Which of the following is needed for System Accountability?
Answer(s): A
Is a means of being able to track user actions. Through the use of audit logs and other tools the user actions are recorded and can be used at a later date to verify what actions were performed.Accountability is the ability to identify users and to be able to track user actions.The following answers are incorrect:Documented design as laid out in the Common CriteriA. Is incorrect because the Common Criteria is an international standard to evaluate trust and would not be a factor in System Accountability.Authorization. Is incorrect because Authorization is granting access to subjects, just because you have authorization does not hold the subject accountable for their actions.Formal verification of system design. Is incorrect because all you have done is to verify the system design and have not taken any steps toward system accountability.
OIG CBK Glossary (page 778)
What is Kerberos?
Answer(s): B
Is correct because that is exactly what Kerberos is.The following answers are incorrect:A three-headed dog from Egyptian mythology. Is incorrect because we are dealing with Information Security and not the Egyptian mythology but the Greek Mythology.A security model. Is incorrect because Kerberos is an authentication protocol and not just a security model.A remote authentication dial in user server. Is incorrect because Kerberos is not a remote authentication dial in user server that would be called RADIUS.
The three classic ways of authenticating yourself to the computer security software are by something you know, by something you have, and by something:
Answer(s): C
This is more commonly known as biometrics and is one of the most accurate ways to authenticate an individual.The rest of the answers are incorrect because they not one of the three recognized forms for Authentication.
A timely review of system access audit records would be an example of which of the basic security functions?
Answer(s): D
By reviewing system logs you can detect events that have occured.The following answers are incorrect:avoidance. This is incorrect, avoidance is a distractor. By reviewing system logs you have not avoided anything.deterrence. This is incorrect because system logs are a history of past events. You cannot deter something that has already occurred.prevention. This is incorrect because system logs are a history of past events. You cannot prevent something that has already occurred.
A confidential number used as an authentication factor to verify a user's identity is called a:
PIN Stands for Personal Identification Number, as the name states it is a combination of numbers.The following answers are incorrect:User ID This is incorrect because a Userid is not required to be a number and a Userid is only used to establish identity not verify it.Password. This is incorrect because a password is not required to be a number, it could be any combination of characters.Challenge. This is incorrect because a challenge is not defined as a number, it could be anything.
Share your comments for ISC SSCP exam with other users:
helpful content
oracle 19c is complex db
helpful for practice
support team is fast and deeply knowledgeable. i appreciate that a lot.
helpful questions
thanks for question
the software is provided for free so this is a big change. all other sites are charging for that. also that fucking examtopic site that says free is not free at all. you are hit with a pay-wall.
i need exam questions nca 6.5 any help please ?
just took the comptia cybersecurity analyst (cysa+) - wished id seeing this before my exam
very helpful
i need this exam
nice questions... are these questions the same of the exam?
need to view
highly appreciate for your sharing.
kindly share this dump. thank you
link plz for download
data quality oecd
rman is one good recovery technology
need it thx
good questions
good one nice revision
i love this thank you i need
question # 142: data governance is not one of the deliverables in the document and content management context diagram.
most answers not correct here
what % of questions do we get in the real exam?
i just want to tell you. i took my microsoft az-104 exam and passed it. your program was awesome. i especially liked your detailed questions and answers and practice tests that made me well-prepared for the exam. thanks to this website!!!
all the best
very usefull document
nice and helpful questions
i found the questions helpful
q 105 . ans is d
i have interest to get a sybase iq dba certification
want to pass exm.
are the answers correct?