SSCP

Which of the following would be used to implement Mandatory Access Control (MAC)?A .  Clark-Wilson Access ControlB .  Role-based access controlC .  Lattice-based access controlD .  User dictated access controlView AnswerAnswer: C Explanation: The lattice is a mechanism use to implement Mandatory Access Control (MAC) Under Mandatory Access Control (MAC) you...

Which of the following best corresponds to the type of memory addressing where the address location that is specified in the program instruction contains the address of the final desired location?A .  Direct addressingB .  Indirect addressingC .  Indexed addressingD .  Program addressingView AnswerAnswer: B Explanation: Indirect addressing is when...

Who should DECIDE how a company should approach security and what security measures should be implemented?A .  Senior managementB .  Data ownerC .  AuditorD .  The information security specialistView AnswerAnswer: A Explanation: They are responsible for security of the organization and the protection of its assets. The following answers are incorrect...

Which of the following does not apply to system-generated passwords?A .  Passwords are harder to remember for users.B .  If the password-generating algorithm gets to be known, the entire system is in jeopardy.C .  Passwords are more vulnerable to brute force and dictionary attacks.D .  Passwords are harder to guess...

Because all the secret keys are held and authentication is performed on the Kerberos TGS and the authentication servers, these servers are vulnerable to:A .  neither physical attacks nor attacks from malicious code.B .  physical attacks onlyC .  both physical attacks and attacks from malicious code.D .  physical attacks but...

What is called the percentage at which the False Rejection Rate equals the False Acceptance Rate?A .  False Rejection Rate (FRR) or Type I ErrorB .  False Acceptance Rate (FAR) or Type II ErrorC .  Crossover Error Rate (CER)D .  Failure to enroll rate (FTE or FER)View AnswerAnswer: C Explanation: The...

Which of the following statements pertaining to Kerberos is TRUE?A .  Kerberos does not address availabilityB .  Kerberos does not address integrityC .  Kerberos does not make use of Symmetric KeysD . Kerberos cannot address confidentiality of informationView AnswerAnswer: A Explanation: The question was asking for a TRUE statement and...

Which of the following is NOT a system-sensing wireless proximity card?A .  magnetically striped cardB .  passive deviceC .  field-powered deviceD .  transponderView AnswerAnswer: A Explanation: Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 342.

Which of the following is addressed by Kerberos?A .  Confidentiality and IntegrityB .  Authentication and AvailabilityC .  Validation and IntegrityD .  Auditability and IntegrityView AnswerAnswer: A Explanation: Kerberos addresses the confidentiality and integrity of information. It also addresses primarily authentication but does not directly address availability. Reference(s) used for this question:...

When attempting to establish Liability, which of the following would be describe as performing the ongoing maintenance necessary to keep something in proper working order, updated, effective, or to abide by what is commonly expected in a situation?A .  Due careB .  Due concernC .  Due diligenceD .  Due practiceView...