SSCP

An area of the Telecommunications and Network Security domain that directly affects the Information Systems Security tenet of Availability can be defined as:A .  Netware availabilityB .  Network availabilityC .  Network acceptabilityD .  Network accountabilityView AnswerAnswer: B Explanation: Network availability can be defined as an area of the Telecommunications and...

How would nonrepudiation be best classified as?A .  A preventive controlB .  A logical controlC .  A corrective controlD .  A compensating controlView AnswerAnswer: A Explanation: Systems accountability depends on the ability to ensure that senders cannot deny sending information and that receivers cannot deny receiving it. Because the mechanisms...

Single Sign-on (SSO) is characterized by which of the following advantages?A .  ConvenienceB .  Convenience and centralized administrationC .  Convenience and centralized data administrationD .  Convenience and centralized network administrationView AnswerAnswer: B Explanation: Convenience -Using single sign-on users have to type their passwords only once when they first log in to...

Which of the following division is defined in the TCSEC (Orange Book) as minimal protection?A .  Division DB .  Division CC .  Division BD .  Division AView AnswerAnswer: A Explanation: The criteria are divided into four divisions: D, C, B, and A ordered in a hierarchical manner with the highest...

Which of the following is NOT a common integrity goal?A .  Prevent unauthorized users from making modifications.B .  Maintain internal and external consistency.C .  Prevent authorized users from making improper modifications.D .  Prevent paths that could lead to inappropriate disclosure.View AnswerAnswer: D Explanation: Inappropriate disclosure is a confidentiality, not an integrity...

A 'Pseudo flaw' is which of the following?A .  An apparent loophole deliberately implanted in an operating system program as a trap for intruders.B .  An omission when generating Psuedo-code.C .  Used for testing for bounds violations in application programming.D .  A normally generated page fault causing the system to...

Which of the following would MOST likely ensure that a system development project meets business objectives?A .  Development and tests are run by different individualsB .  User involvement in system specification and acceptanceC .  Development of a project plan identifying all development activitiesD .  Strict deadlines and budgetsView AnswerAnswer: B Explanation:...

In Discretionary Access Control the subject has authority, within certain limitations,A .  but he is not permitted to specify what objects can be accessible and so we need to get an independent third party to specify what objects can be accessible.B .  to specify what objects can be accessible.C ....

What can be defined as a table of subjects and objects indicating what actions individual subjects can take upon individual objects?A .  A capacity tableB .  An access control listC .  An access control matrixD .  A capability tableView AnswerAnswer: C Explanation: The matrix lists the users, groups and roles down...

In discretionary access environments, which of the following entities is authorized to grant information access to other people?A .  ManagerB .  Group LeaderC .  Security ManagerD .  Data OwnerView AnswerAnswer: D Explanation: In Discretionary Access Control (DAC) environments, the user who creates a file is also considered the owner and...