100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
SSCP Test Questions and Answers $16.99   Add to cart

Exam (elaborations)

SSCP Test Questions and Answers

 3 views  0 purchase
  • Course
  • SSCP - Systems Security Certified Practitioner
  • Institution
  • SSCP - Systems Security Certified Practitioner

SSCP Test Questions and Answers

Preview 4 out of 40  pages

  • November 4, 2024
  • 40
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • SSCP - Systems Security Certified Practitioner
  • SSCP - Systems Security Certified Practitioner
avatar-seller
Zanaya
SSCP




CIANA Security Paradigm - Answer-1. Confidentiality

2. Integrity

3. Authorization

4. Nonrepudiation

5. Authentication



Confidentiality - Answer-violated if any process or person can read, copy, redistribute, or make use of
data we deem private or of competitive advantage worthy of protection as trade secrets, proprietary, or
restricted information ; the first of the CIANA security paradigm ; sharing secrets ; legal and ethical
concept abut privileged communications or privileged information ; How much we can trust that the
information we're about to use to make a decision has not been seen by unauthorized people



Integrity - Answer-lost if any person or process can modify data or metadata, or execute processes out
of sequence or with bad input data ; the second of the CIANA security paradigm ; something is whole
and complete and its parts are smoothly joined together



Authorization - Answer-Granting of permission to use data - cannot make sense if there's no way to
validate to whom or what we are granting that permission ; the third of the CIANA security paradigm ;
requires a 2 step process and is the 2nd step of the triple A of identity management and access control

,1. Assigning privileges during provisioning (which permissions or privileges to grant to an identity and
whether additional constraints or conditions apply to those permissions)

2. Authorizing a specific access request - determine whether specifics of the access request are allowed
by the permissions et in the access control tables



Nonrepudiation - Answer-Can't exist if we can't validate or prove that the person or process in question
is in fact who they claim to be and that their identity hasn't been spoofed by a man-in the middle kind fo
attacker ; the fourth of the CIANA security paradigm ; use of public key infrastructure and its use of
asymmetric encryption



Availability - Answer-Rapidly dwindles to zero if nothing stops data or metadata from unauthorized
modification or deletion ; the fifth of the CIANA security paradigm



Process of Identifying a Subject - Answer-1. Ask (or device offers) a claim as to who or what it is

2. Claimant offers further supporting information that attests to the truth of that claim

3. Verify the believability (credibility or trustworthiness) of that supporting information

4. Ask for additional supporting information or ask a trusted 3rd party to AUTHENTICATE that
information

5. Conclude subject is whom or what it claims to be



Identity Management Lifecycle - Answer-Describes series of steps in which a subject's identity is initially
created, initialized for use, modified as needs and circumstances change, and finally retired from
authorized used in a particular information system ; provisioning —> review —> revocation



Provisioning - Answer-Starts with initial claim of identity and a request to create a set of credentials for
that identity and distributes it throughout the organization's identity and access control systems and
data structures, starting with management's review and approval of the access request, identifying
information to be used, and privileges requested ; key to this step is IDENTITY PROOFING ; push of this
can take minutes, hours, or even a day or more; an urgent push can force a near-real-time update if
management deems necessary ; 1st step of identity management lifecycle

,Review - Answer-Ongoing process that checks whether the set of access privileges granted to a subject
are still required or if any should be modified or removed ; be careful of PRIVILEGE CREEP during this ;
2nd step of identity management lifecycle



Revocation - Answer-Formal process of terminating access privileges for a specific identity in a system ;
3rd and final step of identity management lifecycle



Identity Proofing - Answer-Separately validates that the evidence of identity as submitted by the
applicant is truthful, authoritative, and current ; a key step of provisioning In the Identity Management
Lifecycle



Privilege Creep - Answer-Duties have changed and yet privileges that are no longer actually needed
remain in effect for a given user ; be careful of this during the REVIEW step in the Identity Management
Lifecycle ; The only weakness of role-based access control



Revoking - Answer-Blocks identity from further access but changes no other data pertaining to that
identity, no matter where it might be stored in your systems



Deleting - Answer-Catastrophic loss of information



Triple A of Identity Management And Access Control - Answer-Authenticate, Authorize, and Accounting



Authentication - Answer-Where everything must start ; act of examining or testing the identity
credentials provided by a subject that is requesting access, and based on information in the access
control list, either GRANTING (accepts) access, DENYING it, or REQUESTING ADDITIONAL credential
information before making an access determination ; 1st step of triple A of identity management and
access control ; provided by identity management and access control



Accounting - Answer-Trust but verify ; gathers data from within the access control process to monitor
the lifecycle of an access, from its initial request and permissions being granted through the interactions

, by the subject with the object, to capturing the manner in which the access is terminated ; 3rd step of
triple A of identity management and access control



Subject - Answer-Try to perform an action upon an object (i.e. reading, changing, executing, or doing
anything) ; can be anything requesting access to or attempting to access anything in our system,
whether data or metadata, people, devices or another process ; can be people, software processes,
devices, or services being provided by other web-based systems ; an access control concept



Object - Answer-Gatekeeper of information ; thing that has access ; an access control concept



Example of Subject - Answer-Example: as user of your company's systems you have in your possession
knowledge of your user ID, password, and the proper ways to log on and access certain information of
assets. You long on as what when you access that information?



Example of Object (attacker) and Subject (user) - Answer-Example: as user of your company's systems,
an attacker tries to get you to disclose your user ID and password. In this example the attacker is the
_____ while you are the _____



TLP: RED - Answer-US-Cert Traffic Light Protocol - when information cannot be effectively acted upon by
additional parties and could lead to impact on party's privacy, reputation, or operations ; may not share
with any parties outside specific exchange and only information is limited to those present in the
meeting ; should be exchanged verbally or in person



How TLP:RED May Be Shared - Answer-US-Cert Traffic Light Protocol that should be exchanged verbally
or in person ; not for disclosure and restricted to participants only



TLP: Amber - Answer-US-Cert Traffic Light Protocol - when information requires support to be
effectively acted upon, yet carries risks to privacy, reputation, or operations if shared outside of the
organizations involved ; recipients may only share information with members of their OWN ORG or with
CLIENTS OR CUSTOMERS WHO NEED TO KNOW ; sources are at liberty to specify additional intended
limits of the sharing

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Zanaya. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $16.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

76799 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$16.99
  • (0)
  Add to cart