SSCP Part 1
What are the components of an object's sensitivity label?
A single classification and a Compartment Set
What is Kerberos?
A trusted third party authentication protocol
In which of the following model are Subjects and Objects identified and the permissions applied to each subject/object combination are specified. Such a model can be used to quickly summarize what permissions a subject has for various system objects.
Access Control Matrix model
Which of the following is needed for System Accountability?
Audit mechanisms
Which of the following classes is the first level (lower) defined in the TCSEC (Orange Book) as mandatory protection?
B
Who developed one of the first mathematical models of a multilevel-security computer system?
Bell and LaPadula
The Computer Security Policy Model the Orange Book is based on is which of the following?
Bell-LaPadula
In which of the following security models is the subject's clearance compared to the object's classification such that specific rules can be applied to control how the subject-to-object interactions take place?
Bell-LaPadula model
Which of the following classes is defined in the TCSEC (Orange Book) as discretionary protection?
C
A department manager has read access to the salaries of the employees in his/her department but not to the salaries of employees in other departments. A database security mechanism that enforces this policy would typically be said to provide which of the following?
Content-dependent access control
Single Sign-on (SSO) is characterized by which of the following advantages?
Convenience and centralized administration
In discretionary access environments, which of the following entities is authorized to grant information access to other people?
Data Owner
Which of the following is the most reliable, secure means of removing data from magnetic storage media such as a magnetic tape, or a cassette?
Degaussing
Which of the following division is defined in the TCSEC (Orange Book) as minimal protection?
Division D
Which of the following would constitute the best example of a password to use for access to a system by a network administrator?
GyN19Za!
Which of the following is true about Kerberos?
It depends upon symmetric ciphers
Which of the following is true of two-factor authentication?
It relies on two independent proofs of identity
What is the main concern with single sign-on?
Maximum unauthorized access would be possible if a password is disclosed
Which one of the following authentication mechanisms creates a problem for mobile users?
Mechanisms based on IP addresses
What does it mean to say that sensitivity labels are "incomparable"?
Neither label contains all the categories of the other
Which of the following exemplifies proper separation of duties?
Operators are not permitted modify the system time
A confidential number used as an authentication factor to verify a user's identity is called a:
PIN
Which of the following is NOT a type of motion detector?
Photoelectric sensor
Which of the following was developed to address some of the weaknesses in Kerberos and uses public key cryptography for the distribution of secret keys and provides additional access control support?
SESAME
Which of the following attacks could capture network user passwords?
Sniffing
Which of the following is the most reliable authentication method for remote access?
Synchronous token
Which of the following was developed by the National Computer Security Center (NCSC) for the US Department of Defense ?
TCSEC
The Orange Book is founded upon which security policy model?
The Bell LaPadula Model
In Mandatory Access Control, sensitivity labels attached to object contain what information?
The item's classification and category set
What physical characteristic does a retinal scan biometric device measure?
The pattern of blood vessels at the back of the eye
Guards are appropriate whenever the function required by the security program involves which of the following?
The use of discriminating judgment
The end result of implementing the principle of least privilege means which of the following?
Users would get access to only the info for which they have a need to know
Which of the following would assist the most in Host Based intrusion detection?
audit trails
The primary service provided by Kerberos is which of the following?
authentication
The number of violations that will be accepted or forgiven before a violation record is produced is called which of the following?
clipping level
A timely review of system access audit records would be an example of which of the basic security functions?
detection
Which of the following is not a logical control when implementing logical access security?
employee badges
Which of the following is NOT a system-sensing wireless proximity card?
magnetically striped card
Controls to keep password sniffing attacks from compromising computer systems include which of the following?
one-time passwords and encryption
Examples of types of physical access controls include all EXCEPT which of the following?
passwords
Which is the last line of defense in a physical security sense?
people
Organizations should consider which of the following first before allowing external access to their LANs via the Internet?
plan for considering proper authentication options
Kerberos can prevent which one of the following attacks?
playback (replay) attack
There are parallels between the trust models in Kerberos and Public Key Infrastructure (PKI). When we compare them side by side, Kerberos tickets correspond most closely to which of the following?
public-key certificates
The "vulnerability of a facility" to damage or attack may be assessed by all of the following except:
security budget
A potential problem related to the physical installation of the Iris Scanner in regards to the usage of the iris pattern within a biometric system is:
the optical unit must be positioned so that the sun does not shine into the aperture
Which of the following is NOT a technique used to perform a penetration test?
traffic padding
The three classic ways of authenticating yourself to the computer security software are by something you know, by something you have, and by something:
you are