SSCP

In which of the following model are Subjects and Objects identified and the permissions applied to each subject/object combination are specified. Such a model can be used to quickly summarize what permissions a subject has for various system objects.A .  Access Control Matrix modelB .  Take-Grant modelC .  Bell-LaPadula modelD...

Which security model ensures that actions that take place at a higher security level do not affect actions that take place at a lower level?A .  The Bell-LaPadula modelB .  The information flow modelC .  The noninterference modelD .  The Clark-Wilson modelView AnswerAnswer: C Explanation: The goal of a noninterference...

In an organization, an Information Technology security function should:A .  Be a function within the information systems function of an organization.B .  Report directly to a specialized business unit such as legal, corporate security or insurance.C .  Be lead by a Chief Security Officer and report directly to the CEE...

To control access by a subject (an active entity such as individual or process) to an object (a passive entity such as a file) involves setting up:A .  Access RulesB .  Access MatrixC .  Identification controlsD .  Access terminalView AnswerAnswer: A Explanation: Controlling access by a subject (an active entity such...

Almost all types of detection permit a system's sensitivity to be increased or decreased during an inspection process. If the system's sensitivity is increased, such as in a biometric authentication system, the system becomes increasingly selective and has the possibility of generating:A .  Lower False Rejection Rate (FRR)B .  Higher...

What is called a sequence of characters that is usually longer than the allotted number for a password?A .  passphraseB .  cognitive phraseC .  anticipated phraseD .  Real phraseView AnswerAnswer: A Explanation: A passphrase is a sequence of characters that is usually longer than the allotted number for a password....

Which of the following rules is least likely to support the concept of least privilege?A .  The number of administrative accounts should be kept to a minimum.B .  Administrators should use regular accounts when performing routine operations like reading mail.C .  Permissions on tools that are likely to be used...

How can an individual/person best be identified or authenticated to prevent local masquarading attacks?A .  UserId and passwordB .  Smart card and PIN codeC .  Two-factor authenticationD .  BiometricsView AnswerAnswer: D Explanation: The only way to be truly positive in authenticating identity for access is to base the authentication on...

Access Control techniques do not include which of the following?A .  Rule-Based Access ControlsB .  Role-Based Access ControlC .  Mandatory Access ControlD .  Random Number Based Access ControlView AnswerAnswer: D Explanation: Access Control Techniques Discretionary Access Control Mandatory Access Control Lattice Based Access Control Rule-Based Access Control Role-Based Access Control...

Which one of the following factors is NOT one on which Authentication is based?A .  Type 1. Something you know, such as a PIN or passwordB .  Type 2. Something you have, such as an ATM card or smart cardC .  Type 3. Something you are (based upon one or...