SSCP

Which of the following is an unintended communication path that is NOT protected by the system's normal security mechanisms?A .  A trusted pathB .  A protection domainC .  A covert channelD .  A maintenance hookView AnswerAnswer: C Explanation: A covert channel is an unintended communication path within a system, therefore it...

Which of the following is most relevant to determining the maximum effective cost of access control?A .  the value of information that is protectedB .  management's perceptions regarding data importanceC .  budget planning related to base versus incremental spending.D .  the cost to replace lost dataView AnswerAnswer: A Explanation: The...

Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished:A .  through access control mechanisms that require identification and authentication and through the audit function.B .  through logical or technical controls involving the restriction of access to systems and the protection of information.C .  through logical...

Which of the following was developed to address some of the weaknesses in Kerberos and uses public key cryptography for the distribution of secret keys and provides additional access control support?A .  SESAMEB .  RADIUSC .  KryptoKnightD .  TACACS+View AnswerAnswer: A Explanation: Secure European System for Applications in a Multi-vendor Environment...

Making sure that the data is accessible when and where it is needed is which of the following?A .  confidentialityB .  integrityC . acceptabilityD . availabilityView AnswerAnswer: D Explanation: Availability is making sure that the data is accessible when and where it is needed. Source: KRUTZ, Ronald L. & VINES, Russel...

What is the appropriate role of the security analyst in the application system development or acquisition project?A .  policemanB .  control evaluator & consultantC .  data ownerD .  application userView AnswerAnswer: B Explanation: The correct answer is "control evaluator & consultant". During any system development or acquisition, the security staff...

What is the main issue with media reuse?A .  DegaussingB .  Data remanenceC .  Media destructionD . PurgingView AnswerAnswer: B Explanation: The main issue with media reuse is data remanence, where residual information still resides on a media that has been erased. Degaussing, purging and destruction are ways to handle...

Which of the following is a set of data processing elements that increases the performance in a computer by overlapping the steps of different instructions?A .  pipeliningB .  complex-instruction-set-computer (CISC)C .  reduced-instruction-set-computer (RISC)D .  multitaskingView AnswerAnswer: A Explanation: Pipelining is a natural concept in everyday life, e.g. on an assembly...

Which of the following best ensures accountability of users for the actions taken within a system or domain?A .  IdentificationB .  AuthenticationC .  AuthorizationD .  CredentialsView AnswerAnswer: B Explanation: Details: The only way to ensure accountability is if the subject is uniquely identified and authenticated. Identification alone does not provide...

This is a common security issue that is extremely hard to control in large environments. It occurs when a user has more computer rights, permissions, and access than what is required for the tasks the user needs to fulfill. What best describes this scenario?A .  Excessive RightsB .  Excessive AccessC...