SSCP Exam Solved Correctly
HIPAA/HITECH - Answer- Health information
FERPA - Answer- Educational records
GLBA - Answer- Financial services sector
COPPA - Answer- Information related to children under the age of 13
Privacy Act of 1974 - Answer- Information held by federal agencies
GDPR - Answer- PII of European Union residents
PIPEDA - Answer- PII of Canadian residents
APEC CPEA - Answer- PII of residents of Asian-Pacific nations
Confidentiality - Answer- Prevents unauthorized disclosure
Integrity - Answer- Prevents unauthorized alteration
Availability - Answer- Ensures authorized access
Accountability - Answer- Provides the ability to trace every action taken on a system
back to an individual user without any ambiguity
Non-repudiation - Answer- Prevents the user from denying responsibility for an action
Deterrent Controls - Answer- Seek to dissuade an attacker from attempting to violate a
security policy
Preventative Controls - Answer- Seek to block an attempt to violate a security policy
from succeeding
Detective Controls - Answer- Seek to identify attack attempts that do occur
Need to know - Answer- Requires a legitimate business need to access information
Least privilege - Answer- Grants individuals the minimum necessary permissions to
perform their jobs
Separation of duties - Answer- Blocks someone from having two sensitive privileges in
combination
,Two-person control - Answer- Requires two people to perform a sensitive activity
Mandatory vacations - Answer- Seek to prevent fraudulent activity by uncovering
malfeasance
Corrective Controls - Answer- Seek to restore normal service after a disruption
Compensating Controls - Answer- Seek to address a gap created by the absence of
another required control
Technical Controls - Answer- Use technological means to achieve control objectives
Physical Controls - Answer- Use real-world physical means to achieve control
objectives
Administrative Controls - Answer- Use policy and procedure mechanisms to achieve
control objectives
Due care - Answer- Taking reasonable steps to protect the interest of the organization
Due diligence - Answer- Ensures that reasonable steps are carried out
Criminal laws - Answer- Laws that may involve prison or fines.
Civil laws - Answer- Laws that regulate non-criminal disputes.
Administrative laws - Answer- Laws set by government agencies.
Regulations - Answer- Rules from industry bodies.
Request control - Answer- Manages, evaluates, and prioritizes inbound requests from
customers.
Change control - Answer- Grants permission for developers to make changes to
application code.
Release control - Answer- Moves code from the development environment into
production.
Security professionals - Answer- Responsible for assessing and ensuring the
organization's compliance with internal policies and external laws, regulations, and
contractual obligations.
Asset management systems - Answer- Track hardware, software, and data assets
throughout their lifecycle.
, DevOps - Answer- A collaborative approach that combines software development (Dev)
and IT operations (Ops) to improve the efficiency, speed, and quality of software
delivery.
DevSecOps - Answer- Integrates security practices into the DevOps process, ensuring
that security is a shared responsibility throughout the entire software development
lifecycle.
Lifecycle stages - Answer- Include process, planning, design, initiation, development or
acquisition, inventory and licensing, implementation and assessment,
operation/maintenance/end of life, archiving and retention requirements, disposal and
destruction.
FRR - Answer- False Rejection Rate.
FAR - Answer- False Acceptance Rate.
Identification - Answer- Where a user makes a claim of identity.
Authentication - Answer- Where the user proves the claim of identity.
Authorization - Answer- Where the system confirms that the user is permitted to perform
the requested action.
CER - Answer- Crossover Error Rate.
Access control systems - Answer- Seek to limit the access that subjects have to objects.
Sensitivity - Answer- Refers to the level of protection required for information.
Single sign-on (SSO) - Answer- Allows the use of a single account across multiple
systems without requiring repeated logins.
Federation - Answer- Shares account information across systems belonging to different
service providers.
Technical controls - Answer- Use hardware and software mechanisms, such as firewalls
and intrusion prevention systems, to limit access.
Physical controls - Answer- Limit physical access to controlled spaces, such as locks
and keys.
Administrative controls - Answer- Provide management of personnel and business
practices, such as account reviews.
HIPAA/HITECH - Answer- Health information
FERPA - Answer- Educational records
GLBA - Answer- Financial services sector
COPPA - Answer- Information related to children under the age of 13
Privacy Act of 1974 - Answer- Information held by federal agencies
GDPR - Answer- PII of European Union residents
PIPEDA - Answer- PII of Canadian residents
APEC CPEA - Answer- PII of residents of Asian-Pacific nations
Confidentiality - Answer- Prevents unauthorized disclosure
Integrity - Answer- Prevents unauthorized alteration
Availability - Answer- Ensures authorized access
Accountability - Answer- Provides the ability to trace every action taken on a system
back to an individual user without any ambiguity
Non-repudiation - Answer- Prevents the user from denying responsibility for an action
Deterrent Controls - Answer- Seek to dissuade an attacker from attempting to violate a
security policy
Preventative Controls - Answer- Seek to block an attempt to violate a security policy
from succeeding
Detective Controls - Answer- Seek to identify attack attempts that do occur
Need to know - Answer- Requires a legitimate business need to access information
Least privilege - Answer- Grants individuals the minimum necessary permissions to
perform their jobs
Separation of duties - Answer- Blocks someone from having two sensitive privileges in
combination
,Two-person control - Answer- Requires two people to perform a sensitive activity
Mandatory vacations - Answer- Seek to prevent fraudulent activity by uncovering
malfeasance
Corrective Controls - Answer- Seek to restore normal service after a disruption
Compensating Controls - Answer- Seek to address a gap created by the absence of
another required control
Technical Controls - Answer- Use technological means to achieve control objectives
Physical Controls - Answer- Use real-world physical means to achieve control
objectives
Administrative Controls - Answer- Use policy and procedure mechanisms to achieve
control objectives
Due care - Answer- Taking reasonable steps to protect the interest of the organization
Due diligence - Answer- Ensures that reasonable steps are carried out
Criminal laws - Answer- Laws that may involve prison or fines.
Civil laws - Answer- Laws that regulate non-criminal disputes.
Administrative laws - Answer- Laws set by government agencies.
Regulations - Answer- Rules from industry bodies.
Request control - Answer- Manages, evaluates, and prioritizes inbound requests from
customers.
Change control - Answer- Grants permission for developers to make changes to
application code.
Release control - Answer- Moves code from the development environment into
production.
Security professionals - Answer- Responsible for assessing and ensuring the
organization's compliance with internal policies and external laws, regulations, and
contractual obligations.
Asset management systems - Answer- Track hardware, software, and data assets
throughout their lifecycle.
, DevOps - Answer- A collaborative approach that combines software development (Dev)
and IT operations (Ops) to improve the efficiency, speed, and quality of software
delivery.
DevSecOps - Answer- Integrates security practices into the DevOps process, ensuring
that security is a shared responsibility throughout the entire software development
lifecycle.
Lifecycle stages - Answer- Include process, planning, design, initiation, development or
acquisition, inventory and licensing, implementation and assessment,
operation/maintenance/end of life, archiving and retention requirements, disposal and
destruction.
FRR - Answer- False Rejection Rate.
FAR - Answer- False Acceptance Rate.
Identification - Answer- Where a user makes a claim of identity.
Authentication - Answer- Where the user proves the claim of identity.
Authorization - Answer- Where the system confirms that the user is permitted to perform
the requested action.
CER - Answer- Crossover Error Rate.
Access control systems - Answer- Seek to limit the access that subjects have to objects.
Sensitivity - Answer- Refers to the level of protection required for information.
Single sign-on (SSO) - Answer- Allows the use of a single account across multiple
systems without requiring repeated logins.
Federation - Answer- Shares account information across systems belonging to different
service providers.
Technical controls - Answer- Use hardware and software mechanisms, such as firewalls
and intrusion prevention systems, to limit access.
Physical controls - Answer- Limit physical access to controlled spaces, such as locks
and keys.
Administrative controls - Answer- Provide management of personnel and business
practices, such as account reviews.
