SSCP

Which of the following is NOT a technique used to perform a penetration test?A .  traffic paddingB .  scanning and probingC .  war dialingD .  sniffingView AnswerAnswer: A Explanation: Traffic padding is a countermeasure to traffic analysis. Even if perfect cryptographic routines are used, the attacker can gain knowledge of the...

What is defined as the hardware, firmware and software elements of a trusted computing base that implement the reference monitor concept?A .  The reference monitorB .  Protection ringsC .  A security kernelD .  A protection domainView AnswerAnswer: C Explanation: A security kernel is defined as the hardware, firmware and software...

The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system is referred to as?A .  ConfidentialityB .  AvailabilityC .  IntegrityD .  ReliabilityView AnswerAnswer: B Explanation: An company security program must: 1) assure that systems...

What does the Clark-Wilson security model focus on?A .  ConfidentialityB .  IntegrityC .  AccountabilityD .  AvailabilityView AnswerAnswer: B Explanation: The Clark-Wilson model addresses integrity. It incorporates mechanisms to enforce internal and external consistency, a separation of duty, and a mandatory integrity policy. Source: KRUTZ, Ronald L. & VINES, Russel D.,...

What is the goal of the Maintenance phase in a common development process of a security policy?A .  to review the document on the specified review dateB .  publication within the organizationC .  to write a proposal to management that states the objectives of the policyD .  to present the...

Considerations of privacy, invasiveness, and psychological and physical comfort when using the system are important elements for which of the following?A .  Accountability of biometrics systemsB .  Acceptability of biometrics systemsC .  Availability of biometrics systemsD .  Adaptability of biometrics systemsView AnswerAnswer: B Explanation: Acceptability refers to considerations of privacy,...

When submitting a passphrase for authentication, the passphrase is converted into ...A .  a virtual password by the systemB .  a new passphrase by the systemC .  a new passphrase by the encryption technologyD .  a real password by the system which can be used foreverView AnswerAnswer: A Explanation: Passwords...

What can best be defined as the detailed examination and testing of the security features of an IT system or product to ensure that they work correctly and effectively and do not show any logical vulnerabilities, such as evaluation criteria?A .  Acceptance testingB .  EvaluationC .  CertificationD .  AccreditationView AnswerAnswer:...

What kind of certificate is used to validate a user identity?A .  Public key certificateB .  Attribute certificateC .  Root certificateD .  Code signing certificateView AnswerAnswer: A Explanation: In cryptography, a public key certificate (or identity certificate) is an electronic document which incorporates a digital signature to bind together a...

In Synchronous dynamic password tokens:A .  The token generates a new password value at fixed time intervals (this password could be based on the time of day encrypted with a secret key).B .  The token generates a new non-unique password value at fixed time intervals (this password could be based...