SSCP

Which of the following is given the responsibility of the maintenance and protection of the data?A .  Data ownerB .  Data custodianC .  UserD .  Security administrator View AnswerAnswer: B Explanation: It is usually responsible for maintaining and protecting the data. The following answers are incorrect: Data owner is usually a member...

Which security model introduces access to objects only through programs?A .  The Biba modelB .  The Bell-LaPadula modelC .  The Clark-Wilson modelD .  The information flow modelView AnswerAnswer: C Explanation: In the Clark-Wilson model, the subject no longer has direct access to objects but instead must access them through programs...

Which of the following Kerberos components holds all users' and services' cryptographic keys?A .  The Key Distribution ServiceB .  The Authentication ServiceC .  The Key Distribution CenterD .  The Key Granting ServiceView AnswerAnswer: C Explanation: The Key Distribution Center (KDC) holds all users' and services' cryptographic keys. It provides authentication services,...

Why should batch files and scripts be stored in a protected area?A .  Because of the least privilege concept.B .  Because they cannot be accessed by operators.C .  Because they may contain credentials.D .  Because of the need-to-know concept.View AnswerAnswer: C Explanation: Because scripts contain credentials, they must be stored...

What is used to protect programs from all unauthorized modification or executional interference?A .  A protection domainB .  A security perimeterC .  Security labelsD .  AbstractionView AnswerAnswer: A Explanation: A protection domain consists of the execution and memory space assigned to each process. The purpose of establishing a protection domain...

The control measures that are intended to reveal the violations of security policy using software and hardware are associated with:A .  Preventive/physicalB .  Detective/technicalC .  Detective/physicalD .  Detective/administrativeView AnswerAnswer: B Explanation: The detective/technical control measures are intended to reveal the violations of security policy using technical means. Source: KRUTZ, Ronald...

Which access control model was proposed for enforcing access control in government and military applications?A .  Bell-LaPadula modelB .  Biba modelC .  Sutherland modelD .  Brewer-Nash modelView AnswerAnswer: A Explanation: The Bell-LaPadula model, mostly concerned with confidentiality, was proposed for enforcing access control in government and military applications. It supports...

Which of the following describes a technique in which a number of processor units are employed in a single computer system to increase the performance of the system in its application environment above the performance of a single processor of the same kind?A .  MultitaskingB .  MultiprogrammingC .  PipeliningD ....

Which of the following pairings uses technology to enforce access control policies?A .  Preventive/AdministrativeB .  Preventive/TechnicalC .  Preventive/PhysicalD .  Detective/AdministrativeView AnswerAnswer: B Explanation: The preventive/technical pairing uses technology to enforce access control policies. TECHNICAL CONTROLS Technical security involves the use of safeguards incorporated in computer hardware, operations or applications software, communications...

Identification and authentication are the keystones of most access control systems. Identification establishes:A .  User accountability for the actions on the system.B .  Top management accountability for the actions on the system.C .  EDP department accountability for the actions of users on the system.D .  Authentication for actions on the...