Start preparing for your Next Exam | Use coupon – TOGETHER | Avail 30% discount

Systems Security Certified Practitioner (SSCP) Sample Questions

  1. Home
  3. Systems Security Certified Practitioner (SSCP) Sample Questions
Systems Security Certified Practitioner (SSCP) Sample Questions

Systems Security Certified Practitioner Certification Exam gives confirmation of a practitioner’s capacity to execute, screen, and administer IT infrastructure as per data security policies and methods to guarantee information confidentiality, availability, and integrity.

1.) A potential issue connected with the physical installation of the Iris Scanner concerning the utilization of the iris design inside a biometric framework is:

A. worry that the laser beam might cause eye harm
B. the iris design changes as an individual becomes older.
C. there is a moderately high pace of bogus acknowledges.
D. the optical unit should be situated so the sun doesn’t shine into the aperture.

Right Answer: D

Explanation: Since the optical unit uses a camera and infrared light to make the pictures, sunlight can affect the aperture so it should not be situated in that frame of mind of any kind. Since the subject doesn’t have to have direct contact with the optical peruser, direct light can influence the peruser.
An Iris acknowledgment is a type of biometrics that depends on the uniqueness of a subject’s iris. A camera-like gadget records the examples of the iris making what is known as Iris code.
The novel examples of the iris permit it to be one of the most reliable types of biometric recognizable proof of a person. Dissimilar to different kinds of biometrics, the iris seldom changes over the long haul. Fingerprints can change after some time due to frightening and difficult work, voice examples can change because of different causes, and hand calculation can change too. Yet, excepting a medical procedure or a mishap, it isn’t regular for an iris to change. The subject has a high-resolution picture taken of their iris and this is then switched over completely to Iris code. The ongoing norm for the Iriscode was created by John Daugman. At the point when the subject endeavors to be verified an infrared light is utilized to catch the iris picture and this picture is then contrasted with the Iris code. In the event that there is a match, the subject’s personality is affirmed. The subject doesn’t have to have direct contact with the optical peruser so it is a less obtrusive method for verification than retinal filtering would be.

2.) In Mandatory Access Control, what information do the sensitivity labels attached to the object contains?

A. The item’s classification and category set
B. The item’s classification
C. The items need to know
D. The item’s category

Right Answer: A

A Sensitivity mark should contain no less than one grouping and one classification set.
Class set and Compartment set are equivalent words, they mean exactly the same thing. The awareness mark should contain something like one Classification and somewhere around one Class. It is normal in a condition for a solitary thing to have a place with various classifications. The rundown of the multitude of classifications to which a thing has a place is known as a compartment set or class set.

3.) What are the parts of an object’s sensitivity label?

A. A Classification Set and a single Compartment.
B. A single grouping and a single compartment.
C. A single classification and a Compartment Set.
D. A Classification Set and user credentials.

Right Answer: C

Explanation: Both are the parts of a responsiveness name.

4.) What’s the significance here to say that sensitivity labels are “incomparable”?

A. The no.of classification in the two marks is unique.
B. Neither one of the marks contains every one of the classifications of the other.
C. the no.of classifications in the two labels are different.
D. Neither one of the names contains every one of the categories of the other.

Right Answer: D

5.) Which of coming up next is valid about Kerberos?

A. It uses public key cryptography.
B. encrypting data after a ticket is conceded, however, passwords are traded in plain text.
C. It relies on symmetric ciphers.
D. It is a second-party authentication framework.

Right Answer: C

Explanation: Kerberos relies upon secret keys (symmetric codes). Kerberos is an outsider confirmation convention. It was planned and created during the 1980s by MIT.
It is viewed as an open source however is protected and possessed by MIT. It depends on the client’s mystery keys. The secret key is utilized to encode and decode the keys.

6.) Which of coming up next is required for System Accountability?

A. Authorization.
B. Formal verification of system design.
C. Audit mechanisms.
D. Documented design as laid out in the Common Criteria

Right Answer: C

Explanation: This is a method for having the option to follow user activities. Using audit logs and different instruments the client activities are recorded and can be utilized sometime in the not too distant future to check what activities were performed.
Accountability is the capacity to identify clients and to have the option to track user activities.

7.) What is Kerberos?

A. A three-headed dog from Egyptian mythology.
B. A remote authentication dial-in user server.
C. A security model.
D. A trusted third-party authentication protocol.

Right Answer: D

8.) The three exemplary approaches to validating yourself to the PC security programming are by something you know, by something you have, and by something:

A. you need.
B. non-trivial
C. you are.
D. you can get.

Right Answer: C

Explanation: This is all the more normally known as biometrics and is one of the most dependable ways of validating a person.

9.) A convenient survey of framework access audit records could be an illustration of which of the essential security capabilities?

A. deterrence.
B. avoidance.
C. detection.
D. prevention.

Right Answer: C

Explanation: By reviewing system logs you can distinguish occasions that have.

10.) A classified number utilized as a confirmation variable to check a client’s character is known as a:

A. PIN
B. Client ID
C. Password
D. Challenge

Right Answer: A

Explanation: PIN Stands for Personal Identification Number, as the name states it is a blend of numbers.

11.) Which among the following embodies proper separation of duties?

A. Operators are not allowed to adjust the framework time.
B. Programmers are allowed to utilize the framework console.
C. Console administrators are allowed to mount tapes and circles.
D. Tape operators are allowed to utilize the framework console.

Right Answer: A

Explanation: This is an illustration of the Separation of Duties since administrators are kept from changing the framework time which could prompt misrepresentation. Assignments of this nature ought to be performed by the framework overseers.
AIO characterizes Separation of Duties as a security rule that separates a basic errand among at least two people to guarantee that one individual can’t get done with a hazardous responsibility without anyone else.

12.) Which of coming up next is certainly not an intelligent control while carrying out logical access security?

A. access profiles.
B. user ids.
C. employee badges.
D. passwords.

Right Answer: C

Explanation: Representative identifications are viewed as Physical so wouldn’t be a legitimate control.

13.) Which one of the accompanying verification instruments makes an issue for portable clients?

A. Instruments in light of IP addresses
B. System with reusable passwords
C. once secret key system.
D. challenge-reaction component.

Right Answer: A

14.) Associations ought to consider which of the accompanying first prior to permitting outer admittance to their LANs by means of the Internet.

A. plan for carrying out workstation locking instruments.
B. plan for safeguarding the modem pool.
C. plan for giving the client his record user data.
D. plans for thinking about appropriate confirmation choices.

Right Answer: D

Explanation: Before a LAN is associated with the Internet, you really want to figure out what the entrance controls components are to be utilized, this would incorporate how you will confirm people that might get to your organization remotely through access control.

15.) Which of the accompanying could help the most in Host Based interruption location?

A. audit trails.
B. access control records.
C. host-based authentication.
D. security clearances.

Right Answer: A

Explanation: To aid Intrusion Detection you would survey review logs for access infringement.

16.) Controls to keep secret key sniffing assaults from compromising PC frameworks incorporate which of the accompanying?

A. static and repeating passwords.
B. encryption and repeating passwords.
C. once passwords and encryption.
D. static and once passwords.

Right Answer: C

Explanation: To limit the opportunity of passwords being caught one-time passwords would forestall a secret word sniffing assault in light of the fact that once utilized it is as of now not legitimate.
Encryption will likewise limit these sorts of assaults.

17.) Kerberos can forestall which one of the accompanying assaults?

A. burrowing assault.
B. playback (replay) assault.
C. disastrous assault.
D. process assault.

Right Answer: B

Explanation: Each ticket in Kerberos has a timestamp and is likely to time lapse to assist with forestalling these kinds of assaults.

18.) In optional access conditions, which of the accompanying substances is approved to concede data admittance to others?

A. Group Leader
B. Manager
C. Security Manager
D. Data Owner

Right Answer: D

Explanation: In Discretionary Access Control (DAC) conditions, the client who makes a record is likewise viewed as the proprietor and has full command over the document including the capacity to set consents for that document.

19.) What is the fundamental worry with single sign-on?

A. Greatest unapproved access would be conceivable on the off chance that a secret phrase is revealed.
B. The security chairman’s responsibility would increment.
C. The clients’ passwords would be too difficult to even think about recalling.
D. Client access freedoms would be expanded.

Right Answer: A

Explanation: A central issue with Single Sign-On (SSO) is that in the event that a client’s ID and secret word are compromised, the gatecrasher would approach every one of the frameworks that the client was approved for.

20.) Who created perhaps the earliest numerical model of a staggered security PC framework?

A. Diffie and Hellman.
B. Clark and Wilson.
C. Bell and LaPadula.
D. Gasser and Lipner.

Right Answer: C

Explanation: In 1973 Bell and LaPadula made the main numerical model of a staggered security framework.

Systems Security Certified Practitioner (SSCP) practice tests
Menu