SSCP

Which of the following is NOT an advantage that TACACS+ has over TACACS?A .  Event loggingB .  Use of two-factor password authenticationC .  User has the ability to change his passwordD . Ability for security tokens to be resynchronizedView AnswerAnswer: A Explanation: Although TACACS+ provides better audit trails, event logging...

What is the main purpose of Corporate Security Policy?A .  To transfer the responsibility for the information security to all users of the organizationB .  To communicate management's intentions in regards to information securityC .  To provide detailed steps for performing specific actionsD .  To provide a common framework for...

In regards to information classification what is the main responsibility of information (data) owner?A .  determining the data sensitivity or classification levelB .  running regular data backupsC .  audit the data usersD .  periodically check the validity and accuracy of the dataView AnswerAnswer: A Explanation: Making the determination to decide...

Making sure that only those who are supposed to access the data can access is which of the following?A .  confidentiality.B .  capability.C .  integrity.D .  availability.View AnswerAnswer: A Explanation: From the published (ISC)2 goals for the Certified Information Systems Security Professional candidate, domain definition. Confidentiality is making sure that...

Organizations should consider which of the following first before allowing external access to their LANs via the Internet?A .  plan for implementing workstation locking mechanisms.B .  plan for protecting the modem pool.C .  plan for providing the user with his account usage information.D .  plan for considering proper authentication options.View...

Which of the following phases of a system development life-cycle is most concerned with maintaining proper authentication of users and processes to ensure appropriate access control decisions?A .  Development/acquisitionB .  ImplementationC .  Operation/MaintenanceD .  InitiationView AnswerAnswer: C Explanation: The operation phase of an IT system is concerned with user authentication. Authentication...

Which of the following is not a security goal for remote access?A .  Reliable authentication of users and systemsB .  Protection of confidential dataC .  Easy to manage access control to systems and network resourcesD .  Automated login for remote usersView AnswerAnswer: D Explanation: An automated login function for remote users...

When it comes to magnetic media sanitization, what difference can be made between clearing and purging information?A .  Clearing completely erases the media whereas purging only removes file headers, allowing the recovery of files.B .  Clearing renders information unrecoverable by a keyboard attack and purging renders information unrecoverable against laboratory...

Which of the following questions is less likely to help in assessing physical and environmental protection?A .  Are entry codes changed periodically?B .  Are appropriate fire suppression and prevention devices installed and working?C .  Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or steal printed or...

Which access control model is also called Non Discretionary Access Control (NDAC)?A .  Lattice based access controlB .  Mandatory access controlC .  Role-based access controlD .  Label-based access controlView AnswerAnswer: C Explanation: RBAC is sometimes also called non-discretionary access control (NDAC) (as Ferraiolo says "to distinguish it from the policy-based...