SSCP

Which of the following are not Remote Access concerns?A .  Justification for remote accessB .  Auditing of activitiesC .  Regular review of access privilegesD .  Access badgesView AnswerAnswer: D Explanation: Access badges are more relevant to physical security rather than remote access. "Justification for remote access" is incorrect. Justification for remote...

Which of the following choice is NOT normally part of the questions that would be asked in regards to an organization's information security policy?A .  Who is involved in establishing the security policy?B .  Where is the organization's security policy defined?C .  What are the actions that need to be...

Which of the following would constitute the best example of a password to use for access to a system by a network administrator?A .  holidayB .  Christmas12C .  JennyD .  GyN19Za!View AnswerAnswer: D Explanation: GyN19Za! would be the the best answer because it contains a mixture of upper and lower...

What is it called when a computer uses more than one CPU in parallel to execute instructions?A .  MultiprocessingB .  MultitaskingC .  MultithreadingD .  Parallel runningView AnswerAnswer: A Explanation: A system with multiple processors is called a multiprocessing system. Multitasking is incorrect. Multitasking involves sharing the processor amoung all ready processes....

Which expert system operating mode allows determining if a given hypothesis is valid?A .  BlackboardB .  Lateral chainingC .  Forward chainingD .  Backward chainingView AnswerAnswer: D Explanation: Backward-chaining mode - the expert system backtracks to determine if a given hypothesis is valid. Backward-chaining is generally used when there are a large...

Which must bear the primary responsibility for determining the level of protection needed for information systems resources?A .  IS security specialistsB .  Senior ManagementC .  Senior security analystsD .  systems AuditorsView AnswerAnswer: B Explanation: If there is no support by senior management to implement, execute, and enforce security policies and...

Which of the following would be the best criterion to consider in determining the classification of an information asset?A .  ValueB .  AgeC .  Useful lifeD .  Personal associationView AnswerAnswer: A Explanation: Information classification should be based on the value of the information to the organization and its sensitivity (reflection...

Which division of the Orange Book deals with discretionary protection (need-to-know)?A .  DB .  CC .  BD .  AView AnswerAnswer: B Explanation: C deals with discretionary protection. See matric below: TCSEC Matric The following are incorrect answers: D is incorrect. D deals with minimal security. B is incorrect. B deals with...

A central authority determines what subjects can have access to certain objects based on the organizational security policy is called:A .  Mandatory Access ControlB .  Discretionary Access ControlC .  Non-Discretionary Access ControlD .  Rule-based Access controlView AnswerAnswer: C Explanation: A central authority determines what subjects can have access to certain objects...

Which of the following is true of two-factor authentication?A .  It uses the RSA public-key signature based on integers with large prime factors.B .  It requires two measurements of hand geometry.C .  It does not use single sign-on technology.D .  It relies on two independent proofs of identity.View AnswerAnswer: D...