SSCP

Which of the following is most affected by denial-of-service (DOS) attacks?A .  ConfidentialityB .  IntegrityC .  AccountabilityD .  AvailabilityView AnswerAnswer: D Explanation: Denial of service attacks obviously affect availability of targeted systems. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer...

Which of the following statements pertaining to using Kerberos without any extension is false?A .  A client can be impersonated by password-guessing.B .  Kerberos is mostly a third-party authentication protocol.C .  Kerberos uses public key cryptography.D .  Kerberos provides robust authentication.View AnswerAnswer: C Explanation: Kerberos is a trusted, credential-based, third-party...

The three classic ways of authenticating yourself to the computer security software are: something you know, something you have, and something:A .  you need.B .  you read.C .  you are.D .  you do.View AnswerAnswer: C Explanation: Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

External consistency ensures that the data stored in the database is:A .  in-consistent with the real world.B .  remains consistant when sent from one system to another.C .  consistent with the logical world.D .  consistent with the real world.View AnswerAnswer: D Explanation: External consistency ensures that the data stored in...

Which of the following classes is defined in the TCSEC (Orange Book) as discretionary protection?A .  CB .  BC .  AD .  DView AnswerAnswer: A Explanation: Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 197. Also: THE source...

Which of the following questions is less likely to help in assessing identification and authentication controls?A .  Is a current list maintained and approved of authorized users and their access?B .  Are passwords changed at least every ninety days or earlier if needed?C .  Are inactive user identifications disabled after...

Whose role is it to assign classification level to information?A .  Security AdministratorB .  UserC .  OwnerD .  AuditorView AnswerAnswer: C Explanation: The Data/Information Owner is ultimately responsible for the protection of the data. It is the Data/Information Owner that decides upon the classifications of that data they are responsible for....

Which of the following are NOT a countermeasure to traffic analysis?A .  Padding messages.B .  Eavesdropping.C .  Sending noise.D .  Faraday CageView AnswerAnswer: B Explanation: Eavesdropping is not a countermeasure, it is a type of attack where you are collecting traffic and attempting to see what is being send between...

Related to information security, the prevention of the intentional or unintentional unauthorized disclosure of contents is which of the following?A .  ConfidentialityB .  IntegrityC .  AvailabilityD .  capabilityView AnswerAnswer: A Explanation: Confidentiality is the prevention of the intentional or unintentional unauthorized disclosure of contents. Source: KRUTZ, Ronald L. & VINES,...

Which of the following is less likely to be included in the change control sub-phase of the maintenance phase of a software product?A .  Estimating the cost of the changes requestedB .  Recreating and analyzing the problemC .  Determining the interface that is presented to the userD .  Establishing the...