ISC2 SSCP NETWORK AND
COMMUNICATIONS SECURITY EXAM
QUESTIONS AND ANSWERS
Access Control Object -CORRECTANSWER A passive entity that typically receives or
contains some form of data.
Access Control Subject -CORRECTANSWER An active entity and can be any user,
program, or process that requests permission to cause data to flow from an access
control object to the access control subject or between access control objects.
Asynchronous Password Token -CORRECTANSWER A one-time password is
generated without the use of a clock, either from a one-time pad or cryptographic
algorithm.
Authorization -CORRECTANSWER Determines whether a user is permitted to access a
particular resource.
Connected Tokens -CORRECTANSWER Must be physically connected to the computer
to which the user is authenticating.
Contactless Tokens -CORRECTANSWER Form a logical connection to the client
computer but do not require a physical connection.
,Disconnected Tokens -CORRECTANSWER Have neither a physical nor logical
connection to the client computer.
Entitlement -CORRECTANSWER A set of rules, defined by the resource owner, for
managing access to a resource (asset, service, or entity) and for what purpose.
Identity Management -CORRECTANSWER The task of controlling information about
users on computers.
Proof of Identity -CORRECTANSWER Verify people's identities before the enterprise
issues them accounts and credentials.
Kerberos -CORRECTANSWER A popular network authentication protocol for indirect
(third-party) authentication services.
Lightweight Directory Access Protocol (LDAP) -CORRECTANSWER A client/server-
based directory query protocol loosely based on X.500, commonly used to manage user
information. LDAP is a front end and not used to manage or synchronize data per se as
opposed to DNS.
,Single Sign-On (SSO) -CORRECTANSWER Designed to provide strong authentication
using secret-key cryptography, allowing a single identity to be shared across multiple
applications.
Static Password Token -CORRECTANSWER The device contains a password that is
physically hidden (not visible to the possessor) but that is transmitted for each
authentication.
Synchronous Dynamic Password Token -CORRECTANSWER A timer is used to rotate
through various combinations produced by a cryptographic algorithm.
Trust Path -CORRECTANSWER A series of trust relationships that authentication
requests must follow between domains
6to4 -CORRECTANSWER Transition mechanism for migrating from IPv4 to IPv6. It
allows systems to use IPv6 to communicate if their traffic has to transverse an IPv4
network.
Absolute addresses -CORRECTANSWER Hardware addresses used by the CPU.
Abstraction -CORRECTANSWER The capability to suppress unnecessary details so
the important, inherent properties can be examined and reviewed.
, Accepted ways for handling risk -CORRECTANSWER Accept, transfer, mitigate, avoid.
Access -CORRECTANSWER The flow of information between a subject and an object.
Access control matrix -CORRECTANSWER A table of subjects and objects indicating
what actions individual subjects can take upon individual objects.
Access control model -CORRECTANSWER An access control model is a framework
that dictates how subjects access objects.
Access controls -CORRECTANSWER Are security features that control how users and
systems communicate and interact with other systems and resources.
Accreditation -CORRECTANSWER Formal acceptance of the adequacy of a system's
overall security by management.
Active attack -CORRECTANSWER Attack where the attacker does interact with
processing or communication activities.
ActiveX -CORRECTANSWER A Microsoft technology composed of a set of OOP
technologies and tools based on COM and DCOM. It is a framework for defining
reusable software components in a programming language-independent manner
COMMUNICATIONS SECURITY EXAM
QUESTIONS AND ANSWERS
Access Control Object -CORRECTANSWER A passive entity that typically receives or
contains some form of data.
Access Control Subject -CORRECTANSWER An active entity and can be any user,
program, or process that requests permission to cause data to flow from an access
control object to the access control subject or between access control objects.
Asynchronous Password Token -CORRECTANSWER A one-time password is
generated without the use of a clock, either from a one-time pad or cryptographic
algorithm.
Authorization -CORRECTANSWER Determines whether a user is permitted to access a
particular resource.
Connected Tokens -CORRECTANSWER Must be physically connected to the computer
to which the user is authenticating.
Contactless Tokens -CORRECTANSWER Form a logical connection to the client
computer but do not require a physical connection.
,Disconnected Tokens -CORRECTANSWER Have neither a physical nor logical
connection to the client computer.
Entitlement -CORRECTANSWER A set of rules, defined by the resource owner, for
managing access to a resource (asset, service, or entity) and for what purpose.
Identity Management -CORRECTANSWER The task of controlling information about
users on computers.
Proof of Identity -CORRECTANSWER Verify people's identities before the enterprise
issues them accounts and credentials.
Kerberos -CORRECTANSWER A popular network authentication protocol for indirect
(third-party) authentication services.
Lightweight Directory Access Protocol (LDAP) -CORRECTANSWER A client/server-
based directory query protocol loosely based on X.500, commonly used to manage user
information. LDAP is a front end and not used to manage or synchronize data per se as
opposed to DNS.
,Single Sign-On (SSO) -CORRECTANSWER Designed to provide strong authentication
using secret-key cryptography, allowing a single identity to be shared across multiple
applications.
Static Password Token -CORRECTANSWER The device contains a password that is
physically hidden (not visible to the possessor) but that is transmitted for each
authentication.
Synchronous Dynamic Password Token -CORRECTANSWER A timer is used to rotate
through various combinations produced by a cryptographic algorithm.
Trust Path -CORRECTANSWER A series of trust relationships that authentication
requests must follow between domains
6to4 -CORRECTANSWER Transition mechanism for migrating from IPv4 to IPv6. It
allows systems to use IPv6 to communicate if their traffic has to transverse an IPv4
network.
Absolute addresses -CORRECTANSWER Hardware addresses used by the CPU.
Abstraction -CORRECTANSWER The capability to suppress unnecessary details so
the important, inherent properties can be examined and reviewed.
, Accepted ways for handling risk -CORRECTANSWER Accept, transfer, mitigate, avoid.
Access -CORRECTANSWER The flow of information between a subject and an object.
Access control matrix -CORRECTANSWER A table of subjects and objects indicating
what actions individual subjects can take upon individual objects.
Access control model -CORRECTANSWER An access control model is a framework
that dictates how subjects access objects.
Access controls -CORRECTANSWER Are security features that control how users and
systems communicate and interact with other systems and resources.
Accreditation -CORRECTANSWER Formal acceptance of the adequacy of a system's
overall security by management.
Active attack -CORRECTANSWER Attack where the attacker does interact with
processing or communication activities.
ActiveX -CORRECTANSWER A Microsoft technology composed of a set of OOP
technologies and tools based on COM and DCOM. It is a framework for defining
reusable software components in a programming language-independent manner
