CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISC
  5. SSCP

Free SSCP Exam Braindumps (page: 4)

Page 3 of 269
PDF with 1074 Questions

A timely review of system access audit records would be an example of which of the basic security functions?

  1. avoidance.
  2. deterrence.
  3. prevention.
  4. detection.

Answer(s): D

Explanation:

By reviewing system logs you can detect events that have occured.
The following answers are incorrect:
avoidance. This is incorrect, avoidance is a distractor. By reviewing system logs you have not avoided anything.
deterrence. This is incorrect because system logs are a history of past events. You cannot deter something that has already occurred.
prevention. This is incorrect because system logs are a history of past events. You cannot prevent something that has already occurred.



A confidential number used as an authentication factor to verify a user's identity is called a:

  1. PIN
  2. User ID
  3. Password
  4. Challenge

Answer(s): A

Explanation:

PIN Stands for Personal Identification Number, as the name states it is a combination of numbers.
The following answers are incorrect:
User ID This is incorrect because a Userid is not required to be a number and a Userid is only used to establish identity not verify it.
Password. This is incorrect because a password is not required to be a number, it could be any combination of characters.
Challenge. This is incorrect because a challenge is not defined as a number, it could be anything.



Which of the following exemplifies proper separation of duties?

  1. Operators are not permitted modify the system time.
  2. Programmers are permitted to use the system console.
  3. Console operators are permitted to mount tapes and disks.
  4. Tape operators are permitted to use the system console.

Answer(s): A

Explanation:

This is an example of Separation of Duties because operators are prevented from
modifying the system time which could lead to fraud. Tasks of this nature should be performed by they system administrators.
AIO defines Separation of Duties as a security principle that splits up a critical task among two or more individuals to ensure that one person cannot complete a risky task by himself.
The following answers are incorrect:
Programmers are permitted to use the system console. Is incorrect because programmers should not be permitted to use the system console, this task should be performed by operators. Allowing programmers access to the system console could allow fraud to occur so this is not an example of Separation of Duties..
Console operators are permitted to mount tapes and disks. Is incorrect because operators should be able to mount tapes and disks so this is not an example of Separation of Duties.
Tape operators are permitted to use the system console. Is incorrect because operators should be able to use the system console so this is not an example of Separation of Duties.


Reference:

OIG CBK Access Control (page 98 - 101)
AIOv3 Access Control (page 182)



Which of the following is not a logical control when implementing logical access security?

  1. access profiles.
  2. userids.
  3. employee badges.
  4. passwords.

Answer(s): C

Explanation:

Employee badges are considered Physical so would not be a logical control.
The following answers are incorrect:
userids. Is incorrect because userids are a type of logical control. access profiles. Is incorrect because access profiles are a type of logical control. passwords. Is incorrect because passwords are a type of logical control.






Post your Comments and Discuss ISC SSCP exam with other Community members:

SSCP Discussions & Posts