SSCP

What is the main objective of proper separation of duties?A .  To prevent employees from disclosing sensitive information.B .  To ensure access controls are in place.C .  To ensure that no single individual can compromise a system.D .  To ensure that audit trails are not tampered with.View AnswerAnswer: C Explanation:...

What does it mean to say that sensitivity labels are "incomparable"?A .  The number of classification in the two labels is different.B .  Neither label contains all the classifications of the other.C .  the number of categories in the two labels are different.D .  Neither label contains all the categories...

Which of the following is a trusted, third party authentication protocol that was developed under Project Athena at MIT?A .  KerberosB .  SESAMEC .  KryptoKnightD .  NetSPView AnswerAnswer: A Explanation: Kerberos is a trusted, third party authentication protocol that was developed under Project Athena at MIT. Kerberos is a network...

Which of the following is used to interrupt the opportunity to use or perform collusion to subvert operation for fraudulent purposes?A .  Key escrowB .  Rotation of dutiesC .  Principle of need-to-knowD .  Principle of least privilegeView AnswerAnswer: B Explanation: Job rotations reduce the risk of collusion of activities between...

What is called the type of access control where there are pairs of elements that have the least upper bound of values and greatest lower bound of values?A .  Mandatory modelB .  Discretionary modelC .  Lattice modelD .  Rule modelView AnswerAnswer: C Explanation: In a lattice model, there are pairs of...

Which of the following describes a logical form of separation used by secure computing systems?A .  Processes use different levels of security for input and output devices.B .  Processes are constrained so that each cannot access objects outside its permitted domain.C .  Processes conceal data and computations to inhibit access...

Which of the following choices describe a Challenge-response tokens generation?A .  A workstation or system that generates a random challenge string that the user enters into the token when prompted along with the proper PIC .  A workstation or system that generates a random login id that the user enters...

Which of the following statements pertaining to software testing is incorrect?A .  Unit testing should be addressed and considered when the modules are being designed.B .  Test data should be part of the specifications.C .  Testing should be performed with live data to cover all possible situations.D .  Test data...

Which of the following is NOT a technical control?A .  Password and resource managementB .  Identification and authentication methodsC .  Monitoring for physical intrusionD .  Intrusion Detection SystemsView AnswerAnswer: C Explanation: It is considered to be a 'Physical Control' There are three broad categories of access control: administrative, technical, and physical....

The Orange Book states that "Hardware and software features shall be provided that can be used to periodically validate the correct operation of the on-site hardware and firmware elements of the TCB [Trusted Computing Base]." This statement is the formal requirement for:A .  Security Testing.B .  Design Verification.C .  System...