SSCP

Physical security is accomplished through proper facility construction, fire and water protection, anti-theft mechanisms, intrusion detection systems, and security procedures that are adhered to and enforced. Which of the following is not a component that achieves this type of security?A .  Administrative control mechanismsB .  Integrity control mechanismsC .  Technical...

When two or more separate entities (usually persons) operating in concert to protect sensitive functions or information must combine their knowledge to gain access to an asset, this is known as?A .  Dual ControlB .  Need to knowC .  Separation of dutiesD .  Segragation of dutiesView AnswerAnswer: A Explanation: The...

In which of the following security models is the subject's clearance compared to the object's classification such that specific rules can be applied to control how the subject-to-object interactions take place?A .  Bell-LaPadula modelB .  Biba modelC .  Access Matrix modelD .  Take-Grant modelView AnswerAnswer: A Explanation: The Bell-LAPadula model...

What is the main issue with media reuse?A .  DegaussingB .  Data remanenceC .  Media destructionD . PurgingView AnswerAnswer: B Explanation: The main issue with media reuse is data remanence, where residual information still resides on a media that has been erased. Degaussing, purging and destruction are ways to handle...

At what stage of the applications development process should the security department become involved?A .  Prior to the implementationB .  Prior to systems testingC .  During unit testingD .  During requirements developmentView AnswerAnswer: D Explanation: Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

A confidential number used as an authentication factor to verify a user's identity is called a:A .  PINB .  User IDC .  PasswordD .  ChallengeView AnswerAnswer: A Explanation: PIN Stands for Personal Identification Number, as the name states it is a combination of numbers. The following answers are incorrect: User ID This...

The primary service provided by Kerberos is which of the following?A .  non-repudiationB .  confidentialityC .  authenticationD .  authorizationView AnswerAnswer: C Explanation: The Answer authentication. Kerberos is an authentication service. It can use single- factor or multi-factor authentication methods. The following answers are incorrect: non-repudiation. Since Kerberos deals primarily with symmetric...

Which of the following exemplifies proper separation of duties?A .  Operators are not permitted modify the system time.B .  Programmers are permitted to use the system console.C .  Console operators are permitted to mount tapes and disks.D .  Tape operators are permitted to use the system console.View AnswerAnswer: A Explanation:...

Which of the following would best classify as a management control?A .  Review of security controlsB .  Personnel securityC .  Physical and environmental protectionD .  DocumentationView AnswerAnswer: A Explanation: Management controls focus on the management of the IT security system and the management of risk for a system. They are techniques...

Configuration Management controls what?A .  Auditing of changes to the Trusted Computing Base.B .  Control of changes to the Trusted Computing Base.C .  Changes in the configuration access to the Trusted Computing Base.D .  Auditing and controlling any changes to the Trusted Computing Base.View AnswerAnswer: D Explanation: All of these are...