SSCP

What can be defined as a list of subjects along with their access rights that are authorized to access a specific object?A .  A capability tableB .  An access control listC .  An access control matrixD .  A role-based matrixView AnswerAnswer: B Explanation: "It [ACL] specifies a list of users...

Crime Prevention Through Environmental Design (CPTED) is a discipline that:A .  Outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior.B .  Outlines how the proper design of the logical environment can reduce crime by directly affecting human behavior.C .  Outlines how the...

An effective information security policy should not have which of the following characteristic?A .  Include separation of dutiesB .  Be designed with a short- to mid-term focusC .  Be understandable and supported by all stakeholdersD .  Specify areas of responsibility and authorityView AnswerAnswer: B Explanation: An effective information security policy should...

Which of the following is the act of performing tests and evaluations to test a system's security level to see if it complies with the design specifications and security requirements?A .  ValidationB .  VerificationC .  AssessmentD .  AccuracyView AnswerAnswer: B Explanation: Verification vs. Validation: Verification determines if the product accurately represents...

The security of a computer application is most effective and economical in which of the following cases?A .  The system is optimized prior to the addition of security.B .  The system is procured off-the-shelf.C .  The system is customized to meet the specific security threat.D .  The system is originally...

Kerberos can prevent which one of the following attacks?A .  tunneling attack.B .  playback (replay) attack.C .  destructive attack.D .  process attack.View AnswerAnswer: B Explanation: Each ticket in Kerberos has a timestamp and are subject to time expiration to help prevent these types of attacks. The following answers are incorrect:...

Which of the following phases of a system development life-cycle is most concerned with establishing a good security policy as the foundation for design?A .  Development/acquisitionB .  ImplementationC .  InitiationD .  MaintenanceView AnswerAnswer: C Explanation: A security policy is an important document to develop while designing an information system. The...

Which of the following protects a password from eavesdroppers and supports the encryption of communication?A .  Challenge Handshake Authentication Protocol (CHAP)B .  Challenge Handshake Identification Protocol (CHIP)C .  Challenge Handshake Encryption Protocol (CHEP)D .  Challenge Handshake Substitution Protocol (CHSP)View AnswerAnswer: A Explanation: CHAP: A protocol that uses a three way...

What can be described as an imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?A .  The security kernelB .  The reference monitorC .  The security perimeterD .  The reference perimeterView AnswerAnswer: C Explanation: The security perimeter is the imaginary line that...

Why does compiled code pose more of a security risk than interpreted code?A .  Because malicious code can be embedded in compiled code and be difficult to detect.B .  If the executed compiled code fails, there is a chance it will fail insecurely.C .  Because compilers are not reliable.D ....