SSCP

Which of the following is true about Kerberos?A .  It utilizes public key cryptography.B .  It encrypts data after a ticket is granted, but passwords are exchanged in plain text.C .  It depends upon symmetric ciphers.D .  It is a second party authentication system.View AnswerAnswer: C Explanation: Kerberos depends on secret...

For maximum security design, what type of fence is most effective and cost-effective method (Foot are being used as measurement unit below)?A .  3' to 4' highB .  6' to 7' highC .  8' high and above with strands of barbed wireD .  Double fencingView AnswerAnswer: D Explanation: The most commonly...

The preliminary steps to security planning include all of the following EXCEPT which of the following?A .  Establish objectives.B .  List planning assumptions.C .  Establish a security audit function.D .  Determine alternate courses of action View AnswerAnswer: C Explanation: The keyword within the question is: preliminary This means that you are...

Which of the following would be the best reason for separating the test and development environments?A .  To restrict access to systems under test.B .  To control the stability of the test environment.C .  To segregate user and development staff.D .  To secure access to systems under development.View AnswerAnswer: B Explanation:...

Which of the following BEST explains why computerized information systems frequently fail to meet the needs of users?A .  Inadequate quality assurance (QA) tools.B .  Constantly changing user needs.C .  Inadequate user participation in defining the system's requirements.D .  Inadequate project management.View AnswerAnswer: C Explanation: Inadequate user participation in defining...

What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?A .  AB .  DC .  ED .  FView AnswerAnswer: B Explanation: D or "minimal protection" is reserved for systems that were evaluated under the TCSEC but...

Which of the following classes is the first level (lower) defined in the TCSEC (Orange Book) as mandatory protection?A .  BB .  AC .  CD .  DView AnswerAnswer: A Explanation: B level is the first Mandatory Access Control Level. First published in 1983 and updated in 1985, the TCSEC, frequently referred...

Which of the following is not a form of passive attack?A .  ScavengingB .  Data diddlingC .  Shoulder surfingD .  SniffingView AnswerAnswer: B Explanation: Data diddling involves alteration of existing data and is extremely common. It is one of the easiest types of crimes to prevent by using access and accounting...

Examples of types of physical access controls include all EXCEPT which of the following?A .  badgesB .  locksC .  guardsD .  passwordsView AnswerAnswer: D Explanation: Passwords are considered a Preventive/Technical (logical) control. The following answers are incorrect: badges Badges are a physical control used to identify an individual. A badge can...

Which of the following models does NOT include data integrity or conflict of interest?A .  BibaB .  Clark-WilsonC .  Bell-LaPadulaD .  Brewer-NashView AnswerAnswer: C Explanation: Bell LaPadula model (Bell 1975): The granularity of objects and subjects is not predefined, but the model prescribes simple access rights. Based on simple access restrictions...