SSCP Part 1

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What are the components of an object's sensitivity label?

A single classification and a Compartment Set

What is Kerberos?

A trusted third party authentication protocol

In which of the following model are Subjects and Objects identified and the permissions applied to each subject/object combination are specified. Such a model can be used to quickly summarize what permissions a subject has for various system objects.

Access Control Matrix model

Which of the following is needed for System Accountability?

Audit mechanisms

Which of the following classes is the first level (lower) defined in the TCSEC (Orange Book) as mandatory protection?

B

Who developed one of the first mathematical models of a multilevel-security computer system?

Bell and LaPadula

The Computer Security Policy Model the Orange Book is based on is which of the following?

Bell-LaPadula

In which of the following security models is the subject's clearance compared to the object's classification such that specific rules can be applied to control how the subject-to-object interactions take place?

Bell-LaPadula model

Which of the following classes is defined in the TCSEC (Orange Book) as discretionary protection?

C

A department manager has read access to the salaries of the employees in his/her department but not to the salaries of employees in other departments. A database security mechanism that enforces this policy would typically be said to provide which of the following?

Content-dependent access control

Single Sign-on (SSO) is characterized by which of the following advantages?

Convenience and centralized administration

In discretionary access environments, which of the following entities is authorized to grant information access to other people?

Data Owner

Which of the following is the most reliable, secure means of removing data from magnetic storage media such as a magnetic tape, or a cassette?

Degaussing

Which of the following division is defined in the TCSEC (Orange Book) as minimal protection?

Division D

Which of the following would constitute the best example of a password to use for access to a system by a network administrator?

GyN19Za!

Which of the following is true about Kerberos?

It depends upon symmetric ciphers

Which of the following is true of two-factor authentication?

It relies on two independent proofs of identity

What is the main concern with single sign-on?

Maximum unauthorized access would be possible if a password is disclosed

Which one of the following authentication mechanisms creates a problem for mobile users?

Mechanisms based on IP addresses

What does it mean to say that sensitivity labels are "incomparable"?

Neither label contains all the categories of the other

Which of the following exemplifies proper separation of duties?

Operators are not permitted modify the system time

A confidential number used as an authentication factor to verify a user's identity is called a:

PIN

Which of the following is NOT a type of motion detector?

Photoelectric sensor

Which of the following was developed to address some of the weaknesses in Kerberos and uses public key cryptography for the distribution of secret keys and provides additional access control support?

SESAME

Which of the following attacks could capture network user passwords?

Sniffing

Which of the following is the most reliable authentication method for remote access?

Synchronous token

Which of the following was developed by the National Computer Security Center (NCSC) for the US Department of Defense ?

TCSEC

The Orange Book is founded upon which security policy model?

The Bell LaPadula Model

In Mandatory Access Control, sensitivity labels attached to object contain what information?

The item's classification and category set

What physical characteristic does a retinal scan biometric device measure?

The pattern of blood vessels at the back of the eye

Guards are appropriate whenever the function required by the security program involves which of the following?

The use of discriminating judgment

The end result of implementing the principle of least privilege means which of the following?

Users would get access to only the info for which they have a need to know

Which of the following would assist the most in Host Based intrusion detection?

audit trails

The primary service provided by Kerberos is which of the following?

authentication

The number of violations that will be accepted or forgiven before a violation record is produced is called which of the following?

clipping level

A timely review of system access audit records would be an example of which of the basic security functions?

detection

Which of the following is not a logical control when implementing logical access security?

employee badges

Which of the following is NOT a system-sensing wireless proximity card?

magnetically striped card

Controls to keep password sniffing attacks from compromising computer systems include which of the following?

one-time passwords and encryption

Examples of types of physical access controls include all EXCEPT which of the following?

passwords

Which is the last line of defense in a physical security sense?

people

Organizations should consider which of the following first before allowing external access to their LANs via the Internet?

plan for considering proper authentication options

Kerberos can prevent which one of the following attacks?

playback (replay) attack

There are parallels between the trust models in Kerberos and Public Key Infrastructure (PKI). When we compare them side by side, Kerberos tickets correspond most closely to which of the following?

public-key certificates

The "vulnerability of a facility" to damage or attack may be assessed by all of the following except:

security budget

A potential problem related to the physical installation of the Iris Scanner in regards to the usage of the iris pattern within a biometric system is:

the optical unit must be positioned so that the sun does not shine into the aperture

Which of the following is NOT a technique used to perform a penetration test?

traffic padding

The three classic ways of authenticating yourself to the computer security software are by something you know, by something you have, and by something:

you are


Ensembles d'études connexes

Most Missed Questions from Behavioral Psychology and Consciousness

View Set