Tag - SSCP exam

Which of the following is responsible for MOST of the security issues?A .  Outside espionageB .  HackersC .  PersonnelD .  Equipment failureView AnswerAnswer: C Explanation: Personnel cause more security issues than hacker attacks, outside espionage, or equipment failure. The following answers are incorrect because: Outside espionage is incorrect as it...

Which of the following is the act of performing tests and evaluations to test a system's security level to see if it complies with the design specifications and security requirements?A .  ValidationB .  VerificationC .  AssessmentD .  AccuracyView AnswerAnswer: B Explanation: Verification vs. Validation: Verification determines if the product accurately represents...

Which of the following is NOT an example of an operational control?A .  backup and recoveryB .  AuditingC .  contingency planningD .  operations proceduresView AnswerAnswer: B Explanation: Operational controls are controls over the hardware, the media used and the operators using these resources. Operational controls are controls that are implemented...

What kind of certificate is used to validate a user identity?A .  Public key certificateB .  Attribute certificateC .  Root certificateD .  Code signing certificateView AnswerAnswer: A Explanation: In cryptography, a public key certificate (or identity certificate) is an electronic document which incorporates a digital signature to bind together a...

The type of discretionary access control (DAC) that is based on an individual's identity is also called:A .  Identity-based Access controlB .  Rule-based Access controlC .  Non-Discretionary Access ControlD .  Lattice-based Access controlView AnswerAnswer: A Explanation: An identity-based access control is a type of Discretionary Access Control (DAC) that is based...

Which of the following is a not a preventative control?A .  Deny programmer access to production data.B .  Require change requests to include information about dates, descriptions, cost analysis and anticipated effects.C .  Run a source comparison program between control and current source periodically.D .  Establish procedures for emergency changes.View...

Which type of control is concerned with avoiding occurrences of risks?A .  Deterrent controlsB .  Detective controlsC .  Preventive controlsD .  Compensating controlsView AnswerAnswer: C Explanation: Preventive controls are concerned with avoiding occurrences of risks while deterrent controls are concerned with discouraging violations. Detecting controls identify occurrences and compensating controls are...

Which of the following is NOT a form of detective administrative control?A .  Rotation of dutiesB .  Required vacationsC .  Separation of dutiesD .  Security reviews and auditsView AnswerAnswer: C Explanation: Detective administrative controls warn of administrative control violations. Rotation of duties, required vacations and security reviews and audits are...

This is a common security issue that is extremely hard to control in large environments. It occurs when a user has more computer rights, permissions, and access than what is required for the tasks the user needs to fulfill. What best describes this scenario?A .  Excessive RightsB .  Excessive AccessC...

In biometric identification systems, at the beginning, it was soon apparent that truly positive identification could only be based on physical attributes of a person. This raised the necessity of answering 2 questions :A .  what was the sex of a person and his ageB .  what part of body...