SSCP

What is called the verification that the user's claimed identity is valid and is usually implemented through a user password at log-on time?A .  AuthenticationB .  IdentificationC .  IntegrityD .  ConfidentialityView AnswerAnswer: A Explanation: Authentication is verification that the user's claimed identity is valid and is usually implemented through a...

An attack initiated by an entity that is authorized to access system resources but uses them in a way not approved by those who granted the authorization is known as a(n):A .  active attackB .  outside attackC .  inside attackD .  passive attackView AnswerAnswer: C Explanation: An inside attack is...

Smart cards are an example of which type of control?A .  Detective controlB .  Administrative controlC .  Technical controlD .  Physical controlView AnswerAnswer: C Explanation: Logical or technical controls involve the restriction of access to systems and the protection of information. Smart cards and encryption are examples of these types...

Why do buffer overflows happen? What is the main cause?A .  Because buffers can only hold so much dataB .  Because of improper parameter checking within the applicationC .  Because they are an easy weakness to exploitD .  Because of insufficient system memoryView AnswerAnswer: B Explanation: Buffer Overflow attack takes...

What can be defined as an abstract machine that mediates all access to objects by subjects to ensure that subjects have the necessary access rights and to protect objects from unauthorized access?A .  The Reference MonitorB .  The Security KernelC .  The Trusted Computing BaseD .  The Security DomainView AnswerAnswer:...

Which of the following is related to physical security and is not considered a technical control? A. Access control Mechanisms B. Intrusion Detection Systems C. Firewalls D. LocksView AnswerAnswer: D Explanation: All of the above are considered technical controls except for locks, which are physical controls. Administrative, Technical, and Physical Security Controls Administrative security...

Which integrity model defines a constrained data item, an integrity verification procedure and a transformation procedure?A .  The Take-Grant modelB .  The Biba integrity modelC .  The Clark Wilson integrity modelD .  The Bell-LaPadula integrity modelView AnswerAnswer: C Explanation: The Clark Wilson integrity model addresses the three following integrity goals:...

Which of the following is not a two-factor authentication mechanism?A .  Something you have and something you know.B .  Something you do and a password.C .  A smartcard and something you are.D .  Something you know and a password.View AnswerAnswer: D Explanation: Something you know and a password fits within only...

Which access control model is best suited in an environment where a high security level is required and where it is desired that only the administrator grants access control?A .  DACB .  MACC .  Access control matrixD .  TACACSView AnswerAnswer: B Explanation: MAC provides high security by regulating access based on...

What can best be defined as high-level statements, beliefs, goals and objectives?A .  StandardsB .  PoliciesC .  GuidelinesD .  ProceduresView AnswerAnswer: B Explanation: Policies are high-level statements, beliefs, goals and objectives and the general means for their attainment for a specific subject area. Standards are mandatory activities, action, rules or...