Black Friday Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

ISC SSCP Exam Made Easy: Step-by-Step Preparation Guide

Questions 41

Which of the following best ensures accountability of users for the actions taken within a system or domain?

Options:

A.

Identification

B.

Authentication

C.

Authorization

D.

Credentials

Buy Now
Questions 42

Which of the following is implemented through scripts or smart agents that replays the users multiple log-ins against authentication servers to verify a user's identity which permit access to system services?

Options:

A.

Single Sign-On

B.

Dynamic Sign-On

C.

Smart cards

D.

Kerberos

Buy Now
Questions 43

A trusted system does NOT involve which of the following?

Options:

A.

Enforcement of a security policy.

B.

Sufficiency and effectiveness of mechanisms to be able to enforce a security policy.

C.

Assurance that the security policy can be enforced in an efficient and reliable manner.

D.

Independently-verifiable evidence that the security policy-enforcing mechanisms are sufficient and effective.

Buy Now
Questions 44

Which of the following BEST explains why computerized information systems frequently fail to meet the needs of users?

Options:

A.

Inadequate quality assurance (QA) tools.

B.

Constantly changing user needs.

C.

Inadequate user participation in defining the system's requirements.

D.

Inadequate project management.

Buy Now
Questions 45

Which of the following choice is NOT normally part of the questions that would be asked in regards to an organization's information security policy?

Options:

A.

Who is involved in establishing the security policy?

B.

Where is the organization's security policy defined?

C.

What are the actions that need to be performed in case of a disaster?

D.

Who is responsible for monitoring compliance to the organization's security policy?

Buy Now
Questions 46

Which of the following is NOT true concerning Application Control?

Options:

A.

It limits end users use of applications in such a way that only particular screens are visible.

B.

Only specific records can be requested through the application controls

C.

Particular usage of the application can be recorded for audit purposes

D.

It is non-transparent to the endpoint applications so changes are needed to the applications and databases involved

Buy Now
Questions 47

The information security staff's participation in which of the following system development life cycle phases provides maximum benefit to the organization?

Options:

A.

project initiation and planning phase

B.

system design specifications phase

C.

development and documentation phase

D.

in parallel with every phase throughout the project

Buy Now
Questions 48

An Architecture where there are more than two execution domains or privilege levels is called:

Options:

A.

Ring Architecture.

B.

Ring Layering

C.

Network Environment.

D.

Security Models

Buy Now
Questions 49

Who is responsible for initiating corrective measures and capabilities used when there are security violations?

Options:

A.

Information systems auditor

B.

Security administrator

C.

Management

D.

Data owners

Buy Now
Questions 50

Which of the following statements pertaining to software testing approaches is correct?

Options:

A.

A bottom-up approach allows interface errors to be detected earlier.

B.

A top-down approach allows errors in critical modules to be detected earlier.

C.

The test plan and results should be retained as part of the system's permanent documentation.

D.

Black box testing is predicated on a close examination of procedural detail.

Buy Now
Questions 51

Which of the following is a set of data processing elements that increases the performance in a computer by overlapping the steps of different instructions?

Options:

A.

pipelining

B.

complex-instruction-set-computer (CISC)

C.

reduced-instruction-set-computer (RISC)

D.

multitasking

Buy Now
Questions 52

One purpose of a security awareness program is to modify:

Options:

A.

employee's attitudes and behaviors towards enterprise's security posture

B.

management's approach towards enterprise's security posture

C.

attitudes of employees with sensitive data

D.

corporate attitudes about safeguarding data

Buy Now
Questions 53

Which of the following addresses a portion of the primary memory by specifying the actual address of the memory location?

Options:

A.

direct addressing

B.

Indirect addressing

C.

implied addressing

D.

indexed addressing

Buy Now
Questions 54

A Security Kernel is defined as a strict implementation of a reference monitor mechanism responsible for enforcing a security policy. To be secure, the kernel must meet three basic conditions, what are they?

Options:

A.

Confidentiality, Integrity, and Availability

B.

Policy, mechanism, and assurance

C.

Isolation, layering, and abstraction

D.

Completeness, Isolation, and Verifiability

Buy Now
Questions 55

IT security measures should:

Options:

A.

Be complex

B.

Be tailored to meet organizational security goals.

C.

Make sure that every asset of the organization is well protected.

D.

Not be developed in a layered fashion.

Buy Now
Questions 56

When backing up an applications system's data, which of the following is a key question to be answered first?

Options:

A.

When to make backups

B.

Where to keep backups

C.

What records to backup

D.

How to store backups

Buy Now
Questions 57

The major objective of system configuration management is which of the following?

Options:

A.

system maintenance.

B.

system stability.

C.

system operations.

D.

system tracking.

Buy Now
Questions 58

Which of the following refers to the data left on the media after the media has been erased?

Options:

A.

remanence

B.

recovery

C.

sticky bits

D.

semi-hidden

Buy Now
Questions 59

What is the goal of the Maintenance phase in a common development process of a security policy?

Options:

A.

to review the document on the specified review date

B.

publication within the organization

C.

to write a proposal to management that states the objectives of the policy

D.

to present the document to an approving body

Buy Now
Questions 60

Which of the following describes a logical form of separation used by secure computing systems?

Options:

A.

Processes use different levels of security for input and output devices.

B.

Processes are constrained so that each cannot access objects outside its permitted domain.

C.

Processes conceal data and computations to inhibit access by outside processes.

D.

Processes are granted access based on granularity of controlled objects.

Buy Now