100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
SSCP Review Questions with Correct Answers-Latest Update. $25.49   Add to cart

Exam (elaborations)

SSCP Review Questions with Correct Answers-Latest Update.

 1 view  0 purchase
  • Course
  • SSCP
  • Institution
  • SSCP

SSCP Review Questions with Correct AnswersLatest Update. How many years of experience are required to earn the Associate of (ISC)2 designation? A. Zero B. One C. Two D. Five - Correct Answer [Security Fundamentals] A. You don't need to meet the experience requirement to earn the Associate o...

[Show more]

Preview 4 out of 81  pages

  • November 9, 2024
  • 81
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • sscp
  • SSCP
  • SSCP
avatar-seller
Pronurse
SSCP Review Questions with Correct Answers-
Latest Update.
How many years of experience are required to earn the Associate of (ISC)2
designation?

A. Zero
B. One
C. Two
D. Five - Correct Answer [Security Fundamentals]

A. You don't need to meet the experience requirement to earn the Associate of (ISC)2
designation, so zero years of experience are required. The SSCP certification requires
one year of direct full-time security work experience. If you earn the Associate of (ISC)2
designation, you have two years from the date (ISC)2 notifies you that you have passed
the SSCP exam to obtain the required experience and apply to become a fully certified
SSCP (which includes submitting the required endorsement form). The CISSP
certification requires five years of experience.

What are the three elements of the security triad?

A. Authentication authorization, and accounting
B. Confidentiality, integrity, and availability
C. Identification, authentication, and authorization
D. Confidentiality, integrity, and authorization - Correct Answer [Security Fundamentals]

B. The CIA security triad includes three fundamental principles of security designed to
prevent losses in confidentiality, integrity, and availability. Authentication, authorization,
and accounting are the AAAs of security, and identification, authentication, and
authorization are required for accountability, but these are not part of the CIA security
triad.

Who is responsible for ensuring that security controls are in place to protect against the
loss of confidentiality integrity, or availability of their systems and data?

A. IT administrators
B. System and information owners
C. CFO
D. Everyone - Correct Answer [Security Fundamentals]

B. System and information owners are responsible for ensuring that these security
controls are in place. IT administrators or other IT security personnel might implement
and maintain them. While it can be argued that the Chief Executive Officer (CEO) is
ultimately responsible for all security, the Chief Financial Officer is responsible for

,finances, not IT security. Assigning responsibility to everyone results in no one taking
responsibility.

You are sending an e-mail to a business partner that includes proprietary data. You
want to ensure that the partner can access the data but that no one else can. What
security principle should you apply?

A. Authentication
B. Availability
C. Confidentiality
D. Integrity - Correct Answer [Security Fundamentals]

C. Confidentiality helps prevent the unauthorized disclosure of data to unauthorized
personnel, and you can enforce it with encryption in this scenario. Authentication allows
a user to claim an identity (such as with a username) and prove the identity (such as
with a password). Availability ensures that data is available when needed. Integrity
ensures that the data hasn't been modified.

Your organization wants to ensure that attackers are unable to modify data within a
database. What security principle is the organization trying to enforce?

A. Accountability
B. Availability
C. Confidentiality
D. Integrity - Correct Answer [Security Fundamentals]

D. Integrity ensures that data is not modified, and this includes data within a database.
Accountability ensures that systems identify users, track their actions, and monitor their
behavior. Availability ensures that IT systems and data are available when needed.
Confidentiality protects against the unauthorized disclosure of data.

An organization wants to ensure that authorized employees are able to access
resources during normal business hours. What security principle is the organization
trying to enforce?

A. Accountability
B. Availability
C. Integrity
D. Confidentiality - Correct Answer [Security Fundamentals]

B. Availability ensures that IT systems and data are available when needed, such as
during normal business hours. Accountability ensures that users are accurately
identified and authenticated, and their actions are tracked with logs. Integrity ensures
that data is not modified. Confidentiality protects the unauthorized disclosure of data to
unauthorized users.

,An organization has created a disaster recovery plan. What security principle is the
organization trying to enforce?

A. Authentication
B. Availability
C. Integrity
D. Confidentiality - Correct Answer [Security Fundamentals]

B. Availability ensures that IT systems and data are available when needed. Disaster
recovery plans help an organization ensure availability of critical systems after a
disaster. Users prove their identity with authentication. Integrity provides assurances
that data and systems have not been modified. Confidentiality protects against the
unauthorized disclosure of data.

Your organization has implemented a least privilege policy. Which of the following
choices describes the most likely result of this policy?

A. It adds multiple layers of security.
B. No single user has full control over any process.
C. Users can only access data they need to perform their jobs.
D. It prevents users from denying they took an action. - Correct Answer [Security
Fundamentals]

C. The principle of least privilege ensures that users have access to the data they need
to perform their jobs, but no more. Defense in depth ensures an organization has
multiple layers of security. Separation of duties ensures that no single user has full
control over any process. Non-repudiation prevents users from denying they took an
action.

Your organization wants to implement policies that will deter fraud by dividing job
responsibilities. Which of the following policies should they implement?

A. Nonrepudiation
B. Least privilege
C. Defense in depth
D. Separation of duties - Correct Answer [Security Fundamentals]

D. Separation of duties helps prevent fraud by dividing job responsibilities and ensuring
that no single person has complete control over an entire process. Nonrepudiation
ensures that parties are not able to deny taking an action. The principle of least privilege
ensures that users have only the rights and permissions they need to perform their jobs,
but no more. Defense in depth provides a layered approach to security.

Which one of the following concepts provides the strongest security?

A. Defense in depth

, B. Nonrepudiation
C. Security triad
D. AAAs of security - Correct Answer [Security Fundamentals]

A. Defense in depth provides a layered approach to security by implementing several
different security practices simultaneously and is the best choice of
the available answers to provide the strongest security. The security triad
(confidentiality, integrity, and availability) identifies the main goals of security.
Nonrepudiation prevents an individual from denying that he or she took an action. The
AAAs of security are authentication, authorization, and accounting.

Which of the following would a financial institution use to validate an e-commerce
transaction?

A. Nonrepudiation
B. Least privilege
C. Authentication
D. Signature - Correct Answer [Security Fundamentals]

A. Digital signatures used by some online institutions to validate transactions and
provide nonrepudiation. Least privilege ensures that users have only the rights and
permissions they need to perform their jobs, and no more. Authentication verifies a
user's identity. A written signature is not used in e-commerce.

What are the AAAs of information security?

A. Authentication, availability, and authorization
B. Accounting, authentication, and availability
C. Authentication, authorization, and accounting
D. Availability, accountability, and authorization - Correct Answer [Security
Fundamentals]

C. The AAAs of information security are authentication, authorization, and accounting.
Availability is part of the CIA security triad (confidentiality, integrity, and availability), but
it is not part of the AAAs of information security.

You want to ensure that a system can identify individual users track their activity, and
log their actions. What does this provide?

A. Accountability
B. Availability
C. Authentication
D. Authorization - Correct Answer [Security Fundamentals]

A. If a system can identify individual users, track their activity, and log their actions, it
provides accountability. Availability ensures the system is operational when needed.

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Pronurse. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $25.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

79223 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$25.49
  • (0)
  Add to cart