SSCP

Which of the following biometric devices has the lowest user acceptance level? A. Retina Scan B. Fingerprint scan C. Hand geometry D. Signature recognitionView AnswerAnswer: A Explanation: According to the cited reference, of the given options, the Retina scan has the lowest user acceptance level as it is needed for the user to get...

Risk reduction in a system development life-cycle should be applied:A .  Mostly to the initiation phase.B .  Mostly to the development phase.C .  Mostly to the disposal phase.D .  Equally to all phases.View AnswerAnswer: D Explanation: Risk is defined as the combination of the probability that a particular threat source...

Within the context of the CBK, which of the following provides a MINIMUM level of security ACCEPTABLE for an environment ?A .  A baselineB .  A standardC .  A procedureD .  A guidelineView AnswerAnswer: A Explanation: Baselines provide the minimum level of security necessary throughout the organization. Standards specify how hardware...

Which of the following is not a physical control for physical security?A .  lightingB .  fencesC .  trainingD .  facility construction materialsView AnswerAnswer: C Explanation: Some physical controls include fences, lights, locks, and facility construction materials. Some administrative controls include facility selection and construction, facility management, personnel controls, training, and...

Risk analysis is MOST useful when applied during which phase of the system development process?A .  Project initiation and PlanningB .  Functional Requirements definitionC .  System Design SpecificationD .  Development and ImplementationView AnswerAnswer: A Explanation: In most projects the conditions for failure are established at the beginning of the project....

The major objective of system configuration management is which of the following?A .  system maintenance.B .  system stability.C .  system operations.D .  system tracking.View AnswerAnswer: B Explanation: A major objective with Configuration Management is stability. The changes to the system are controlled so that they don't lead to weaknesses or...

What would BEST define a covert channel?A .  An undocumented backdoor that has been left by a programmer in an operating systemB .  An open system port that should be closed.C .  A communication channel that allows transfer of information in a manner that violates the system's security policy.D ....

Which of the following is used by RADIUS for communication between clients and servers?A .  TCPB .  SSLC .  UDPD .  SSHView AnswerAnswer: C Explanation: Source: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 2, 2001, CRC Press, NY, Page 33.

Which of the following security modes of operation involves the highest risk?A .  Compartmented Security ModeB .  Multilevel Security ModeC .  System-High Security ModeD .  Dedicated Security ModeView AnswerAnswer: B Explanation: In multilevel mode, two or more classification levels of data exist, some people are not cleared for all the...

Passwords can be required to change monthly, quarterly, or at other intervals:A .  depending on the criticality of the information needing protectionB .  depending on the criticality of the information needing protection and the password's frequency of useC .  depending on the password's frequency of useD .  not depending on...