Free SSCP Exam Braindumps (page: 63)

Page 62 of 269

An access system that grants users only those rights necessary for them to perform their work is operating on which security principle?

  1. Discretionary Access
  2. Least Privilege
  3. Mandatory Access
  4. Separation of Duties

Answer(s): B


Reference:

TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.



Pin, Password, Passphrases, Tokens, smart cards, and biometric devices are all items that can be used for Authentication. When one of these item listed above in conjunction with a second factor to validate authentication, it provides robust authentication of the individual by practicing which of the following?

  1. Multi-party authentication
  2. Two-factor authentication
  3. Mandatory authentication
  4. Discretionary authentication

Answer(s): B

Explanation:

Once an identity is established it must be authenticated. There exist numerous technologies and implementation of authentication methods however they almost all fall under three major areas.
There are three fundamental types of authentication:
Authentication by knowledge--something a person knows
Authentication by possession--something a person has
Authentication by characteristic--something a person is Logical controls related to these types are called "factors."
Something you know can be a password or PIN, something you have can be a token fob or smart card, and something you are is usually some form of biometrics.
Single-factor authentication is the employment of one of these factors, two-factor authentication is using two of the three factors, and three-factor authentication is the combination of all three factors.
The general term for the use of more than one factor during authentication is multifactor authentication or strong authentication.


Reference:

Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 2367-2379). Auerbach Publications. Kindle Edition.



What is one disadvantage of content-dependent protection of information?

  1. It increases processing overhead.
  2. It requires additional password entry.
  3. It exposes the system to data locking.
  4. It limits the user's individual address space.

Answer(s): A


Reference:

TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.



Which of the following is most appropriate to notify an internal user that session monitoring is being conducted?

  1. Logon Banners
  2. Wall poster
  3. Employee Handbook
  4. Written agreement

Answer(s): D

Explanation:

This is a tricky question, the keyword in the question is Internal users.
There are two possible answers based on how the question is presented, this question could either apply to internal users or ANY anonymous/external users.
Internal users should always have a written agreement first, then logon banners serve as a constant reminder.
Banners at the log-on time should be used to notify external users of any monitoring that is being conducted. A good banner will give you a better legal stand and also makes it obvious the user was warned about who should access the system, who is authorized and unauthorized, and if it is an unauthorized user then he is fully aware of trespassing. Anonymous/External users, such as those logging into a web site, ftp server or even a mail server; their only notification system is the use of a logon banner.
References used for this question:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 50.
and
Shon Harris, CISSP All-in-one, 5th edition, pg 873






Post your Comments and Discuss ISC SSCP exam with other Community members:

SSCP Exam Discussions & Posts