SSCP

What does the (star) property mean in the Bell-LaPadula model?A .  No write upB .  No read upC .  No write downD .  No read downView AnswerAnswer: C Explanation: The (star) property of the Bell-LaPadula access control model states that writing of information by a subject at a higher level...

In biometric identification systems, at the beginning, it was soon apparent that truly positive identification could only be based on :A .  sex of a personB .  physical attributes of a personC .  age of a personD .  voice of a personView AnswerAnswer: B Explanation: Today implementation of fast, accurate...

What are called user interfaces that limit the functions that can be selected by a user?A .  Constrained user interfacesB .  Limited user interfacesC .  Mini user interfacesD .  Unlimited user interfacesView AnswerAnswer: A Explanation: Constrained user interfaces limit the functions that can be selected by a user. Another method for...

The information security staff's participation in which of the following system development life cycle phases provides maximum benefit to the organization?A .  project initiation and planning phaseB .  system design specifications phaseC .  development and documentation phaseD .  in parallel with every phase throughout the projectView AnswerAnswer: D Explanation: The other...

Which of the following is considered the weakest link in a security system?A .  PeopleB .  SoftwareC .  CommunicationsD .  HardwareView AnswerAnswer: A Explanation: The Answer People. The other choices can be strengthened and counted on (For the most part) to remain consistent if properly protected. People are fallible and...

Which of the following is NOT a compensating measure for access violations?A .  BackupsB .  Business continuity planningC . InsuranceD . Security awarenessView AnswerAnswer: D Explanation: Security awareness is a preventive measure, not a compensating measure for access violations. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep...

Which of the following phases of a software development life cycle normally addresses Due Care and Due Diligence?A .  ImplementationB .  System feasibilityC .  Product designD .  Software plans and requirementsView AnswerAnswer: D Explanation: The software plans and requirements phase addresses threats, vulnerabilities, security requirements, reasonable care, due diligence, legal liabilities,...

According to private sector data classification levels, how would salary levels and medical information be classified?A .  Public.B .  Internal Use Only.C .  Restricted.D .  Confidential.View AnswerAnswer: D Explanation: Typically there are three to four levels of information classification used by most organizations: Confidential: Information that, if released or disclosed...

What is the main concern with single sign-on?A .  Maximum unauthorized access would be possible if a password is disclosed.B .  The security administrator's workload would increase.C .  The users' password would be too hard to remember.D .  User access rights would be increased.View AnswerAnswer: A Explanation: A major concern...

Access control is the collection of mechanisms that permits managers of a system to exercise a directing or restraining influence over the behavior, use, and content of a system. It does not permit management to:A .  specify what users can doB .  specify which resources they can accessC .  specify...