Systems & Application Security (15%):
- Operating & Implementing End-Point Device Security – Here, the test takers should cover the details of HIDS, Endpoint encryption, host-based firewalls, trusted platform module, secure browsing, mobile device management, and application whitelisting;
- Configuring & Operating Cloud Security – As for this subtopic, the learners should demonstrate an understanding of deployment models, virtualization, service models, legal & regulatory concerns, 3rd-party/outsourcing prerequisites, and shared responsibility model;
- Operating & Security Virtual Environments – This domain covers the details of Hypervisor, shared storage, virtual appliances, software-defined networking, resilience & continuity, and attacks & countermeasures.
- Identifying & Analyzing Malicious Code & Activity – This area includes malware, malicious activity, malicious code countermeasures, and malicious activity countermeasures;
Duration of Time
The total availability of time for the exam SSCP is 03 Hours. At this time candidates have to attempt all the given questions.
What are certificates, and why do we need SSCP certification?
If you have skills and want to perform well in any company, you must update yourself with detailed material and have a gate pass to enter. That gate pass will be your certificate. Certificates are the evidence that you learned, have, and practiced that skill.
Nowadays, every company wants to update to a persuasive, maintained and secured IT System. For this, they need a highly qualified, knowledgeable, able, and certified team to do it. SSCP certification is a qualification that is recognized across the globe. You can pass ISC SSCP exam with ease, by solving practice exams offered by ISC SSCP Dumps. Security professionals who are in possession of this qualification can be assured of having an edge over their peers and competitors and can enjoy lucrative careers. The coursework for the exam is quite extensive, and it includes both theoretical and practical coverage.
ISC2 SSCP Exam Syllabus Topics:
| Topic | Details |
|---|---|
Access Controls - 16% | |
| Implement and maintain authentication methods | - Single/multifactor authentication - Single sign-on - Device authentication - Federated access |
| Support internetwork trust architectures | - Trust relationships (e.g., 1-way, 2-way, transitive) - Extranet - Third party connections |
| Participate in the identity management lifecycle | - Authorization - Proofing - Provisioning/de-provisioning - Maintenance - Entitlement - Identity and Access Management (IAM) systems |
| Implement access controls | - Mandatory - Non-discretionary - Discretionary - Role-based - Attribute-based - Subject-based - Object-based |
Security Operations and Administration - 15% | |
| Comply with codes of ethics | - (ISC)² Code of Ethics - Organizational code of ethics |
| Understand security concepts | - Confidentiality - Integrity - Availability - Accountability - Privacy - Non-repudiation - Least privilege - Separation of duties |
| Document, implement, and maintain functional security controls | - Deterrent controls - Preventative controls - Detective controls - Corrective controls - Compensating controls |
| Participate in asset management | - Lifecycle (hardware, software, and data) - Hardware inventory - Software inventory and licensing - Data storage |
| Implement security controls and assess compliance | - Technical controls (e.g., session timeout, password aging) - Physical controls (e.g., mantrap, cameras, locks) - Administrative controls (e.g., security policies and standards, procedures, baselines) - Periodic audit and review |
| Participate in change management | - Execute change management process - Identify security impact - Testing /implementing patches, fixes, and updates (e.g., operating system, applications, SDLC) |
| Participate in security awareness and training | |
| Participate in physical security operations (e.g., data center assessment, badging) | |
Risk Identification, Monitoring, and Analysis - 15% | |
| Understand the risk management process | - Risk visibility and reporting (e.g., risk register, sharing threat intelligence, Common Vulnerability Scoring System (CVSS)) - Risk management concepts (e.g., impact assessments, threat modelling, Business Impact Analysis (BIA)) - Risk management frameworks (e.g., ISO, NIST) - Risk treatment (e.g., accept, transfer, mitigate, avoid, recast) |
| Perform security assessment activities | - Participate in security testing - Interpretation and reporting of scanning and testing results - Remediation validation - Audit finding remediation |
| Operate and maintain monitoring systems (e.g., continuous monitoring) | - Events of interest (e.g., anomalies, intrusions, unauthorized changes, compliance monitoring) - Logging - Source systems - Legal and regulatory concerns (e.g., jurisdiction, limitations, privacy) |
| Analyze monitoring results | - Security baselines and anomalies - Visualizations, metrics, and trends (e.g., dashboards, timelines) - Event data analysis - Document and communicate findings (e.g., escalation) |
Incident Response and Recovery - 13% | |
| Support incident lifecycle | - Preparation - Detection, analysis, and escalation - Containment - Eradication - Recovery - Lessons learned/implementation of new countermeasure |
| Understand and support forensic investigations | - Legal and ethical principles - Evidence handling (e.g., first responder, triage, chain of custody, preservation of scene) |
| Understand and support Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) activities | - Emergency response plans and procedures (e.g., information system contingency plan) - Interim or alternate processing strategies - Restoration planning - Backup and redundancy implementation - Testing and drills |
Cryptography - 10% | |
| Understand fundamental concepts of cryptography | - Hashing - Salting - Symmetric/asymmetric encryption/Elliptic Curve Cryptography (ECC) - Non-repudiation (e.g., digital signatures/certificates, HMAC, audit trail) - Encryption algorithms (e.g., AES, RSA) - Key strength (e.g., 256, 512, 1024, 2048 bit keys) - Cryptographic attacks, cryptanalysis, and counter measures |
| Understand reasons and requirements for cryptography | - Confidentiality - Integrity and authenticity - Data sensitivity (e.g., PII, intellectual property, PHI) - Regulatory |
| Understand and support secure protocols | - Services and protocols (e.g., IPSec, TLS, S/MIME, DKIM) - Common use cases - Limitations and vulnerabilities |
| Understand Public Key Infrastructure (PKI) systems | Fundamental key management concepts (e.g., key rotation, key composition, key creation, exchange, revocation, escrow) - Web of Trust (WOT) (e.g., PGP, GPG) |
Network and Communications Security - 16% | |
| Understand and apply fundamental concepts of networking | - OSI and TCP/IP models - Network topographies (e.g., ring, star, bus, mesh, tree) - Network relationships (e.g., peer to peer, client server) - Transmission media types (e.g., fiber, wired, wireless) - Commonly used ports and protocols |
| Understand network attacks and countermeasures (e.g., DDoS, man-in-the-middle, DNS poisoning) | |
| Manage network access controls | - Network access control and monitoring (e.g., remediation, quarantine, admission) - Network access control standards and protocols (e.g., IEEE 802.1X, Radius, TACACS) - Remote access operation and configuration (e.g., thin client, SSL VPN, IPSec VPN, telework) |
| Manage network security | - Logical and physical placement of network devices (e.g., inline, passive) - Segmentation (e.g., physical/logical, data/control plane, VLAN, ACLs) - Secure device management |
| Operate and configure network-based security devices | - Firewalls and proxies (e.g., filtering methods) - Network intrusion detection/prevention systems - Routers and switches - Traffic-shaping devices (e.g., WAN optimization, load balancing) |
| Operate and configure wireless technologies (e.g., bluetooth, NFC, WiFi) | - Transmission security - Wireless security devices (e.g.,WIPS, WIDS) |
Systems and Application Security - 15% | |
| Identify and analyze malicious code and activity | - Malware (e.g., rootkits, spyware, scareware, ransomware, trojans, virus, worms, trapdoors, backdoors, and remote access trojans) - Malicious code countermeasures (e.g., scanners, anti-malware, code signing, sandboxing) - Malicious activity (e.g., insider threat, data theft, DDoS, botnet) - Malicious activity countermeasures (e.g., user awareness, system hardening, patching, sandboxing, isolation) |
| Implement and operate endpoint device security | - HIDS - Host-based firewalls - Application white listing - Endpoint encryption - Trusted Platform Module (TPM) - Mobile Device Management (MDM) (e.g., COPE, BYOD) - Secure browsing (e.g., sandbox) |
| Operate and configure cloud security | - Deployment models (e.g., public, private, hybrid, community) - Service models (e.g., IaaS, PaaS and SaaS) - Virtualization (e.g., hypervisor) - Legal and regulatory concerns (e.g., privacy, surveillance, data ownership, jurisdiction, eDiscovery) - Data storage and transmission (e.g., archiving, recovery, resilience) - Third party/outsourcing requirements (e.g., SLA, data portability, data destruction, auditing) - Shared responsibility model |
| Operate and secure virtual environments | - Software-defined networking - Hypervisor - Virtual appliances - Continuity and resilience - Attacks and countermeasures - Shared storage |


PDF Version Demo






We are confident about the products and aim to help you pass with ease. In case of failure, we will provide a no hassle full money back guarantee for the purchasing fee.
0 Customer Reviews
Quality and ValueITbraindumps Practice Exams are written to the highest standards of technical accuracy, using only certified subject matter experts and published authors for development - no all study materials.
Tested and ApprovedWe are committed to the process of vendor and third party approvals. We believe professionals and executives alike deserve the confidence of quality coverage these authorizations provide.
Easy to PassIf you prepare for the exams using our ITbraindumps testing engine, It is easy to succeed for all certifications in the first attempt. You don't have to deal with all dumps or any free torrent / rapidshare all stuff.
Try Before BuyITbraindumps offers free demo of each product. You can check out the interface, question quality and usability of our practice exams before you decide to buy.