SSCP

In biometrics, "one-to-many" search against database of stored biometric images is done in:A .  AuthenticationB .  IdentificationC .  IdentitiesD .  Identity-based access controlView AnswerAnswer: B Explanation: In biometrics, identification is a "one-to-many" search of an individual's characteristics from a database of stored images. Source: KRUTZ, Ronald L. & VINES, Russel...

Who is responsible for initiating corrective measures and capabilities used when there are security violations?A .  Information systems auditorB .  Security administratorC .  ManagementD .  Data ownersView AnswerAnswer: C Explanation: Management is responsible for protecting all assets that are directly or indirectly under their control. They must ensure that employees understand...

The end result of implementing the principle of least privilege means which of the following?A .  Users would get access to only the info for which they have a need to knowB .  Users can access all systems.C .  Users get new privileges added when they change positions.D .  Authorization...

What mechanism automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local police/fire station and the appropriate headquarters? A. Central station alarm B. Proprietary alarm C. A remote station alarm D. An auxiliary station alarmView AnswerAnswer: D...

What can best be described as a domain of trust that shares a single security policy and single management?A .  The reference monitorB .  A security domainC .  The security kernelD .  The security perimeterView AnswerAnswer: B Explanation: A security domain is a domain of trust that shares a single...

How should a doorway of a manned facility with automatic locks be configured?A .  It should be configured to be fail-secure.B .  It should be configured to be fail-safe.C .  It should have a door delay cipher lock.D .  It should not allow piggybacking.View AnswerAnswer: B Explanation: Access controls are meant...

The control of communications test equipment should be clearly addressed by security policy for which of the following reasons?A .  Test equipment is easily damaged.B .  Test equipment can be used to browse information passing on a network.C .  Test equipment is difficult to replace if lost or stolen.D ....

Which of the following test makes sure the modified or new system includes appropriate access controls and does not introduce any security holes that might compromise other systems?A .  Recovery testingB .  Security testingC .  Stress/volume testingD .  Interface testingView AnswerAnswer: B Explanation: Security testing makes sure the modified or...

Which of the following is needed for System Accountability?A .  Audit mechanisms.B .  Documented design as laid out in the Common Criteria.C .  Authorization.D .  Formal verification of system design.View AnswerAnswer: A Explanation: Is a means of being able to track user actions. Through the use of audit logs and...

In what way could Java applets pose a security threat?A .  Their transport can interrupt the secure distribution of World Wide Web pages over the Internet by removing SSL and S-HTTPB .  Java interpreters do not provide the ability to limit system access that an applet could have on a...