Tag - SSCP exam

Step-by-step instructions used to satisfy control requirements is called a: A . policyB .  standardC .  guidelineD .  procedureView AnswerAnswer: D Explanation: Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

The number of violations that will be accepted or forgiven before a violation record is produced is called which of the following?A .  clipping levelB .  acceptance levelC .  forgiveness levelD .  logging levelView AnswerAnswer: A Explanation: The correct answer is "clipping level". This is the point at which a...

Which of the following exemplifies proper separation of duties?A .  Operators are not permitted modify the system time.B .  Programmers are permitted to use the system console.C .  Console operators are permitted to mount tapes and disks.D .  Tape operators are permitted to use the system console.View AnswerAnswer: A Explanation:...

Like the Kerberos protocol, SESAME is also subject to which of the following?A .  timeslot replayB .  password guessingC .  symmetric key guessingD .  asymmetric key guessingView AnswerAnswer: B Explanation: Sesame is an authentication and access control protocol, that also supports communication confidentiality and integrity. It provides public key based...

Which of the following statements pertaining to Kerberos is false?A .  The Key Distribution Center represents a single point of failure.B .  Kerberos manages access permissions.C .  Kerberos uses a database to keep a copy of all users' public keys.D .  Kerberos uses symmetric key cryptography.View AnswerAnswer: C Explanation: Kerberos is...

What is considered the most important type of error to avoid for a biometric access control system?A .  Type I ErrorB .  Type II ErrorC .  Combined Error RateD .  Crossover Error RateView AnswerAnswer: B Explanation: When a biometric system is used for access control, the most important error is...

Which of the following is based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes?A .  The Software Capability Maturity Model (CMM)B .  The Spiral ModelC .  The Waterfall ModelD .  Expert Systems ModelView...

As per the Orange Book, what are two types of system assurance?A .  Operational Assurance and Architectural Assurance.B .  Design Assurance and Implementation Assurance.C .  Architectural Assurance and Implementation Assurance.D .  Operational Assurance and Life-Cycle Assurance.View AnswerAnswer: D Explanation: Are the two types of assurance mentioned in the Orange book. The...

One purpose of a security awareness program is to modify:A .  employee's attitudes and behaviors towards enterprise's security postureB .  management's approach towards enterprise's security postureC .  attitudes of employees with sensitive dataD .  corporate attitudes about safeguarding dataView AnswerAnswer: A Explanation: The Answer security awareness training is to modify employees...

Kerberos is vulnerable to replay in which of the following circumstances?A .  When a private key is compromised within an allotted time window.B .  When a public key is compromised within an allotted time window.C .  When a ticket is compromised within an allotted time window.D .  When the KSD...