[Free] New Updated (October) ISC SSCP Real Exam 141-150

Ensurepass

 

QUESTION 141

What is the main objective of proper separation of duties?

 

A.

To prevent employees from disclosing sensitive information.

B.

To ensure access controls are in place.

C.

To ensure that no single individual can compromise a system.

D.

To ensure that audit trails are not tampered with.

 

Correct Answer: C

Explanation:

The primary objective of proper separation of duties is to ensure that one person acting alone cannot compromise the company’s security in any way. A proper separation of duties does not prevent employees from disclosing information, nor does it ensure that access controls are in place or that audit trails are not tampered with.

Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- Hill/Osborne, 2002, Chapter 12: Operations Security (Page 808).

 

 

QUESTION 142

What is called a sequence of characters that is usually longer than the allotted number for a password?

 

A.

passphrase

B.

cognitive phrase

C.

anticipated phrase

D.

Real phrase

 

Correct Answer: A

Explanation:< /b>

A passphrase is a sequence of characters that is usually longer than the allotted number for a password.

Source: KRUTZ, Ronald L.& VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, page 37.

 

 

QUESTION 143

Which type of password token involves time synchronization?

 

A.

Static password tokens

B.

Synchronous dynamic password tokens

C.

Asynchronous dynamic password tokens

D.

Challenge-response tokens

 

Correct Answer: B

Explanation:

Synchronous dynamic password tokens generate a new unique password value at fixed time intervals, so the server and token need to be synchronized for the password to be accepted.

Source: KRUTZ, Ronald L.& VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 37).

Also check out: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- Hill/Osborne, 2002, chapter 4: Access Control (page 136).

 

 

QUESTION 144

Which of the following is true of two-factor authentication?

 

A.

It uses the RSA public-key signature based on integers with large prime factors.

B.

It requires two measurements of hand geometry.

C.

It does not use single sign-on technology.

D.

It relies on two independent proofs of identity.

 

Correct Answer: D

Explanation:

The Correct Answer: It relies on two independent proofs of identity. Two-factor authentication refers to using two independent proofs of identity, such as something the user has (e.g. a token card) and something the user knows (a password). Two-factor authentication may be used with single sign-on.

 

The following answers are incorrect: It requires two measurements of hand geometry. Measuring hand geometry twice does not yield two independent proofs.

 

It uses the RSA public-key signature based on integers with large prime factors. RSA encryption uses integers with exactly two prime factors, but the term “two-factor authentication” is not used in that context.

 

It does not use single sign-on technology. This is a detractor.

 

The following reference(s) were/was used to create this question:

Shon Harris AIO v.3 p.129

ISC2 OIG, 2007 p. 126

 

 

QUESTION 145

The “vulnerability of a facility” to damage or attack may be assessed by all of the following except:

 

A.

Inspection

B.

History of losses

C.

Security controls

D.

security budget

 

Correct Answer: D

Explanation:

Source: The CISSP Examination Textbook- Volume 2: Practice by S. Rao Vallabhaneni.

 

 

QUESTION 146

Access control is the collection of mechanisms that permits managers of a system to exercise a directing or restraining influence over the behavior, use, and content of a system. It does not permit management to:

 

A.

specify what users can do

B.

specify which resources they can access

C.

specify how to restrain hackers

D.

specify what operations they can perform on a system.

 

Correct Answer: C

Explanation:

Access control is the collection of mechanisms that permits managers of a system to exercise a directing or restraining influence over the behavior, use, and content of a system. It permits management to specify what users can do, which resources they can access, and what operations they can perform on a system. Specifying HOW to restrain hackers is not directly linked to access control. Source: DUPUIS, Clement, Access Control Systems and Methodology, Version 1, May 2002, CISSP Open Study Group Study Guide for Domain 1, Page 12.

 

 

QUESTION 147

In the CIA triad, what does the letter A stand for?

 

A.

Auditability

B.

Accountability

C.

Availability

D.

Authentication

 

Correct Answer: C

Explanation:

The CIA triad stands for Confidentiality, Integrity and Availability.

 

 

QUESTION 148

Which of the following is most affected by denial-of-service (DOS) attacks?

 

A.

Confidentiality

B.

Integrity

C.

Accountability

D.

Availability

 

Correct Answer: D

Explanation:

Denial of service attacks obviously affect availability of targeted systems.

Source: KRUTZ, Ronald L.& VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 61).

 

 

QUESTION 149

Which of the following Kerberos components holds all users’ and services’ cryptographic keys?

 

A.

The Key Distribution Service

B.

The Authentication Service

C.

The Key Distribution Center

D.

The Key Granting Service

 

Correct Answer: C

Explanation:

The Key Distribution Center (KDC) holds all users’ and services’ cryptographic keys. It provides authentication services, as well as key distribution functionality. The Authentication Service is the part of the KDC that authenticates a principal. The Key Distribution Service and Key Granting Service are distracters and are not defined Kerberos components.

Source: WALLHOFF, John, CISSP Summary 2002, April 2002, CBK#1 Access Control System & Methodology (page 3)

 

 

QUESTION 150

Which of the following access control models requires defining classification for objects?

 

A.

Role-based access control

B.

Discretionary access control

C.

Identity-based access control

D.

Mandatory access control

 

Correct Answer: D

Explanation:

With mandatory access control (MAC), the authorization of a subject’s access to an object is dependant upon labels, which indicate the subject’s clearance, and classification of objects.

 

The Following answers were incorrect:

 

Identity-based Access Control is a type of Discretionary Access Control (DAC), they are synonymous.

Role Based Access Control (RBAC) and Rule Based Access Control (RuBAC or RBAC) are types of Non Discretionary Access Control (NDAC).

 

Tip:

When you have two answers that are synonymous they are not the right choice for sure.

 

There is only one access control model that makes use of Label, Clearances, and Categories, it is Mandatory Access Control, none of the other one makes use of those items.

 

Reference(s) used for this question:

KRUTZ, Ronald L.& VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 33).

Free VCE & PDF File for ISC SSCP Real Exam

Instant Access to Free VCE Files: ISC | ISC | SAP …
Instant Access to Free PDF Files: ISC | ISC | SAP …

This entry was posted in SSCP Real Exam (October) and tagged , , , , , , . Bookmark the permalink.