Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISC
  5. SSCP

ISC SSCP Exam Questions
SSCP System Security Certified Practitioner (SSCP) (Page 15 )

Updated On: 27-Feb-2026
Page 15 of 216
PDF with 1074 Questions

Technical controls such as encryption and access control can be built into the operating system, be software applications, or can be supplemental hardware/software units. Such controls, also known as logical controls, represent which pairing?

  1. Preventive/Administrative Pairing
  2. Preventive/Technical Pairing
  3. Preventive/Physical Pairing
  4. Detective/Technical Pairing

Answer(s): B

Explanation:

Preventive/Technical controls are also known as logical controls and can be built into the operating system, be software applications, or can be supplemental hardware/software units.


Reference:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34.



What is called the use of technologies such as fingerprint, retina, and iris scans to authenticate the individuals requesting access to resources?

  1. Micrometrics
  2. Macrometrics
  3. Biometrics
  4. MicroBiometrics

Answer(s): C


Reference:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 35.



What are called user interfaces that limit the functions that can be selected by a user?

  1. Constrained user interfaces
  2. Limited user interfaces
  3. Mini user interfaces
  4. Unlimited user interfaces

Answer(s): A

Explanation:

Constrained user interfaces limit the functions that can be selected by a user.
Another method for controlling access is by restricting users to specific functions based on their role in the system. This is typically implemented by limiting available menus, data views, encryption, or by physically constraining the user interfaces.
This is common on devices such as an automated teller machine (ATM). The advantage of a constrained user interface is that it limits potential avenues of attack and system failure by restricting the processing options that are available to the user.
On an ATM machine, if a user does not have a checking account with the bank he or she will not be shown the "Withdraw money from checking" option. Likewise, an information system might have an "Add/Remove Users" menu option for administrators, but if a normal, non-administrative user logs in he or she will not even see that menu option. By not even identifying potential options for non-qualifying users, the system limits the potentially harmful execution of unauthorized system or application commands.
Many database management systems have the concept of "views." A database view is an extract of the data stored in the database that is filtered based on predefined user or system criteria. This permits multiple users to access the same database while only having the ability to access data they need (or are allowed to have) and not data for another user. The use of database views is another example of a constrained user interface.
The following were incorrect answers:
All of the other choices presented were bogus answers.
The following reference(s) were used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 1989-2002). Auerbach Publications. Kindle Edition.



What would be the name of a Logical or Virtual Table dynamically generated to restrict the information a user can access in a database?

  1. Database Management system
  2. Database views
  3. Database security
  4. Database shadowing

Answer(s): B

Explanation:

Database views; Database views are mechanisms that restrict access to the information that a user can access in a database.


Reference:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 35.
Wikipedia has a detailed explantion as well:
In database theory, a view is a virtual or logical table composed of the result set of a query. Unlike ordinary tables (base tables) in a relational database, a view is not part of the physical schema: it is a dynamic, virtual table computed or collated from data in the database. Changing the data in a table alters the data shown in the view.
Views can provide advantages over tables;
They can subset the data contained in a table
They can join and simplify multiple tables into a single virtual table Views can act as aggregated tables, where aggregated data (sum, average etc.) are calculated and presented as part of the data
Views can hide the complexity of data, for example a view could appear as Sales2000 or Sales2001, transparently partitioning the actual underlying table Views do not incur any extra storage overhead
Depending on the SQL engine used, views can provide extra security.
Limit the exposure to which a table or tables are exposed to outer world
Just like functions (in programming) provide abstraction, views can be used to create abstraction. Also, just like functions, views can be nested, thus one view can aggregate data from other views. Without the use of views it would be much harder to normalise databases above second normal form. Views can make it easier to create lossless join decomposition.



The control measures that are intended to reveal the violations of security policy using software and hardware are associated with:

  1. Preventive/physical
  2. Detective/technical
  3. Detective/physical
  4. Detective/administrative

Answer(s): B

Explanation:

The detective/technical control measures are intended to reveal the violations of security policy using technical means.


Reference:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 35.






Post your Comments and Discuss ISC SSCP exam dumps with other Community members:

Join the SSCP Discussion