{"id":83,"date":"2021-01-17T05:27:06","date_gmt":"2021-01-16T17:53:29","guid":{"rendered":"https:\/\/exampracticetests.com\/ISC\/SSCP\/systems-security-certified-practitioner-sscp-question0075\/"},"modified":"2021-01-17T05:43:46","modified_gmt":"2021-01-17T05:43:46","slug":"systems-security-certified-practitioner-sscp-question0075","status":"publish","type":"post","link":"https:\/\/exampracticetests.com\/ISC\/SSCP\/systems-security-certified-practitioner-sscp-question0075\/","title":{"rendered":"Systems Security Certified Practitioner &#8211; SSCP &#8211; Question0075"},"content":{"rendered":"<div class=\"question\">What is called the act of a user professing an identity to a system, usually in the form of a log-on ID? <br \/><strong><br \/>A.<\/strong> Authentication <br \/><strong>B.<\/strong> Identification <br \/><strong>C.<\/strong> Authorization <br \/><strong>D.<\/strong> Confidentiality<\/div>\n<p><\/p>\n<style> .hidden-div{ display:none } <\/style>\n<p>\t\t\t\t\t\t\t<button onclick=\"getElementById('hidden-div').style.display = 'block'\"> Show Answer <\/button> <button onclick=\"getElementById('hidden-div').style.display = 'none'\">Hide Answer<\/button><\/p>\n<div class=\"hidden-div\" id=\"hidden-div\"><span style=\"\"><\/p>\n<div class=\"answer\">Correct Answer: <strong>B<\/strong><\/div>\n<p><strong>Explanation:<\/strong> <\/p>\n<div class=\"explanation\">\nIdentification is the act of a user professing an identity to a system, usually in the form of a log-on ID to the system.<br \/>\nIdentification is nothing more than claiming you are somebody. You identify yourself when you speak to someone on the phone that you don\u2019t know, and they ask you who they\u2019re speaking to. When you say, \u201cI\u2019m Jason.\u201d, you\u2019ve just identified yourself.<br \/>\nIn the information security world, this is analogous to entering a username. It\u2019s not analogous to entering a password. Entering a password is a method for verifying that you are who you identified yourself as.<br \/>\nNOTE: The word &#8220;professing&#8221; used above means: &#8220;to say that you are, do, or feel something when other people doubt what you say&#8221;. This is exactly what happen when you provide your identifier (identification), you claim to be someone but the system cannot take your word for it, you must further Authenticate to the system to prove who you claim to be.<br \/>\nThe following are incorrect answers:<br \/>\nAuthentication: is how one proves that they are who they say they are. When you claim to be Jane Smith by logging into a computer system as \u201cjsmith\u201d, it\u2019s most likely going to ask you for a password. You\u2019ve claimed to be that person by entering the name into the username field (that\u2019s the identification part), but now you have to prove that you are really that person.<br \/>\nMany systems use a password for this, which is based on \u201csomething you know\u201d, i.e. a secret between you and the system. Another form of authentication is presenting something you have, such as a driver\u2019s license, an RSA token, or a smart card.<br \/>\nYou can also authenticate via something you are. This is the foundation for biometrics. When you do this, you first identify yourself and then submit a thumb print, a retina scan, or another form of bio-based authentication.<br \/>\nOnce you\u2019ve successfully authenticated, you have now done two things: you\u2019ve claimed to be someone, and you\u2019ve proven that you are that person. The only thing that\u2019s left is for the system to determine what you\u2019re allowed to do.<br \/>\nAuthorization: is what takes place after a person has been both identified and authenticated; it\u2019s the step determines what a person can then do on the system.<br \/>\nAn example in people terms would be someone knocking on your door at night. You say, \u201cWho is it?\u201d, and wait for a response. They say, \u201cIt\u2019s John.\u201d in order to identify themselves. You ask them to back up into the light so you can see them through the peephole. They do so, and you authenticate them based on what they look like (biometric). At that point you decide they can come inside the house.<br \/>\nIf they had said they were someone you didn\u2019t want in your house (identification), and you then verified that it was that person (authentication), the authorization phase would not include access to the inside of the house.<br \/>\nConfidentiality: Is one part of the CIA triad. It prevents sensitive information from reaching the wrong people, while making sure that the right people can in fact get it. A good example is a credit card number while shopping online, the merchant needs it to clear the transaction but you do not want your informaiton exposed over the network, you would use a secure link such as SSL, TLS, or some tunneling tool to protect the information from prying eyes between point A and point B. Data encryption is a common method of ensuring confidentiality.<br \/>\nThe other parts of the CIA triad are listed below: Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle. Data must not be changed in transit, and steps must be taken to ensure that data cannot be altered by unauthorized people (for example, in a breach of confidentiality). In addition, some means must be in place to detect any changes in data that might occur as a result of non-human-caused events such as an electromagnetic pulse (EMP) or server crash. If an unexpected change occurs, a backup copy must be available to restore the affected data to its correct state.<br \/>\nAvailability is best ensured by rigorously maintaining all hardware, performing hardware repairs immediately when needed, providing a certain measure of redundancy and failover, providing adequate communications bandwidth and preventing the occurrence of bottlenecks, implementing emergency backup power systems, keeping current with all necessary system upgrades, and guarding against malicious actions such as denial-of-service (DoS) attacks.<br \/>\nReference used for this question:<br \/>\n<a href=\"http:\/\/whatis.techtarget.com\/definition\/Confidentiality-integrity-and-availability-CIA\" title=\"External link\" rel=\"nofollow noopener\" target=\"_blank\">http:\/\/whatis.techtarget.com\/definition\/Confidentiality-integrity-a&#8230;<\/a> <a href=\"http:\/\/www.danielmiessler.com\/blog\/security-identification-authentication-and-authorization\" title=\"External link\" rel=\"nofollow noopener\" target=\"_blank\">http:\/\/www.danielmiessler.com\/blog\/security-identification-authenti&#8230;<\/a> <a href=\"http:\/\/www.merriam-webster.com\/dictionary\/profess\" title=\"External link\" rel=\"nofollow noopener\" target=\"_blank\">http:\/\/www.merriam-webster.com\/dictionary\/profess<\/a><br \/>\nKRUTZ, Ronald L. &#038; VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley &#038; Sons, Page 36.<\/div>\n<p><\/strong><\/span> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>What is called the act of a user professing an identity to a system, usually in the form of a log-on ID? A. Authentication B. Identification C. Authorization D. Confidentiality Show Answer Hide Answer Correct Answer: B Explanation: Identification is the act of a user professing an identity to a system, usually in the form [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[1078,78,3],"class_list":["post-83","post","type-post","status-publish","format-standard","hentry","category-systems-security-certified-practitioner-sscp","tag-choices","tag-question-0075","tag-systems-security-certified-practitioner-sscp"],"_links":{"self":[{"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/posts\/83","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/comments?post=83"}],"version-history":[{"count":1,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/posts\/83\/revisions"}],"predecessor-version":[{"id":1159,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/posts\/83\/revisions\/1159"}],"wp:attachment":[{"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/media?parent=83"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/categories?post=83"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/tags?post=83"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}