SSCP

What is called the percentage of valid subjects that are falsely rejected by a Biometric Authentication system?A .  False Rejection Rate (FRR) or Type I ErrorB .  False Acceptance Rate (FAR) or Type II ErrorC .  Crossover Error Rate (CER)D .  True Rejection Rate (TRR) or Type III ErrorView AnswerAnswer:...

The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated up to?A .  Illiminated at nine feet high with at least three foot-candlesB .  Illiminated at eight feet high with at least three foot-candlesC .  Illiminated at eight feet high...

The number of violations that will be accepted or forgiven before a violation record is produced is called which of the following?A .  clipping levelB .  acceptance levelC .  forgiveness levelD .  logging levelView AnswerAnswer: A Explanation: The correct answer is "clipping level". This is the point at which a...

Which of the following is the act of performing tests and evaluations to test a system's security level to see if it complies with the design specifications and security requirements?A .  ValidationB .  VerificationC .  AssessmentD .  AccuracyView AnswerAnswer: B Explanation: Verification vs. Validation: Verification determines if the product accurately represents...

Which of the following can best eliminate dial-up access through a Remote Access Server as a hacking vector?A .  Using a TACACS+ server.B .  Installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall.C .  Setting modem ring count to at least 5.D...

Which of the following statements pertaining to the security kernel is incorrect?A .  The security kernel is made up of mechanisms that fall under the TCB and implements and enforces the reference monitor concept.B .  The security kernel must provide isolation for the processes carrying out the reference monitor concept...

The controls that usually require a human to evaluate the input from sensors or cameras to determine if a real threat exists are associated with:A .  Preventive/physicalB .  Detective/technicalC .  Detective/physicalD .  Detective/administrativeView AnswerAnswer: C Explanation: Detective/physical controls usually require a human to evaluate the input from sensors or cameras...

Which of the following is best defined as a circumstance in which a collection of information items is required to be classified at a higher security level than any of the individual items that comprise it?A .  AggregationB .  InferenceC .  ClusteringD .  CollisionView AnswerAnswer: A Explanation: The Internet Security...

Preservation of confidentiality within information systems requires that the information is not disclosed to:A .  Authorized personB .  Unauthorized persons or processes.C .  Unauthorized persons.D .  Authorized persons and processesView AnswerAnswer: B Explanation: Confidentiality assures that the information is not disclosed to unauthorized persons or processes. Source: KRUTZ, Ronald L....

Which of the following statements pertaining to the Bell-LaPadula is TRUE if you are NOT making use of the strong star property?A .  It allows "read up."B .  It addresses covert channels.C .  It addresses management of access controls.D .  It allows "write up."View AnswerAnswer: D Explanation: BellCLaPadula Confidentiality Model10...