CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISC
  5. SSCP

Free SSCP Exam Braindumps (page: 30)

Page 29 of 269
PDF with 1074 Questions

Which of the following biometric devices offers the LOWEST CER?

  1. Keystroke dynamics
  2. Voice verification
  3. Iris scan
  4. Fingerprint

Answer(s): C

Explanation:

From most effective (lowest CER) to least effective (highest CER) are:
Iris scan, fingerprint, voice verification, keystroke dynamics. Reference : Shon Harris Aio v3 , Chapter-4 : Access Control , Page : 131 Also see: http://www.sans.org/reading_room/whitepapers/authentication/biometric-selection-body- parts-online_139



Which of the following is the LEAST user accepted biometric device?

  1. Fingerprint
  2. Iris scan
  3. Retina scan
  4. Voice verification

Answer(s): C

Explanation:

The biometric device that is least user accepted is the retina scan, where a system scans the blood-vessel pattern on the backside of the eyeball. When using this device, an individual has to place their eye up to a device, and may require a puff of air to be blown into the eye. The iris scan only needs for an individual to glance at a camera that could be placed above a door.


Reference:

HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 4: Access Control (page 131).



Which of the following is the WEAKEST authentication mechanism?

  1. Passphrases
  2. Passwords
  3. One-time passwords
  4. Token devices

Answer(s): B

Explanation:

Most of the time users usually choose passwords which can be guessed , hence passwords is the BEST answer out of the choices listed above.
The following answers are incorrect because :
Passphrases is incorrect as it is more secure than a password because it is longer.
One-time passwords is incorrect as the name states , it is good for only once and cannot be reused.
Token devices is incorrect as this is also a password generator and is an one time password mechanism.


Reference:

Shon Harris AIO v3 , Chapter-4 : Access Control , Page : 139 , 142.



Which of the following statements pertaining to access control is false?

  1. Users should only access data on a need-to-know basis.
  2. If access is not explicitly denied, it should be implicitly allowed.
  3. Access rights should be granted based on the level of trust a company has on a subject.
  4. Roles can be an efficient way to assign rights to a type of user who performs certain tasks.

Answer(s): B

Explanation:

Access control mechanisms should default to no access to provide the necessary level of security and ensure that no security holes go unnoticed. If access is not explicitly allowed, it should be implicitly denied.


Reference:

HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 4: Access Control (page 143).






Post your Comments and Discuss ISC SSCP exam with other Community members:

SSCP Discussions & Posts