SSCP

Which of the following access control models requires defining classification for objects?A .  Role-based access controlB .  Discretionary access controlC .  Identity-based access controlD .  Mandatory access controlView AnswerAnswer: D Explanation: With mandatory access control (MAC), the authorization of a subject's access to an object is dependant upon labels, which indicate...

Which of the following is NOT true concerning Application Control?A .  It limits end users use of applications in such a way that only particular screens are visible.B .  Only specific records can be requested through the application controlsC .  Particular usage of the application can be recorded for audit...

Which of the following is the most reliable authentication method for remote access?A .  Variable callback systemB .  Synchronous tokenC .  Fixed callback systemD .  Combination of callback and caller IDView AnswerAnswer: B Explanation: A Synchronous token generates a one-time password that is only valid for a short period of time....

What is the most secure way to dispose of information on a CD-ROM?A .  SanitizingB .  Physical damageC .  DegaussingD .  Physical destructionView AnswerAnswer: D Explanation: First you have to realize that the question is specifically talking about a CDROM. The information stored on a CDROM is not in electro magnetic...

Memory management in TCSEC levels B3 and A1 operating systems may utilize "data hiding". What does this mean?A .  System functions are layered, and none of the functions in a given layer can access data outside that layer.B .  Auditing processes and their memory addresses cannot be accessed by user...

Making sure that the data has not been changed unintentionally, due to an accident or malice is:A .  Integrity.B .  Confidentiality.C .  Availability.D .  Auditability.View AnswerAnswer: A Explanation: Integrity refers to the protection of information from unauthorized modification or deletion. Confidentiality is incorrect. Confidentiality refers to the protection of information...

What is called an automated means of identifying or authenticating the identity of a living person based on physiological or behavioral characteristics?A .  BiometricsB .  MicrometricsC .  MacrometricsD .  MicroBiometricsView AnswerAnswer: A Explanation: The Answer Biometrics; Biometrics are defined as an automated means of identifying or authenticating the identity of...

Which of the following security mode of operation does NOT require all users to have the clearance for all information processed on the system?A .  Compartmented security modeB .  Multilevel security modeC .  System-high security modeD .  Dedicated security modeView AnswerAnswer: B Explanation: The multilevel security mode permits two or...

Which of the following statements pertaining to biometrics is FALSE?A .  User can be authenticated based on behavior.B .  User can be authenticated based on unique physical attributes.C .  User can be authenticated by what he knows.D .  A biometric system's accuracy is determined by its crossover error rate (CER).View...

Which of the following is an advantage of prototyping?A .  Prototype systems can provide significant time and cost savings.B .  Change control is often less complicated with prototype systems.C .  It ensures that functions or extras are not added to the intended system.D .  Strong internal controls are easier to...