Weekend Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

ISC SSCP Exam Made Easy: Step-by-Step Preparation Guide

Questions 21

Which of the following biometric devices has the lowest user acceptance level?

Options:
A.

Retina Scan

B.

Fingerprint scan

C.

Hand geometry

D.

Signature recognition

ISC SSCP Premium Access
Questions 22

What does the (star) integrity axiom mean in the Biba model?

Options:
A.

No read up

B.

No write down

C.

No read down

D.

No write up

Questions 23

Which of the following is an example of a passive attack?

Options:
A.

Denying services to legitimate users

B.

Shoulder surfing

C.

Brute-force password cracking

D.

Smurfing

Questions 24

Rule-Based Access Control (RuBAC) access is determined by rules. Such rules would fit within what category of access control ?

Options:
A.

Discretionary Access Control (DAC)

B.

Mandatory Access control (MAC)

C.

Non-Discretionary Access Control (NDAC)

D.

Lattice-based Access control

Questions 25

Detective/Technical measures:

Options:
A.

include intrusion detection systems and automatically-generated violation reports from audit trail information.

B.

do not include intrusion detection systems and automatically-generated violation reports from audit trail information.

C.

include intrusion detection systems but do not include automatically-generated violation reports from audit trail information.

D.

include intrusion detection systems and customised-generated violation reports from audit trail information.

Questions 26

Which access model is most appropriate for companies with a high employee turnover?

Options:
A.

Role-based access control

B.

Mandatory access control

C.

Lattice-based access control

D.

Discretionary access control

Questions 27

Which TCSEC class specifies discretionary protection?

Options:
A.

B2

B.

B1

C.

C2

D.

C1

Questions 28

Which of the following is not a preventive login control?

Options:
A.

Last login message

B.

Password aging

C.

Minimum password length

D.

Account expiration

Questions 29

Which of the following is addressed by Kerberos?

Options:
A.

Confidentiality and Integrity

B.

Authentication and Availability

C.

Validation and Integrity

D.

Auditability and Integrity

Questions 30

Which of the following statements pertaining to Kerberos is TRUE?

Options:
A.

Kerberos does not address availability

B.

Kerberos does not address integrity

C.

Kerberos does not make use of Symmetric Keys

D.

Kerberos cannot address confidentiality of information

Questions 31

In biometric identification systems, at the beginning, it was soon apparent that truly positive identification could only be based on :

Options:
A.

sex of a person

B.

physical attributes of a person

C.

age of a person

D.

voice of a person

Questions 32

Which of the following security controls might force an operator into collusion with personnel assigned organizationally within a different function in order to gain access to unauthorized data?

Options:
A.

Limiting the local access of operations personnel

B.

Job rotation of operations personnel

C.

Management monitoring of audit logs

D.

Enforcing regular password changes

Questions 33

Which of the following questions is less likely to help in assessing physical access controls?

Options:
A.

Does management regularly review the list of persons with physical access to sensitive facilities?

B.

Is the operating system configured to prevent circumvention of the security software and application controls?

C.

Are keys or other access devices needed to enter the computer room and media library?

D.

Are visitors to sensitive areas signed in and escorted?

Questions 34

In the Bell-LaPadula model, the Star-property is also called:

Options:
A.

The simple security property

B.

The confidentiality property

C.

The confinement property

D.

The tranquility property

Questions 35

A timely review of system access audit records would be an example of which of the basic security functions?

Options:
A.

avoidance.

B.

deterrence.

C.

prevention.

D.

detection.

Questions 36

What is the most critical characteristic of a biometric identifying system?

Options:
A.

Perceived intrusiveness

B.

Storage requirements

C.

Accuracy

D.

Scalability

Questions 37

How can an individual/person best be identified or authenticated to prevent local masquarading attacks?

Options:
A.

UserId and password

B.

Smart card and PIN code

C.

Two-factor authentication

D.

Biometrics

Questions 38

The Computer Security Policy Model the Orange Book is based on is which of the following?

Options:
A.

Bell-LaPadula

B.

Data Encryption Standard

C.

Kerberos

D.

Tempest

Questions 39

Controls like guards and general steps to maintain building security, securing of server rooms or laptops, the protection of cables, and usage of magnetic switches on doors and windows are some of the examples of:

Options:
A.

Administrative controls

B.

Logical controls

C.

Technical controls

D.

Physical controls

Questions 40

Which is the last line of defense in a physical security sense?

Options:
A.

people

B.

interior barriers

C.

exterior barriers

D.

perimeter barriers