New Year Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

ISC SSCP Exam Made Easy: Step-by-Step Preparation Guide

Questions 1

What is called the percentage of valid subjects that are falsely rejected by a Biometric Authentication system?

Options:
A.

False Rejection Rate (FRR) or Type I Error

B.

False Acceptance Rate (FAR) or Type II Error

C.

Crossover Error Rate (CER)

D.

True Rejection Rate (TRR) or Type III Error

ISC SSCP Premium Access
Questions 2

In an organization where there are frequent personnel changes, non-discretionary access control using Role Based Access Control (RBAC) is useful because:

Options:
A.

people need not use discretion

B.

the access controls are based on the individual's role or title within the organization.

C.

the access controls are not based on the individual's role or title within the organization

D.

the access controls are often based on the individual's role or title within the organization

Questions 3

Which of the following is most relevant to determining the maximum effective cost of access control?

Options:
A.

the value of information that is protected

B.

management's perceptions regarding data importance

C.

budget planning related to base versus incremental spending.

D.

the cost to replace lost data

Questions 4

What mechanism automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local police/fire station and the appropriate headquarters?

Options:
A.

Central station alarm

B.

Proprietary alarm

C.

A remote station alarm

D.

An auxiliary station alarm

Questions 5

Which access control model is also called Non Discretionary Access Control (NDAC)?

Options:
A.

Lattice based access control

B.

Mandatory access control

C.

Role-based access control

D.

Label-based access control

Questions 6

Smart cards are an example of which type of control?

Options:
A.

Detective control

B.

Administrative control

C.

Technical control

D.

Physical control

Questions 7

Like the Kerberos protocol, SESAME is also subject to which of the following?

Options:
A.

timeslot replay

B.

password guessing

C.

symmetric key guessing

D.

asymmetric key guessing

Questions 8

The Orange Book is founded upon which security policy model?

Options:
A.

The Biba Model

B.

The Bell LaPadula Model

C.

Clark-Wilson Model

D.

TEMPEST

Questions 9

Which of the following is not a logical control when implementing logical access security?

Options:
A.

access profiles.

B.

userids.

C.

employee badges.

D.

passwords.

Questions 10

The number of violations that will be accepted or forgiven before a violation record is produced is called which of the following?

Options:
A.

clipping level

B.

acceptance level

C.

forgiveness level

D.

logging level

Questions 11

An access system that grants users only those rights necessary for them to perform their work is operating on which security principle?

Options:
A.

Discretionary Access

B.

Least Privilege

C.

Mandatory Access

D.

Separation of Duties

Questions 12

What security model is dependent on security labels?

Options:
A.

Discretionary access control

B.

Label-based access control

C.

Mandatory access control

D.

Non-discretionary access control

Questions 13

The three classic ways of authenticating yourself to the computer security software are by something you know, by something you have, and by something:

Options:
A.

you need.

B.

non-trivial

C.

you are.

D.

you can get.

Questions 14

Which of the following are additional access control objectives?

Options:
A.

Consistency and utility

B.

Reliability and utility

C.

Usefulness and utility

D.

Convenience and utility

Questions 15

Which of the following is NOT a technique used to perform a penetration test?

Options:
A.

traffic padding

B.

scanning and probing

C.

war dialing

D.

sniffing

Questions 16

In the CIA triad, what does the letter A stand for?

Options:
A.

Auditability

B.

Accountability

C.

Availability

D.

Authentication

Questions 17

Which of the following would be an example of the best password?

Options:
A.

golf001

B.

Elizabeth

C.

T1me4g0lF

D.

password

Questions 18

Another type of access control is lattice-based access control. In this type of control a lattice model is applied. How is this type of access control concept applied?

Options:
A.

The pair of elements is the subject and object, and the subject has an upper bound equal or higher than the upper bound of the object being accessed.

B.

The pair of elements is the subject and object, and the subject has an upper bound lower then the upper bound of the object being accessed.

C.

The pair of elements is the subject and object, and the subject has no special upper or lower bound needed within the lattice.

D.

The pair of elements is the subject and object, and the subject has no access rights in relation to an object.

Questions 19

Which of the following access control models requires security clearance for subjects?

Options:
A.

Identity-based access control

B.

Role-based access control

C.

Discretionary access control

D.

Mandatory access control

Questions 20

How are memory cards and smart cards different?

Options:
A.

Memory cards normally hold more memory than smart cards

B.

Smart cards provide a two-factor authentication whereas memory cards don't

C.

Memory cards have no processing power

D.

Only smart cards can be used for ATM cards