SSCP

Which of the following determines that the product developed meets the projects goals?A .  verificationB .  validationC .  concurrenceD .  accuracyView AnswerAnswer: B Explanation: Software Development Verification vs. Validation: Verification determines if the product accurately represents and meets the design specifications given to the developers. A product can be developed that...

Which of the following describes the major disadvantage of many Single Sign-On (SSO) implementations?A .  Once an individual obtains access to the system through the initial log-on, they have access to all resources within the environment that the account has access to.B .  The initial logon process is cumbersome to...

Which of the following best defines add-on security?A .  Physical security complementing logical security measures.B .  Protection mechanisms implemented as an integral part of an information system.C .  Layer security.D .  Protection mechanisms implemented after an information system has become operational.View AnswerAnswer: D Explanation: The Internet Security Glossary (RFC2828) defines...

Which access control type has a central authority that determine to what objects the subjects have access to and it is based on role or on the organizational security policy?A .  Mandatory Access ControlB .  Discretionary Access ControlC .  Non-Discretionary Access ControlD .  Rule-based Access controlView AnswerAnswer: C Explanation: Non...

Which of the following biometric devices offers the LOWEST CER?A .  Keystroke dynamicsB .  Voice verificationC .  Iris scanD .  FingerprintView AnswerAnswer: C Explanation: From most effective (lowest CER) to least effective (highest CER) are: Iris scan, fingerprint, voice verification, keystroke dynamics. Reference : Shon Harris Aio v3 , Chapter-4 :...

How are memory cards and smart cards different?A .  Memory cards normally hold more memory than smart cardsB .  Smart cards provide a two-factor authentication whereas memory cards don'tC .  Memory cards have no processing powerD .  Only smart cards can be used for ATM cardsView AnswerAnswer: C Explanation: The...

A department manager has read access to the salaries of the employees in his/her department but not to the salaries of employees in other departments. A database security mechanism that enforces this policy would typically be said to provide which of the following?A .  Content-dependent access controlB .  Context-dependent access...

In the context of access control, locks, gates, guards are examples of which of the following?A .  Administrative controlsB .  Technical controlsC .  Physical controlsD .  Logical controlsView AnswerAnswer: C Explanation: Administrative, technical and physical controls are categories of access control mechanisms. Logical and Technical controls are synonymous. So both...

Which of the following is NOT a proper component of Media Viability Controls?A .  StorageB .  WritingC . HandlingD . MarkingView AnswerAnswer: B Explanation: Media Viability Controls include marking, handling and storage. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security,...

Which of the following is not appropriate in addressing object reuse?A .  Degaussing magnetic tapes when they're no longer needed.B .  Deleting files on disk before reusing the space.C .  Clearing memory blocks before they are allocated to a program or data.D .  Clearing buffered pages, documents, or screens from...