Tag - SSCP exam

In biometric identification systems, the parts of the body conveniently available for identification are:A .  neck and mouthB .  hands, face, and eyesC .  feet and hairD .  voice and neckView AnswerAnswer: B Explanation: Today implementation of fast, accurate, reliable, and user-acceptable biometric identification systems are already under way. Because...

Which of the following is NOT part of the Kerberos authentication protocol?A .  Symmetric key cryptographyB .  Authentication service (AS)C .  PrincipalsD .  Public KeyView AnswerAnswer: D Explanation: There is no such component within kerberos environment. Kerberos uses only symmetric encryption and does not make use of any public key...

What is called the formal acceptance of the adequacy of a system's overall security by the management?A .  CertificationB .  AcceptanceC .  AccreditationD .  EvaluationView AnswerAnswer: C Explanation: Accreditation is the authorization by management to implement software or systems in a production environment. This authorization may be either provisional or full....

Which of the following is NOT an administrative control?A .  Logical access control mechanismsB .  Screening of personnelC .  Development of policies, standards, procedures and guidelinesD .  Change control proceduresView AnswerAnswer: A Explanation: It is considered to be a technical control. Logical is synonymous with Technical Control. That was the...

Which of the following is the LEAST user accepted biometric device?A .  FingerprintB .  Iris scanC .  Retina scanD .  Voice verificationView AnswerAnswer: C Explanation: The biometric device that is least user accepted is the retina scan, where a system scans the blood-vessel pattern on the backside of the eyeball....

Which type of password token involves time synchronization?A .  Static password tokensB .  Synchronous dynamic password tokensC .  Asynchronous dynamic password tokensD . Challenge-response tokensView AnswerAnswer: B Explanation: Synchronous dynamic password tokens generate a new unique password value at fixed time intervals, so the server and token need to be...

Which security model is based on the military classification of data and people with clearances?A .  Brewer-Nash modelB .  Clark-Wilson modelC .  Bell-LaPadula modelD .  Biba modelView AnswerAnswer: C Explanation: The Bell-LaPadula model is a confidentiality model for information security based on the military classification of data, on people with clearances...

Which access control model enables the OWNER of the resource to specify what subjects can access specific resources based on their identity?A .  Discretionary Access ControlB .  Mandatory Access ControlC .  Sensitive Access ControlD .  Role-based Access ControlView AnswerAnswer: A Explanation: Data owners decide who has access to resources based...

Which of the following is an advantage in using a bottom-up versus a top-down approach to software testing?A .  Interface errors are detected earlier.B .  Errors in critical modules are detected earlier.C .  Confidence in the system is achieved earlier.D .  Major functions and processing are tested earlier.View AnswerAnswer: B...

Which of the following remote access authentication systems is the most robust?A .  TACACS+B .  RADIUSC .  PAPD .  TACACSView AnswerAnswer: A Explanation: TACACS+ is a proprietary Cisco enhancement to TACACS and is more robust than RADIUS. PAP is not a remote access authentication system but a remote node security...