CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISC
  5. SSCP

Free SSCP Exam Braindumps (page: 48)

Page 48 of 269
PDF with 1074 Questions

Logical or technical controls involve the restriction of access to systems and the protection of information. Which of the following statements pertaining to these types of controls is correct?

  1. Examples of these types of controls include policies and procedures, security awareness training, background checks, work habit checks but do not include a review of vacation history, and also do not include increased supervision.
  2. Examples of these types of controls do not include encryption, smart cards, access lists, and transmission protocols.
  3. Examples of these types of controls are encryption, smart cards, access lists, and transmission protocols.
  4. Examples of these types of controls include policies and procedures, security awareness training, background checks, work habit checks, a review of vacation history, and increased supervision.

Answer(s): C

Explanation:

Logical or technical controls involve the restriction of access to systems and the protection of information. Examples of these types of controls are encryption, smart cards, access lists, and transmission protocols.


Reference:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33.



Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished:

  1. through access control mechanisms that require identification and authentication and through the audit function.
  2. through logical or technical controls involving the restriction of access to systems and the protection of information.
  3. through logical or technical controls but not involving the restriction of access to systems and the protection of information.
  4. through access control mechanisms that do not require identification and authentication and do not operate through the audit function.

Answer(s): A

Explanation:

Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished through access control mechanisms that require identification and authentication and through the audit function. These controls must be in accordance with and accurately represent the organization's security policy. Assurance procedures ensure that the control mechanisms correctly implement the security policy for the entire life cycle of an information system.


Reference:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33.



In Discretionary Access Control the subject has authority, within certain limitations,

  1. but he is not permitted to specify what objects can be accessible and so we need to get an independent third party to specify what objects can be accessible.
  2. to specify what objects can be accessible.
  3. to specify on a aggregate basis without understanding what objects can be accessible.
  4. to specify in full detail what objects can be accessible.

Answer(s): B

Explanation:

With Discretionary Access Control, the subject has authority, within certain limitations, to specify what objects can be accessible.
For example, access control lists can be used. This type of access control is used in local, dynamic situations where the subjects must have the discretion to specify what resources certain
users are permitted to access.
When a user, within certain limitations, has the right to alter the access control to certain objects, this is termed as user-directed discretionary access control. In some instances, a hybrid approach is used, which combines the features of user-based and identity-based discretionary access control.


Reference:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33.
and
HARRIS, Shon, All-In-One CISSP Certification Exam Guide 5th Edition, McGraw-Hill/Osborne, 2010, Chapter 4: Access Control (page 210-211).



In non-discretionary access control using Role Based Access Control (RBAC), a central authority determines what subjects can have access to certain objects based on the organizational security policy. The access controls may be based on:

  1. The societies role in the organization
  2. The individual's role in the organization
  3. The group-dynamics as they relate to the individual's role in the organization
  4. The group-dynamics as they relate to the master-slave role in the organization

Answer(s): B

Explanation:

In Non-Discretionary Access Control, when Role Based Access Control is being used, a central authority determines what subjects can have access to certain objects based on the organizational security policy. The access controls may be based on the individual's role in the organization.


Reference:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33.



Page 48 of 269



Post your Comments and Discuss ISC SSCP exam with other Community members:

Jack commented on October 03, 2024
are these still legit?
Anonymous
upvote

Anil commented on February 13, 2024
To everyone interested in this exam. I can tell you that questions are 90% accurate. Good enough to pass the exam with a good mark. But you need to study all these questions as you get randomized questions from this question bank. I pass my exam and that is what I could share as part of my study experience. Good luck to you all.
CANADA
upvote

S.H. commented on February 13, 2024
A happy returning customer. Passed one exam now preparing for my second. I hope this one is a accurate as the first exam. My score was 87% in first exam.
France
upvote

Marcus commented on February 04, 2024
Hello @Theguy, I actually used the full version of this exam (they provide the full version in PDF and it comes with an interactive test engine software which is actually pretty good). I managed to study for a month and then booked my exam. I managed to pass my exam. Make sure to practice withe test engine they provide and make sure you get more than 90% passing mark with their test engine. After that you will be ready to book your exam. Best of luck with you studies.
Anonymous
upvote

theguy commented on February 03, 2024
anyone actually used only this recently and can verify that the majority of these questions were on their exam
UNITED STATES
upvote

Niko76 commented on December 05, 2023
I hope it help me on exam
POLAND
upvote

christopher commented on March 14, 2023
The practice questions are Clear and concise, this study guide saved me and helped me pass my exam.
UNITED STATES
upvote

Bie commented on June 14, 2022
I pass today
THAILAND
upvote

Paratik-2000 commented on June 13, 2022
I encurage you to study and understand every single question in this exam dumps. Exam is very ticky but this dump helps a lot. I got to pass mine.
INDIA
upvote

Vicktor commented on October 19, 2021
These exam dumps saved me so much time. With a full-time job, studying those large books is not possible.
UNITED STATES
upvote

Delawar commented on October 20, 2020
Locked down at home due to COVID-19. Best use of my time to get some certifications. I just purchased and downloaded this braindumps PDF package. So far looks good.
CANADA
upvote

BanglaBoi commented on January 11, 2015
1074 Questions, should be fine for mock test, will report back once I take the actual exam.
UNITED KINGDOM
upvote