SSCP: Systems Security Certified Practitioner Dumps
Free ISC2 SSCP Exam Dumps
Here you can find all the free questions related with ISC2 Systems Security Certified Practitioner (SSCP) exam. You can also find on this page links to recently updated premium files with which you can practice for actual ISC2 Systems Security Certified Practitioner Exam. These premium versions are provided as SSCP exam practice tests, both as desktop software and browser based application, you can use whatever suits your style. Feel free to try the Systems Security Certified Practitioner Exam premium files for free, Good luck with your ISC2 Systems Security Certified Practitioner Exam.
Question No: 1
MultipleChoice
Which of the following can best define the 'revocation request grace period'?
Options
Answer DExplanation
The length of time between the Issuer's receipt of a revocation request and the time the Issuer is required to revoke the certificate should bear a reasonable relationship to the amount of risk the participants are willing to assume that someone may rely on a certificate for which a proper evocation request has been given but has not yet been acted upon.
How quickly revocation requests need to be processed (and CRLs or certificate status databases need to be updated) depends upon the specific application for which the Policy Authority is rafting the Certificate Policy.
A Policy Authority should recognize that there may be risk and lost tradeoffs with respect to grace periods for revocation notices.
If the Policy Authority determines that its PKI participants are willing to accept a grace period of a few hours in exchange for a lower implementation cost, the Certificate Policy may reflect that decision.
Question No: 2
MultipleChoice
A X.509 public key certificate with the key usage attribute 'non repudiation' can be used for which of the following?
Options
Answer CExplanation
References: RFC 2459 : Internet X.509 Public Key Infrastructure Certificate and CRL Profile; GUTMANN, P., X.509 style guide.
Question No: 3
MultipleChoice
What does 'residual risk' mean?
Options
Answer AExplanation
Residual risk is 'The security risk that remains after controls have been implemented' ISO/IEC TR 13335-1 Guidelines for the Management of IT Security (GMITS), Part 1: Concepts and Models for IT Security, 1996. 'Weakness of an assets which can be exploited by a threat' is vulnerability. 'The result of unwanted incident' is impact. Risk that remains after risk analysis has been performed is a distracter.
Risk can never be eliminated nor avoided, but it can be mitigated, transferred or accpeted. Even after applying a countermeasure like for example putiing up an Antivirus. But still it is not 100% that systems will be protected by antivirus.
Question No: 4
MultipleChoice
Which of the following is an IDS that acquires data and defines a 'normal' usage profile for the network or host?
Options
Answer AExplanation
Statistical Anomaly-Based ID - With this method, an IDS acquires data and defines a 'normal' usage profile for the network or host that is being monitored.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 49.
Question No: 5
MultipleChoice
Which of the following is not a component of a Operations Security 'triples'?
Options
Answer DExplanation
The Operations Security domain is concerned with triples - threats, vulnerabilities and assets.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 216.