SSCP

Which of the following is most appropriate to notify an internal user that session monitoring is being conducted?A .  Logon BannersB .  Wall posterC .  Employee HandbookD .  Written agreementView AnswerAnswer: D Explanation: This is a tricky question, the keyword in the question is Internal users. There are two possible answers...

Which of the following is NOT a factor related to Access Control?A .  integrityB .  authenticityC .  confidentialityD .  availabilityView AnswerAnswer: B Explanation: These factors cover the integrity, confidentiality, and availability components of information system security. Integrity is important in access control as it relates to ensuring only authorized subjects...

Which of the following protocol was used by the INITIAL version of the Terminal Access Controller Access Control System TACACS for communication between clients and servers?A .  TCPB .  SSLC .  UDPD .  SSHView AnswerAnswer: C Explanation: The original TACACS, developed in the early ARPANet days, had very limited functionality...

What is the difference between Access Control Lists (ACLs) and Capability Tables?A .  Access control lists are related/attached to a subject whereas capability tables are related/attached to an object.B .  Access control lists are related/attached to an object whereas capability tables are related/attached to a subject.C .  Capability tables are...

When backing up an applications system's data, which of the following is a key question to be answered first?A .  When to make backupsB .  Where to keep backupsC .  What records to backupD .  How to store backupsView AnswerAnswer: C Explanation: It is critical that a determination be made...

Which of the following statements pertaining to a security policy is incorrect?A .  Its main purpose is to inform the users, administrators and managers of their obligatory requirements for protecting technology and information assets.B .  It specifies how hardware and software should be used throughout the organization.C .  It needs...

Which of the following statements pertaining to access control is false?A .  Users should only access data on a need-to-know basis.B .  If access is not explicitly denied, it should be implicitly allowed.C .  Access rights should be granted based on the level of trust a company has on a...

Which of following is not a service provided by AAA servers (Radius, TACACS and DIAMETER)?A .  AuthenticationB .  AdministrationC .  AccountingD .  AuthorizationView AnswerAnswer: B Explanation: Radius, TACACS and DIAMETER are classified as authentication, authorization, and accounting (AAA) servers. Source: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th...

It is a violation of the "separation of duties" principle when which of the following individuals access the software on systems implementing security?A .  security administratorB .  security analystC .  systems auditorD .  systems programmerView AnswerAnswer: D Explanation: Reason: The security administrator, security analysis, and the system auditor need access to...

Which of the following are required for Life-Cycle Assurance?A .  System Architecture and Design specification.B .  Security Testing and Covert Channel Analysis.C .  Security Testing and Trusted distribution.D .  Configuration Management and Trusted Facility Management. View AnswerAnswer: C Explanation: Security testing and trusted distribution are required for Life-Cycle Assurance. The following answers...