SSCP

Ensuring least privilege does not require:A .  Identifying what the user's job is.B .  Ensuring that the user alone does not have sufficient rights to subvert an important process.C .  Determining the minimum set of privileges required for a user to perform their duties.D .  Restricting the user to required...

Which of the following is needed for System Accountability?A .  Audit mechanisms.B .  Documented design as laid out in the Common Criteria.C .  Authorization.D .  Formal verification of system design.View AnswerAnswer: A Explanation: Is a means of being able to track user actions. Through the use of audit logs and other...

Which of the following statements pertaining to using Kerberos without any extension is false?A .  A client can be impersonated by password-guessing.B .  Kerberos is mostly a third-party authentication protocol.C .  Kerberos uses public key cryptography.D .  Kerberos provides robust authentication.View AnswerAnswer: C Explanation: Kerberos is a trusted, credential-based, third-party...

Which of the following statements pertaining to biometrics is false?A .  Increased system sensitivity can cause a higher false rejection rateB .  The crossover error rate is the point at which false rejection rate equals the false acceptance rate.C .  False acceptance rate is also known as Type II error.D...

Which access control model provides upper and lower bounds of access capabilities for a subject?A .  Role-based access controlB .  Lattice-based access controlC . Biba access controlD . Content-dependent access controlView AnswerAnswer: B Explanation: In the lattice model, users are assigned security clearences and the data is classified. Access decisions are...

Which of the following would provide the BEST stress testing environment taking under consideration and avoiding possible data exposure and leaks of sensitive data?A .  Test environment using test data.B .  Test environment using sanitized live workloads data.C .  Production environment using test data.D .  Production environment using sanitized live...

What is the act of obtaining information of a higher sensitivity by combining information from lower levels of sensitivity?A .  PolyinstantiationB .  InferenceC .  AggregationD .  Data miningView AnswerAnswer: C Explanation: Aggregation is the act of obtaining information of a higher sensitivity by combining information from lower levels of sensitivity. The...

Which of the following Operation Security controls is intended to prevent unauthorized intruders from internally or externally accessing the system, and to lower the amount and impact of unintentional errors that are entering the system?A .  Detective ControlsB .  Preventative ControlsC .  Corrective ControlsD .  Directive ControlsView AnswerAnswer: B Explanation:...

Which of the following would best describe the difference between white-box testing and black-box testing?A .  White-box testing is performed by an independent programmer team.B .  Black-box testing uses the bottom-up approach.C .  White-box testing examines the program internal logical structure.D .  Black-box testing involves the business unitsView AnswerAnswer: C Explanation:...

The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated up to?A .  Illiminated at nine feet high with at least three foot-candlesB .  Illiminated at eight feet high with at least three foot-candlesC .  Illiminated at eight feet high...