100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
SSCP Exam Review Questions. With correct and verified answers $9.99   Add to cart

Exam (elaborations)

SSCP Exam Review Questions. With correct and verified answers

 8 views  0 purchase
  • Course
  • SSCP - Systems Security Certified Practitioner
  • Institution
  • SSCP - Systems Security Certified Practitioner

SSCP Exam Review Questions. With correct and verified answers How many years of experience are required to earn the Associate of (ISC)2 designation? A. Zero B. One C. Two D. Five Correct answer [Security Fundamentals] A. You don't need to meet the experience requirement to earn th...

[Show more]

Preview 4 out of 73  pages

  • October 10, 2024
  • 73
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • SSCP - Systems Security Certified Practitioner
  • SSCP - Systems Security Certified Practitioner
avatar-seller
Smith01
SSCP Exam Review Questions.
With correct and verified answers
How many years of experience are required to earn the Associate of (ISC)2 designation?

A. Zero
B. One
C. Two
D. Five

Correct answer [Security Fundamentals]

A. You don't need to meet the experience requirement to earn the Associate of (ISC)2 designation, so
zero years of experience are required. The SSCP certification requires one year of direct full-time
security work experience. If you earn the Associate of (ISC)2 designation, you have two years from
the date (ISC)2 notifies you that you have passed the SSCP exam to obtain the required experience
and apply to become a fully certified SSCP (which includes submitting the required endorsement
form). The CISSP certification requires five years of experience."

"What are the three elements of the security triad?

A. Authentication authorization, and accounting
B. Confidentiality, integrity, and availability
C. Identification, authentication, and authorization
D. Confidentiality, integrity, and authorization –

Correct answer [Security Fundamentals]

B. The CIA security triad includes three fundamental principles of security designed to prevent losses
in confidentiality, integrity, and availability. Authentication, authorization, and accounting are the
AAAs of security, and identification, authentication, and authorization are required for accountability,
but these are not part of the CIA security triad."

"Who is responsible for ensuring that security controls are in place to protect against the loss of
confidentiality integrity, or availability of their systems and data?

A. IT administrators
B. System and information owners
C. CFO
D. Everyone - Correct answer

[Security Fundamentals]

,B. System and information owners are responsible for ensuring that these security controls are in
place. IT administrators or other IT security personnel might implement and maintain them. While it
can be argued that the Chief Executive Officer (CEO) is ultimately responsible for all security, the
Chief Financial Officer is responsible for finances, not IT security. Assigning responsibility to everyone
results in no one taking responsibility."

"You are sending an e-mail to a business partner that includes proprietary data. You want to ensure
that the partner can access the data but that no one else can. What security principle should you
apply?

A. Authentication
B. Availability
C. Confidentiality
D. Integrity –

Correct answer [Security Fundamentals]

C. Confidentiality helps prevent the unauthorized disclosure of data to unauthorized personnel, and
you can enforce it with encryption in this scenario. Authentication allows a user to claim an identity
(such as with a username) and prove the identity (such as with a password). Availability ensures that
data is available when needed. Integrity ensures that the data hasn't been modified."

"Your organization wants to ensure that attackers are unable to modify data within a database. What
security principle is the organization trying to enforce?

A. Accountability
B. Availability
C. Confidentiality
D. Integrity –

Correct answer [Security Fundamentals]

D. Integrity ensures that data is not modified, and this includes data within a database.
Accountability ensures that systems identify users, track their actions, and monitor their behavior.
Availability ensures that IT systems and data are available when needed. Confidentiality protects
against the unauthorized disclosure of data."

"An organization wants to ensure that authorized employees are able to access resources during
normal business hours. What security principle is the organization trying to enforce?

A. Accountability
B. Availability
C. Integrity
D. Confidentiality –

Correct answer [Security Fundamentals]

,B. Availability ensures that IT systems and data are available when needed, such as during normal
business hours. Accountability ensures that users are accurately identified and authenticated, and
their actions are tracked with logs. Integrity ensures that data is not modified. Confidentiality
protects the unauthorized disclosure of data to unauthorized users."

"An organization has created a disaster recovery plan. What security principle is the organization
trying to enforce?

A. Authentication
B. Availability
C. Integrity
D. Confidentiality –

Correct answer [Security Fundamentals]

B. Availability ensures that IT systems and data are available when needed. Disaster recovery plans
help an organization ensure availability of critical systems after a disaster. Users prove their identity
with authentication. Integrity provides assurances that data and systems have not been modified.
Confidentiality protects against the unauthorized disclosure of data."

"Your organization has implemented a least privilege policy. Which of the following choices describes
the most likely result of this policy?

A. It adds multiple layers of security.
B. No single user has full control over any process.
C. Users can only access data they need to perform their jobs.
D. It prevents users from denying they took an action. –

Correct answer [Security Fundamentals]

C. The principle of least privilege ensures that users have access to the data they need to perform
their jobs, but no more. Defense in depth ensures an organization has multiple layers of security.
Separation of duties ensures that no single user has full control over any process. Non-repudiation
prevents users from denying they took an action."

"Your organization wants to implement policies that will deter fraud by dividing job responsibilities.
Which of the following policies should they implement?

A. Nonrepudiation
B. Least privilege
C. Defense in depth
D. Separation of duties - Correct answer [Security Fundamentals]

D. Separation of duties helps prevent fraud by dividing job responsibilities and ensuring that no
single person has complete control over an entire process. Nonrepudiation ensures that parties are
not able to deny taking an action. The principle of least privilege ensures that users have only the
rights and permissions they need to perform their jobs, but no more. Defense in depth provides a
layered approach to security."

, "Which one of the following concepts provides the strongest security?

A. Defense in depth
B. Nonrepudiation
C. Security triad
D. AAAs of security - Correct answer [Security Fundamentals]

A. Defense in depth provides a layered approach to security by implementing several different
security practices simultaneously and is the best choice of
the available answers to provide the strongest security. The security triad (confidentiality, integrity,
and availability) identifies the main goals of security. Nonrepudiation prevents an individual from
denying that he or she took an action. The AAAs of security are authentication, authorization, and
accounting."

"Which of the following would a financial institution use to validate an e-commerce transaction?

A. Nonrepudiation
B. Least privilege
C. Authentication
D. Signature - Correct answer [Security Fundamentals]

A. Digital signatures used by some online institutions to validate transactions and provide
nonrepudiation. Least privilege ensures that users have only the rights and permissions they need to
perform their jobs, and no more. Authentication verifies a user's identity. A written signature is not
used in e-commerce."

"What are the AAAs of information security?

A. Authentication, availability, and authorization
B. Accounting, authentication, and availability
C. Authentication, authorization, and accounting
D. Availability, accountability, and authorization - Correct answer [Security Fundamentals]

C. The AAAs of information security are authentication, authorization, and accounting. Availability is
part of the CIA security triad (confidentiality, integrity, and availability), but it is not part of the AAAs
of information security."

"You want to ensure that a system can identify individual users track their activity, and log their
actions. What does this provide?

A. Accountability
B. Availability
C. Authentication
D. Authorization - Correct answer [Security Fundamentals]

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Smith01. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $9.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

67163 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$9.99
  • (0)
  Add to cart