SSCP

Which of the following is not a logical control when implementing logical access security?A .  access profiles.B .  userids.C .  employee badges.D .  passwords.View AnswerAnswer: C Explanation: Employee badges are considered Physical so would not be a logical control. The following answers are incorrect: userids. Is incorrect because userids are a...

Which of the following control pairings include: organizational policies and procedures, preemployment background checks, strict hiring practices, employment agreements, employee termination procedures, vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior awareness, and sign-up procedures to obtain access to information systems and networks?A .  Preventive/Administrative PairingB ....

Which of the following can be defined as a framework that supports multiple, optional authentication mechanisms for PPP, including cleartext passwords, challenge-response, and arbitrary dialog sequences?A .  Extensible Authentication ProtocolB .  Challenge Handshake Authentication ProtocolC .  Remote Authentication Dial-In User ServiceD .  Multilevel Authentication Protocol.View AnswerAnswer: A Explanation: RFC 2828...

Who can best decide what are the adequate technical security controls in a computer-based application system in regards to the protection of the data being used, the criticality of the data, and it's sensitivity level ?A .  System AuditorB .  Data or Information OwnerC .  System ManagerD .  Data or...

Which of the following protection devices is used for spot protection within a few inches of the object, rather than for overall room security monitoring?A .  Wave pattern motion detectorsB .  Capacitance detectorsC .  Field-powered devicesD .  Audio detectorsView AnswerAnswer: B Explanation: Capacitance detectors monitor an electrical field surrounding the...

Which of the following is not a method to protect objects and the data within the objects?A .  LayeringB .  Data miningC .  AbstractionD .  Data hidingView AnswerAnswer: B Explanation: Data mining is used to reveal hidden relationships, patterns and trends by running queries on large data stores. Data mining...

What is the name of the first mathematical model of a multi-level security policy used to define the concept of a secure state, the modes of access, and rules for granting access?A .  Clark and Wilson ModelB .  Harrison-Ruzzo-Ullman ModelC .  Rivest and Shamir ModelD .  Bell-LaPadula ModelView AnswerAnswer: D Explanation:...

Which of the following is best defined as an administrative declaration by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards?A .  CertificationB .  DeclarationC .  AuditD .  AccreditationView AnswerAnswer: D Explanation: Accreditation: is an administrative declaration by...

Which of the following does not address Database Management Systems (DBMS) Security?A .  PerturbationB .  Cell suppressionC .  Padded cellsD .  PartitioningView AnswerAnswer: C Explanation: Padded cells complement Intrusion Detection Systems (IDSs) and are not related to DBMS security. Padded cells are simulated environments to which IDSs seamlessly transfer detected...

Which of the following is used in database information security to hide information?A .  InheritanceB .  PolyinstantiationC .  PolymorphismD .  DelegationView AnswerAnswer: B Explanation: Polyinstantiation enables a relation to contain multiple tuples with the same primary keys with each instance distinguished by a security level. When this information is inserted...