus - ANSWER-Physical connections between processing components and memory segments
used to communicate the physical memory addresses being used during processing procedures.
Address resolution protocol (ARP) - ANSWER-A networking protocol used for resolution of network layer
IP addresses into link layer MAC addresses.
Address space layout randomization (ASLR) - ANSWER-Memory protection mechanism used by some
operating systems. The addresses used by components of a process are randomized so that it is harder
for an attacker to exploit specific memory vulnerabilities.
Algebraic attack - ANSWER-Cryptanalysis attack that exploits vulnerabilities within the intrinsic algebraic
structure of mathematical functions.
Algorithm - ANSWER-Set of mathematical and logic rules used in cryptographic functions.
, Analog signals - ANSWER-Continuously varying electromagnetic wave that represents and transmits
data.
Analytic attack - ANSWER-Cryptanalysis attack that exploits vulnerabilities within the algorithm structure.
Annualized loss expectancy (ALE) - ANSWER-Annual expected loss if a specific vulnerability is exploited
and how it affects a single asset. SLE × ARO = ALE.
Application programming interface (API) - ANSWER-Software interface that enables process-to-
process interaction. Common way to provide access to standard routines to a set of software programs.
Arithmetic logic unit (ALU) - ANSWER-A component of the computer's processing unit, in which
arithmetic and matching operations are performed.
AS/NZS 4360 - ANSWER-Australia and New Zealand business risk management assessment approach.
Assemblers - ANSWER-Tools that convert assembly code into the necessary machine-compatible binary
language for processing activities to take place.
Assembly language - ANSWER-A low-level programming language that is the mnemonic representation
of machine-level instructions.
Assurance evaluation criteria - ANSWER-Check-list and process of examining the security-relevant parts
of a system (TCB, reference monitor, security kernel) and assigning the system an assurance rating.
Asymmetric algorithm - ANSWER-Encryption method that uses two different key types, public and
private. Also called public key cryptography.
Asymmetric mode multiprocessing - ANSWER-When a computer has two or more CPUs and one CPU is
dedicated to a specific program while the other CPUs carry out general processing procedures
