CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISC
  5. SSCP

Free SSCP Exam Braindumps (page: 102)

Page 101 of 269
PDF with 1074 Questions

What is used to protect programs from all unauthorized modification or executional interference?

  1. A protection domain
  2. A security perimeter
  3. Security labels
  4. Abstraction

Answer(s): A

Explanation:

A protection domain consists of the execution and memory space assigned to each
process. The purpose of establishing a protection domain is to protect programs from all unauthorized modification or executional interference. The security perimeter is the boundary that separates the Trusted Computing Base (TCB) from the remainder of the system. Security labels are assigned to resources to denote a type of classification. Abstraction is a way to protect resources in the fact that it involves viewing system components at a high level and ignoring its specific details, thus performing information hiding.


Reference:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security Architecture and Models (page 193).



What is called a system that is capable of detecting that a fault has occurred and has the ability to correct the fault or operate around it?

  1. A fail safe system
  2. A fail soft system
  3. A fault-tolerant system
  4. A failover system

Answer(s): C

Explanation:

A fault-tolerant system is capable of detecting that a fault has occurred and has the ability to correct the fault or operate around it. In a fail-safe system, program execution is terminated, and the system is protected from being compromised when a hardware or software failure occurs and is detected. In a fail-soft system, when a hardware or software failure occurs and is detected, selected, non-critical processing is terminated. The term failover refers to switching to a duplicate "hot" backup component in real-time when a hardware or software failure occurs, enabling processing to continue.


Reference:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security Architecture and Models (page 196).



What is defined as the hardware, firmware and software elements of a trusted computing base that implement the reference monitor concept?

  1. The reference monitor
  2. Protection rings
  3. A security kernel
  4. A protection domain

Answer(s): C

Explanation:

A security kernel is defined as the hardware, firmware and software elements of a trusted computing base that implement the reference monitor concept. A reference monitor is a system component that enforces access controls on an object. A protection domain consists of the execution and memory space assigned to each process. The use of protection rings is a scheme that supports multiple protection domains.


Reference:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security Architecture and Models (page 194).



Which of the following rules is least likely to support the concept of least privilege?

  1. The number of administrative accounts should be kept to a minimum.
  2. Administrators should use regular accounts when performing routine operations like reading mail.
  3. Permissions on tools that are likely to be used by hackers should be as restrictive as possible.
  4. Only data to and from critical systems and applications should be allowed through the firewall.

Answer(s): D

Explanation:

Only data to and from critical systems and applications should be allowed through the firewall is a detractor. Critical systems or applications do not necessarily need to have traffic go through a firewall. Even if they did, only the minimum required services should be allowed. Systems that are not deemed critical may also need to have traffic go through the firewall.
Least privilege is a basic tenet of computer security that means users should be given only those rights required to do their jobs or tasks. Least privilege is ensuring that you have the minimum privileges necessary to do a task. An admin NOT using his admin account to check email is a clear example of this.


Reference:

National Security Agency, Systems and Network Attack Center (SNAC), The 60 Minute Network Security Guide, February 2002, page 9.






Post your Comments and Discuss ISC SSCP exam with other Community members:

SSCP Exam Discussions & Posts