Question 1

A timely review of system access audit records would be an example of which of the basic security functions?

Accepted Answer

D

Explanation: Reviewing system access audit records is a classic example of a detective security control. The primary purpose of this activity is to identify security events, policy violations, or unusual activities after they have occurred. The logs provide a record of past events, and their analysis allows security personnel to detect potential or actual security incidents that were not stopped by preventative controls. This function is about discovery and investigation, not prevention or deterrence.

Question 2

The first step in the implementation of the contingency plan is to perform:

Accepted Answer

B

Explanation: The implementation of a contingency plan begins after a Business Impact Analysis (BIA) has identified the organization's most critical assets. In virtually all modern organizations, data is the most critical and irreplaceable asset. While operating systems, applications, and firmware are essential for functionality, they can typically be restored from vendor media or standard images. Organizational data, however, is unique and its loss can be catastrophic. Therefore, the foundational and primary step in implementing the technical controls of a contingency plan is to ensure that this critical data is securely and regularly backed up. This action directly addresses the highest-priority risk identified by the BIA.

Question 3

Single Sign-on (SSO) is characterized by which of the following advantages?

Accepted Answer

B

Explanation: Single Sign-on (SSO) offers two primary advantages. The most visible benefit is convenience for the end-user, who only needs to authenticate once with a single set of credentials to access multiple applications and services. The second, equally important advantage is centralized administration. SSO systems rely on a central Identity Provider (IdP) to manage user identities, credentials, and authentication policies. This centralization simplifies administrative tasks such as user provisioning, password resets, and revoking access, thereby improving security posture and reducing administrative overhead.

Question 4

A potential problem related to the physical installation of the Iris Scanner in regards to the usage of the iris pattern within a biometric system is:

Accepted Answer

D

Explanation: Iris scanners operate by capturing a detailed image of the iris using a near-infrared (NIR) camera. The performance of these optical sensors is highly susceptible to ambient lighting conditions. Direct sunlight contains a strong infrared component that can saturate the camera's sensor, causing glare, specular reflections off the cornea, and a washed-out image. This prevents the system from acquiring a high-quality image of the iris pattern, leading to failures in enrollment or verification. Therefore, a critical aspect of the physical installation is to position the device away from direct sunlight or other intense light sources to ensure its operational reliability and accuracy.

Question 5

Technical controls such as encryption and access control can be built into the operating system, be
software applications, or can be supplemental hardware/software units. Such controls, also known as
logical controls, represent which pairing?

Accepted Answer

B

Explanation: Encryption and access-control mechanisms are classified by their function (preventive—they stop unauthorized disclosure or use before it occurs) and by their nature (technical—implemented in hardware, firmware, or software and therefore called logical controls). When a security control is both technical and designed to prevent an unwanted event, it is termed a Preventive/Technical control.

Question 6

The controls that usually require a human to evaluate the input from sensors or cameras to determine if a real threat exists are associated with:

Accepted Answer

C

Explanation: The controls described, such as sensors and cameras, are tangible objects that exist in the physical world, classifying them as physical controls. Their primary function in this scenario is to monitor an environment and alert personnel to a potential threat, which is a detective function. The requirement for a human to evaluate the data from these devices to confirm a threat solidifies this classification. The system is designed to detect and report an event, not to prevent it from happening initially.

Question 7

What can best be defined as the detailed examination and testing of the security features of an IT
system or product to ensure that they work correctly and effectively and do not show any logical
vulnerabilities, such as evaluation criteria?

Accepted Answer

B

Explanation: Evaluation is the systematic and detailed technical process of examining and testing an IT system or product's security features against a formal set of criteria. The goal is to verify that the security controls are implemented correctly, operate as intended, and are effective in meeting security requirements without introducing vulnerabilities. This process provides the technical evidence needed for further assurance activities. The question's description of a "detailed examination and testing...to ensure they work correctly and effectively" precisely defines the act of security evaluation.

Question 8

What is the name of a one way transformation of a string of characters into a usually shorter fixed- length value or key that represents the original string? Such a transformation cannot be reversed?

Accepted Answer

A

Explanation: A one-way hash is a cryptographic function that meets all the criteria described. It takes an input of arbitrary length (a string of characters) and produces a fixed-length string, known as a hash value or message digest. The core properties of a cryptographic hash function are that it is deterministic (the same input always produces the same output), fast to compute, and, crucially, "one-way." This one-way property, also known as preimage resistance, makes it computationally infeasible to determine the original input string from its hash value, meaning the transformation cannot be reversed.

Question 9

Your organization is acquiring a new software application to manage customer data more effectively. As
part of the acquisition process, you need to ensure that the software meets all security requirements and
integrates seamlessly with existing systems. The focus is on verifying that the software does not
introduce vulnerabilities into the environment. Which of the following steps is most critical during the
acquisition phase to ensure the new software's security and compatibility?

Accepted Answer

B

Explanation: The most critical step to ensure a new software application's security and compatibility is to conduct a thorough security assessment. This process directly verifies that the software adheres to the organization's security policies, is free from known vulnerabilities, and integrates securely with existing systems. An assessment may include static and dynamic application security testing (SAST/DAST), penetration testing, and a review of the software's architecture. This proactive measure identifies and mitigates risks before the software is deployed, which is the primary goal stated in the scenario.

Question 10

What works as an E-mail message transfer agent?

Accepted Answer

A

Explanation: Simple Mail Transfer Protocol (SMTP) is the fundamental Internet standard protocol used for transmitting electronic mail (e-mail) across IP networks. It functions as the Message Transfer Agent (MTA) by pushing or relaying messages from a sending mail server to a receiving mail server. When a user sends a message, their mail client submits it to their server via SMTP, and that server then uses SMTP to transfer the message to the recipient's server. This server-to-server communication is the defining role of an MTA.

Question 11

Which of the following OSI layers provides routing and related services?

Accepted Answer

A

Explanation: The Network Layer, Layer 3 of the Open Systems Interconnection (OSI) model, is primarily responsible for packet forwarding between different networks. Its key functions include logical addressing (e.g., using IP addresses) and path determination, which is the process of selecting the best path for data to travel from source to destination. This core function is known as routing. Routers operate at this layer to make decisions on where to forward packets based on their destination network addresses.

Question 12

What is the 802.11 standard related to?

Accepted Answer

B

Explanation: The IEEE 802.11 standard is a set of specifications for the physical (PHY) and media access control (MAC) layers for implementing wireless local area network (WLAN) computer communication. This family of standards is the technical foundation for products using the Wi-Fi brand. It defines how wireless clients and access points communicate over the air, including frequency bands, data rates, and transmission methods, making it the fundamental standard for wireless network communications.

Question 13

Which of the following keys has the SHORTEST lifespan?

Accepted Answer

C

Explanation: A session key is a single-use, symmetric key designed for encrypting all messages during one communication session. By definition, its lifespan, or cryptoperiod, is limited to the duration of that specific session. Once the session ends, the key is destroyed. This ephemeral nature is a security feature that limits the amount of data compromised if a key is exposed (a principle known as forward secrecy). In contrast, public, private, and other long-term secret keys have significantly longer lifespans, often lasting for months or years, to facilitate ongoing operations like digital signing or data-at-rest encryption.

Question 14

What is a decrease in amplitude as a signal propagates along a transmission medium best known as?

Accepted Answer

D

Explanation: Attenuation is the technical term for the reduction in signal strength, or amplitude, as a signal travels through a transmission medium. This loss of energy occurs because the medium absorbs or scatters the signal's power as it propagates over a distance. All transmission media, whether guided (like copper wire or fiber optics) or unguided (like wireless), exhibit attenuation. To compensate for this effect, amplifiers or repeaters are often used in communication systems to boost the signal strength at periodic intervals.

Question 15

Which of the following can best define the "revocation request grace period"?

Accepted Answer

D

Explanation: The "revocation request grace period" is a formally defined term within Public Key Infrastructure (PKI) policy frameworks. It specifies the maximum allowable time that can elapse between the moment a Certificate Authority (CA) receives a valid revocation request and the moment it makes the revocation status publicly available, typically by publishing an updated Certificate Revocation List (CRL) or updating an Online Certificate Status Protocol (OCSP) responder. This period is a critical parameter defined in a CA's Certificate Policy (CP) and Certification Practice Statement (CPS), as it represents a window of risk during which a compromised certificate may still be trusted by relying parties.

Free ISC2 SSCP Actual Exam Questions