SSCP REVIEW QUESTIONS & ANSWERS. 100%
ACCURATE, RATED A+
How many years of experience are required to earn the Associate of (ISC)2 designation?
A. Zero
B. One
C. Two
D. Five - -[Security Fundamentals]
A. You don't need to meet the experience requirement to earn the Associate of (ISC)2 desi...
1 SSCP REVIEW QUESTIONS & ANSWERS . 100% ACCURATE , RATED A+ How many years of ex perience are required to earn the Associate of (ISC)2 designation? A. Zero B. One C. Two D. Five - ✅✅ -[Security Fundamentals] A. You don't need to meet the experience requirement to earn the Associate of (ISC)2 designation, so zero years of experience are required. The SSCP certification requires one year of direct full -time security work experience. If you earn the Associate of (ISC)2 designation, you have two years from the date (ISC)2 notifies you that you have passed the SSCP exam to obtain the required experience and apply to become a fully certified SSCP (which includes submitting the required endorsement form). The CISSP ce rtification requires five years of experience. What are the three elements of the security triad? A. Authentication authorization, and accounting B. Confidentiality, integrity, and availability C. Identification, authentication, and authorization D. Con fidentiality, integrity, and authorization - ✅✅ -[Security Fundamentals] B. The CIA security triad includes three fundamental principles of security designed to prevent losses in confidentiality, integrity, and availability. Authentication, authorization, and accounting are the AAAs of security, and identification, authentication, and authorization are required for accountability, but these are not part of the CIA security triad. Who is responsible for ensuring that security controls are in place to protec t against the loss of confidentiality integrity, or availability of their systems and data? A. IT administrators B. System and information owners C. CFO D. Everyone - ✅✅ -[Security Fundamentals] B. System and information owners are responsible for ensuri ng that these security controls are in place. IT administrators or other IT security personnel might implement and maintain them. While it can be argued that the Chief Executive Officer (CEO) is ultimately responsible for all security, the Chief Financial Officer is responsible for finances, not IT security. Assigning responsibility to everyone results in no one taking responsibility. You are sending an e -mail to a business partner that includes proprietary data. You want to ensure that the partner can acc ess the data but that no one else can. What security principle should you apply? A. Authentication B. Availability C. Confidentiality D. Integrity - ✅✅ -[Security Fundamentals] C. Confidentiality helps prevent the unauthorized disclosure of data to unaut horized personnel, and you can enforce it with encryption in this scenario. Authentication allows a user to claim an identity (such as with a username) and prove the identity (such as with a password). Availability ensures that data is available when neede d. Integrity ensures that the data hasn't been modified. Your organization wants to ensure that attackers are unable to modify data within a database. What security principle is the organization trying to enforce? A. Accountability B. Availability C. Confidentiality D. Integrity - ✅✅ -[Security Fundamentals] D. Integrity ensures that data is not modified, and this includes data within a database. Accountability ensures that systems identify users, track their actions, and monitor their behavior. Ava ilability ensures that IT systems and data are available when needed. Confidentiality protects against the unauthorized disclosure of data. An organization wants to ensure that authorized employees are able to access resources during normal business hours . What security principle is the organization trying to enforce? A. Accountability B. Availability C. Integrity D. Confidentiality - ✅✅ -[Security Fundamentals] B. Availability ensures that IT systems and data are available when needed, such as during no rmal business hours. Accountability ensures that users are accurately identified and authenticated, and their actions are tracked with logs. Integrity ensures that data is not modified. Confidentiality protects the unauthorized disclosure of data to unauth orized users. An organization has created a disaster recovery plan. What security principle is the organization trying to enforce? A. Authentication B. Availability C. Integrity D. Confidentiality - ✅✅ -[Security Fundamentals] B. Availability ensures th at IT systems and data are available when needed. Disaster recovery plans help an organization ensure availability of critical systems after a disaster. Users prove their identity with authentication. Integrity provides assurances that data and systems hav e not been modified. Confidentiality protects against the unauthorized disclosure of data. Your organization has implemented a least privilege policy. Which of the following choices describes the most likely result of this policy? A. It adds multiple layers of security. B. No single user has full control over any process. C. Users can only access data they need to perform their jobs. D. It prevents users from denying they took an action. - ✅✅ -[Security Fundamentals] C. The principl e of least privilege ensures that users have access to the data they need to perform their jobs, but no more. Defense in depth ensures an organization has multiple layers of security. Separation of duties ensures that no single user has full control over a ny process. Non -repudiation prevents users from denying they took an action. Your organization wants to implement policies that will deter fraud by dividing job responsibilities. Which of the following policies should they implement? A. Nonrepudiation B. Least privilege C. Defense in depth D. Separation of duties - ✅✅ -[Security Fundamentals] D. Separation of duties helps prevent fraud by dividing job responsibilities and ensuring that no single person has complete control over an entire process. Nonrepu diation ensures that parties are not able to deny taking an action. The principle of least privilege ensures that users have only the rights and permissions they need to perform their jobs, but no more. Defense in depth provides a layered approach to secur ity. Which one of the following concepts provides the strongest security? A. Defense in depth B. Nonrepudiation C. Security triad
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Terryl. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.