Mike Chapple - (ISC)2 SSCP Systems Security Certified Practitioner Official Practice Tests

19 Lauren’s team of system administrators each deal with hundreds of systems with varying levels of security requirements and find it difficult to handle the multitude of usernames and passwords they each have. What type of solution should she recommend to ensure that passwords are properly handled and that features such as logging and password rotation occur?A credential management systemA strong password policySeparation of dutiesSingle sign-on

20 What type of trust relationship extends beyond the two domains participating in the trust to one or more of their subdomains?Transitive trustInheritable trustNontransitive trustNoninheritable trust

21 Adam is accessing a standalone file server using a username and password provided to him by the server administrator. Which one of the following entities is guaranteed to have information necessary to complete the authorization process?AdamFile serverServer administratorAdam’s supervisor

22 After 10 years working in her organization, Cassandra is moving into her fourth role, this time as a manager in the accounting department. What issue is likely to show up during an account review if her organization does not have strong account maintenance practices?An issue with least privilegePrivilege creepAccount creepAccount termination

23 Adam recently configured permissions on an NTFS filesystem to describe the access that different users may have to a file by listing each user individually. What did Adam create?An access control listAn access control entryRole-based access controlMandatory access control

24 Questions like “What is your pet’s name?” are examples of what type of identity proofing?Knowledge-based authenticationDynamic knowledge-based authenticationOut-of-band identity proofingA Type 3 authentication factor

25 What access management concept defines what rights or privileges a user has?IdentificationAccountabilityAuthorizationAuthentication

26 Susan has been asked to recommend whether her organization should use a MAC scheme or a DAC scheme. If flexibility and scalability are important requirements for implementing access controls, which scheme should she recommend and why?MAC, because it provides greater scalability and flexibility because you can simply add more labels as neededDAC, because allowing individual administrators to make choices about the objects they control provides scalability and flexibilityMAC, because compartmentalization is well suited to flexibility and adding compartments will allow it to scale wellDAC, because a central decision process allows quick responses and will provide scalability by reducing the number of decisions required and flexibility by moving those decisions to a central authority

27 Which of the following tools is not typically used to verify that a provisioning process was followed in a way that ensures that the organization’s security policy is being followed?Log reviewManual review of permissionsSignature-based detectionReview the audit trail

28 Joe is the security administrator for an ERP system. He is preparing to create accounts for several new employees. What default access should he give to all of the new employees as he creates the accounts?Read onlyEditorAdministratorNo access

29 A new customer at a bank that uses fingerprint scanners to authenticate its users is surprised when he scans his fingerprint and is logged in to another customer’s account. What type of biometric factor error occurred?A registration errorA Type 1 errorA Type 2 errorA time-of-use, method-of-use error

30 Laura is in the process of logging into a system and she just entered her password. What term best describes this activity?AuthenticationAuthorizationAccountingIdentification

31 Kelly is adjusting her organization’s password requirements to make them consistent with best practice guidance from NIST. What should she choose as the most appropriate time period for password expiration?30 days90 days180 daysNo expiration

32 Ben is working on integrating a federated identity management system and needs to exchange authentication and authorization information for browser-based single sign-on. What technology is his best option?HTMLXACMLSAMLSPML

33 What access control scheme labels subjects and objects and allows subjects to access objects when the labels match?DACMACRule-based access control (RBAC)Role-based access control (RBAC)

34 Mandatory access control is based on what type of model?DiscretionaryGroup-basedLattice-basedRule-based

35 Ricky would like to access a remote file server through a VPN connection. He begins this process by connecting to the VPN and attempting to log in. Applying the subject/object model to this request, what is the subject of Ricky’s login attempt?RickyVPNRemote file serverFiles contained on the remote server

36 What type of access control is typically used by firewalls?Discretionary access controlsRule-based access controlsTask-based access controlMandatory access controls

37 Gabe is concerned about the security of passwords used as a cornerstone of his organization’s information security program. Which one of the following controls would provide the greatest improvement in Gabe’s ability to authenticate users?More complex passwordsUser education against social engineeringMultifactor authenticationAddition of security questions based on personal knowledge

38 During a review of support incidents, Ben’s organization discovered that password changes accounted for more than a quarter of its help desk’s cases. Which of the following options would be most likely to decrease that number significantly?Two-factor authenticationBiometric authenticationSelf-service password resetPassphrases

39 Jim wants to allow cloud-based applications to act on his behalf to access information from other sites. Which of the following tools can allow that?KerberosOAuthOpenIDLDAP

40 Which one of the following activities is an example of an authorization process?User providing a passwordUser passing a facial recognition checkSystem logging user activitySystem consulting an access control list

41 Raul is creating a trust relationship between his company and a vendor. He is implementing the system so that it will allow users from the vendor’s organization to access his accounts payable system using the accounts created for them by the vendor. What type of authentication is Raul implementing?Federated authenticationTransitive trustMultifactor authenticationSingle sign-on

42 In Luke’s company, users change job positions on a regular basis. Luke would like the company’s access control system to make it easy for administrators to adjust permissions when these changes occur. Which model of access control is best suited for Luke’s needs?Mandatory access controlDiscretionary access controlRule-based access controlRole-based access control

43 When you input a user ID and password, you are performing what important identity and access management activity?AuthorizationValidationAuthenticationLogin

44 Which of the following is a ticket-based authentication protocol designed to provide secure communication?RADIUSOAuthSAMLKerberos

45 Which of the following authenticators is appropriate to use by itself rather than in combination with other biometric factors?Voice pattern recognitionHand geometryPalm scansHeart/pulse patterns

46 What type of token-based authentication system uses a challenge/response process in which the challenge must be entered on the token?AsynchronousSmart cardSynchronousRFID

47 As part of hiring a new employee, Kathleen’s identity management team creates a new user object and ensures that the user object is available in the directories and systems where it is needed. What is this process called?RegistrationProvisioningPopulationAuthenticator loading

48 What access control system lets owners decide who has access to the objects they own?Role-based access controlTask-based access controlDiscretionary access controlRule-based access control