CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISC
  5. SSCP

Free SSCP Exam Braindumps (page: 49)

Page 48 of 269
PDF with 1074 Questions

Logical or technical controls involve the restriction of access to systems and the protection of information. Which of the following statements pertaining to these types of controls is correct?

  1. Examples of these types of controls include policies and procedures, security awareness training, background checks, work habit checks but do not include a review of vacation history, and also do not include increased supervision.
  2. Examples of these types of controls do not include encryption, smart cards, access lists, and transmission protocols.
  3. Examples of these types of controls are encryption, smart cards, access lists, and transmission protocols.
  4. Examples of these types of controls include policies and procedures, security awareness training, background checks, work habit checks, a review of vacation history, and increased supervision.

Answer(s): C

Explanation:

Logical or technical controls involve the restriction of access to systems and the protection of information. Examples of these types of controls are encryption, smart cards, access lists, and transmission protocols.


Reference:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33.



Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished:

  1. through access control mechanisms that require identification and authentication and through the audit function.
  2. through logical or technical controls involving the restriction of access to systems and the protection of information.
  3. through logical or technical controls but not involving the restriction of access to systems and the protection of information.
  4. through access control mechanisms that do not require identification and authentication and do not operate through the audit function.

Answer(s): A

Explanation:

Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished through access control mechanisms that require identification and authentication and through the audit function. These controls must be in accordance with and accurately represent the organization's security policy. Assurance procedures ensure that the control mechanisms correctly implement the security policy for the entire life cycle of an information system.


Reference:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33.



In Discretionary Access Control the subject has authority, within certain limitations,

  1. but he is not permitted to specify what objects can be accessible and so we need to get an independent third party to specify what objects can be accessible.
  2. to specify what objects can be accessible.
  3. to specify on a aggregate basis without understanding what objects can be accessible.
  4. to specify in full detail what objects can be accessible.

Answer(s): B

Explanation:

With Discretionary Access Control, the subject has authority, within certain limitations, to specify what objects can be accessible.
For example, access control lists can be used. This type of access control is used in local, dynamic situations where the subjects must have the discretion to specify what resources certain
users are permitted to access.
When a user, within certain limitations, has the right to alter the access control to certain objects, this is termed as user-directed discretionary access control. In some instances, a hybrid approach is used, which combines the features of user-based and identity-based discretionary access control.


Reference:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33.
and
HARRIS, Shon, All-In-One CISSP Certification Exam Guide 5th Edition, McGraw-Hill/Osborne, 2010, Chapter 4: Access Control (page 210-211).



In non-discretionary access control using Role Based Access Control (RBAC), a central authority determines what subjects can have access to certain objects based on the organizational security policy. The access controls may be based on:

  1. The societies role in the organization
  2. The individual's role in the organization
  3. The group-dynamics as they relate to the individual's role in the organization
  4. The group-dynamics as they relate to the master-slave role in the organization

Answer(s): B

Explanation:

In Non-Discretionary Access Control, when Role Based Access Control is being used, a central authority determines what subjects can have access to certain objects based on the organizational security policy. The access controls may be based on the individual's role in the organization.


Reference:

KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33.






Post your Comments and Discuss ISC SSCP exam with other Community members:

SSCP Discussions & Posts