Tag - SSCP exam

Which of the following is not a component of a Operations Security "triples"?A .  AssetB .  ThreatC .  VulnerabilityD .  RiskView AnswerAnswer: D Explanation: The Operations Security domain is concerned with triples - threats, vulnerabilities and assets. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering...

Which of the following is commonly used for retrofitting multilevel security to a database management system?A .  trusted front-end.B .  trusted back-end.C .  controller.D .  kernel.View AnswerAnswer: A Explanation: If you are "retrofitting" that means you are adding to an existing database management system (DBMS). You could go back and...

Which of the following security controls might force an operator into collusion with personnel assigned organizationally within a different function in order to gain access to unauthorized data?A .  Limiting the local access of operations personnelB .  Job rotation of operations personnelC .  Management monitoring of audit logsD .  Enforcing...

What would be the name of a Logical or Virtual Table dynamically generated to restrict the information a user can access in a database?A .  Database Management systemB .  Database viewsC .  Database securityD .  Database shadowingView AnswerAnswer: B Explanation: The Answer Database views; Database views are mechanisms that restrict...

Who is responsible for implementing user clearances in computer-based information systems at the B3 level of the TCSEC rating ?A .  Security administratorsB .  OperatorsC .  Data ownersD .  Data custodiansView AnswerAnswer: A Explanation: Security administrator functions include user-oriented activities such as setting user clearances, setting initial password, setting other...

In non-discretionary access control using Role Based Access Control (RBAC), a central authority determines what subjects can have access to certain objects based on the organizational security policy. The access controls may be based on:A .  The societies role in the organizationB .  The individual's role in the organizationC ....

Which of the following refers to the data left on the media after the media has been erased?A .  remanenceB .  recoveryC .  sticky bitsD .  semi-hiddenView AnswerAnswer: A Explanation: Actually the term "remanence" comes from electromagnetism, the study of the electromagnetics. Originally referred to (and still does in that...

Which access control model would a lattice-based access control model be an example of?A .  Mandatory access control.B .  Discretionary access control.C .  Non-discretionary access control.D .  Rule-based access control.View AnswerAnswer: A Explanation: In a lattice model, there are pairs of elements that have the least upper bound of values...

Which of the following is best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in a system?A .  Fail proofB .  Fail softC .  Fail safeD .  Fail OverView AnswerAnswer: C Explanation: NOTE: This...

Which type of attack involves impersonating a user or a system?A .  Smurfing attackB .  Spoofing attackC .  Spamming attackD .  Sniffing attackView AnswerAnswer: B Explanation: A spoofing attack is when an attempt is made to gain access to a computer system by posing as an authorized user or system....