Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

ISC SSCP - Systems Security Certified Practitioner

Page: 12 / 14
Total 1074 questions

Who is ultimately responsible for the security of computer based information systems within an organization?

A.

The tech support team

B.

The Operation Team.

C.

The management team.

D.

The training team.

Which of the following is a set of data processing elements that increases the performance in a computer by overlapping the steps of different instructions?

A.

pipelining

B.

complex-instruction-set-computer (CISC)

C.

reduced-instruction-set-computer (RISC)

D.

multitasking

What is the appropriate role of the security analyst in the application system development or acquisition project?

A.

policeman

B.

control evaluator & consultant

C.

data owner

D.

application user

A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?

A.

Covert channel

B.

Overt channel

C.

Opened channel

D.

Closed channel

Step-by-step instructions used to satisfy control requirements is called a:

A.

policy

B.

standard

C.

guideline

D.

procedure

Which of the following would be best suited to oversee the development of an information security policy?

A.

System Administrators

B.

End User

C.

Security Officers

D.

Security administrators

Degaussing is used to clear data from all of the following medias except:

A.

Floppy Disks

B.

Read-Only Media

C.

Video Tapes

D.

Magnetic Hard Disks

What is the act of obtaining information of a higher sensitivity by combining information from lower levels of sensitivity?

A.

Polyinstantiation

B.

Inference

C.

Aggregation

D.

Data mining

Which of the following does not address Database Management Systems (DBMS) Security?

A.

Perturbation

B.

Cell suppression

C.

Padded cells

D.

Partitioning

According to private sector data classification levels, how would salary levels and medical information be classified?

A.

Public.

B.

Internal Use Only.

C.

Restricted.

D.

Confidential.

What is the name of the first mathematical model of a multi-level security policy used to define the concept of a secure state, the modes of access, and rules for granting access?

A.

Clark and Wilson Model

B.

Harrison-Ruzzo-Ullman Model

C.

Rivest and Shamir Model

D.

Bell-LaPadula Model

Why should batch files and scripts be stored in a protected area?

A.

Because of the least privilege concept.

B.

Because they cannot be accessed by operators.

C.

Because they may contain credentials.

D.

Because of the need-to-know concept.

Which of the following are additional access control objectives?

A.

Consistency and utility

B.

Reliability and utility

C.

Usefulness and utility

D.

Convenience and utility

A confidential number used as an authentication factor to verify a user's identity is called a:

A.

PIN

B.

User ID

C.

Password

D.

Challenge

RADIUS incorporates which of the following services?

A.

Authentication server and PIN codes.

B.

Authentication of clients and static passwords generation.

C.

Authentication of clients and dynamic passwords generation.

D.

Authentication server as well as support for Static and Dynamic passwords.

Identification and authentication are the keystones of most access control systems. Identification establishes:

A.

User accountability for the actions on the system.

B.

Top management accountability for the actions on the system.

C.

EDP department accountability for the actions of users on the system.

D.

Authentication for actions on the system

Who developed one of the first mathematical models of a multilevel-security computer system?

A.

Diffie and Hellman.

B.

Clark and Wilson.

C.

Bell and LaPadula.

D.

Gasser and Lipner.

Which of the following questions is less likely to help in assessing identification and authentication controls?

A.

Is a current list maintained and approved of authorized users and their access?

B.

Are passwords changed at least every ninety days or earlier if needed?

C.

Are inactive user identifications disabled after a specified period of time?

D.

Is there a process for reporting incidents?

Which access control model would a lattice-based access control model be an example of?

A.

Mandatory access control.

B.

Discretionary access control.

C.

Non-discretionary access control.

D.

Rule-based access control.

Like the Kerberos protocol, SESAME is also subject to which of the following?

A.

timeslot replay

B.

password guessing

C.

symmetric key guessing

D.

asymmetric key guessing