ISC2 SSCP - ISC2 Systems Security Certified Practitioner Certification Exam
Question #1 (Topic: Demo Questions)
In Mandatory Access Control, sensitivity labels attached to object contain what information?
Correct Answer: B
Explanation:
A Sensitivity label must contain at least one classification and one category set.
Category set and Compartment set are synonyms, they mean the same thing. The sensitivity label
must contain at least one Classification and at least one Category. It is common in some
environments for a single item to belong to multiple categories. The list of all the categories to which
an itembelongs is called a compartment set or category set.
The following answers are incorrect:
the item's classification. Is incorrect because you need a category set as well.
the item's category. Is incorrect because category set and classification would be both be required.
The item's need to know. Is incorrect because there is no such thing. The need to know is indicated
by the catergories the object belongs to.
Question #2 (Topic: Demo Questions)
Which of the following is needed for System Accountability?
Correct Answer: A
Explanation:
Is a means of being able to track user actions. Through the use of audit logs and other tools the user actions are recorded and can be used at a later date to verify what actions were performed. Accountability is the ability to identify users and to be able to track user actions. The following answers are incorrect: Documented design as laid out in the Common Criteria. Is incorrect because the Common Criteria is an international standard to evaluate trust and would not be a factor in System Accountability. Authorization. Is incorrect because Authorization is granting access to subjects, just because you have authorization does not hold the subject accountable for their actions. Formal verification of system design. Is incorrect because all you have done is to verify the system design and have not taken any steps toward system accountability.
Question #3 (Topic: Demo Questions)
What is Kerberos?
Correct Answer: B
Explanation:
B Is correct because that is exactly what Kerberos is. The following answers are incorrect: A three-headed dog from Egyptian mythology. Is incorrect because we are dealing with Information Security and not the Egyptian mythology but the Greek Mythology. A security model. Is incorrect because Kerberos is an authentication protocol and not just a security model. A remote authentication dial in user server. Is incorrect because Kerberos is not a remote authentication dial in user server that would be called RADIUS.
Question #4 (Topic: Demo Questions)
The type of discretionary access control (DAC) that is based on an individual ' s identity is also called:
Correct Answer: A
Explanation:
An identity-based access control is a type of Discretionary Access Control (DAC) that is based on an individual ' s identity.
DAC is good for low level security environment. The owner of the file decides who has access to the file.
If a user creates a file, he is the owner of that file. An identifier for this user is placed in the file header and/or in an access control matrix within the operating system.
Ownership might also be granted to a specific individual. For example, a manager for a certain department might be made the owner of the files and resources within her department. A system that uses discretionary access control (DAC) enables the owner of the resource to specify which subjects can access specific resources.
This model is called discretionary because the control of access is based on the discretion of the owner. Many times department managers, or business unit managers , are the owners of the data within their specific department. Being the owner, they can specify who should have access and who should not.
Question #5 (Topic: Demo Questions)
Like the Kerberos protocol, SESAME is also subject to which of the following?
Correct Answer: B
Explanation: