CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISC
  5. SSCP

Free SSCP Exam Braindumps (page: 69)

Page 68 of 269
PDF with 1074 Questions

Which of the following is often the greatest challenge of distributed computing solutions?

  1. scalability
  2. security
  3. heterogeneity
  4. usability

Answer(s): B

Explanation:

The correct answer to this "security". It is a major factor in deciding if a centralized or decentralized environment is more appropriate.
Example: In a centralized computing environment, you have a central server and workstations (often "dumb terminals") access applications, data, and everything else from that central servers. Therefore, the vast majority of your security resides on a centrally managed server. In a decentralized (or distributed) environment, you have a collection of PC's each with their own operating systems to maintain, their own software to maintain, local data storage requiring protection and backup. You may also have PDA's and "smart phones", data watches, USB devices of all types able to store data... the list gets longer all the time.
It is entirely possible to reach a reasonable and acceptable level of security in a distributed environment. But doing so is significantly more difficult, requiring more effort, more money, and more time.
The other answers are not correct because:
scalability - A distributed computing environment is almost infinitely scalable. Much more so than a centralized environment. This is therefore a bad answer.
heterogeneity - Having products and systems from multiple vendors in a distributed environment is significantly easier than in a centralized environment. This would not be a "challenge of distributed computing solutions" and so is not a good answer.
usability - This is potentially a challenge in either environment, but whether or not this is a problem has very little to do with whether it is a centralized or distributed environment. Therefore, this would not be a good answer.


Reference:

Official ISC2 Guide page: 313-314
All in One Third Edition page: (unavailable at this time)



What is the appropriate role of the security analyst in the application system development or acquisition project?

  1. policeman
  2. control evaluator & consultant
  3. data owner
  4. application user

Answer(s): B

Explanation:

The correct answer is "control evaluator & consultant". During any system development or acquisition, the security staff should evaluate security controls and advise (or consult) on the strengths and weaknesses with those responsible for making the final decisions on the project.
The other answers are not correct because:
policeman - It is never a good idea for the security staff to be placed into this type of role (though it is sometimes unavoidable). During system development or acquisition, there should be no need of anyone filling the role of policeman.
data owner - In this case, the data owner would be the person asking for the new system to manage, control, and secure information they are responsible for. While it is possible the security staff could also be the data owner for such a project if they happen to have responsibility for the information, it is also possible someone else would fill this role. Therefore, the best answer remains "control evaluator & consultant".
application user - Again, it is possible this could be the security staff, but it could also be many other people or groups. So this is not the best answer.


Reference:

Official ISC2 Guide page: 555 - 560
All in One Third Edition page: 832 - 846



The information security staff's participation in which of the following system development life cycle phases provides maximum benefit to the organization?

  1. project initiation and planning phase
  2. system design specifications phase
  3. development and documentation phase
  4. in parallel with every phase throughout the project

Answer(s): D

Explanation:

The other answers are not correct because:
You are always looking for the "best" answer. While each of the answers listed here could be considered correct in that each of them require input from the security staff, the best answer is for that input to happen at all phases of the project.


Reference:

Official ISC2 Guide page: 556
All in One Third Edition page: 832 - 833



Which of the following is NOT an example of an operational control?

  1. backup and recovery
  2. Auditing
  3. contingency planning
  4. operations procedures

Answer(s): B

Explanation:

Operational controls are controls over the hardware, the media used and the operators using these resources.
Operational controls are controls that are implemented and executed by people, they are most often procedures.
Backup and recovery, contingency planning and operations procedures are operational controls.
Auditing is considered an Administrative / detective control. However the actual auditing mechanisms in place on the systems would be consider operational controls.






Post your Comments and Discuss ISC SSCP exam with other Community members:

SSCP Exam Discussions & Posts