Which of the following is NOT a factor related to Access Control?
Answer(s): B
These factors cover the integrity, confidentiality, and availability components of information system security.Integrity is important in access control as it relates to ensuring only authorized subjects can make changes to objects.Authenticity is different from authentication. Authenticity pertains to something being authentic, not necessarily having a direct correlation to access control.Confidentiality is pertinent to access control in that the access to sensitive information is controlled to protect confidentiality.vailability is protected by access controls in that if an attacket attempts to disrupt availability they would first need access.
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 49.
Which of the following is most appropriate to notify an external user that session monitoring is being conducted?
Answer(s): A
Banners at the log-on time should be used to notify external users of any monitoring that is being conducted. A good banner will give you a better legal stand and also makes it obvious the user was warned about who should access the system and if it is an unauthorized user then he is fully aware of trespassing.This is a tricky question, the keyword in the question is External user.There are two possible answers based on how the question is presented, this question could either apply to internal users or ANY anonymous user.Internal users should always have a written agreement first, then logon banners serve as a constant reminder.Anonymous users, such as those logging into a web site, ftp server or even a mail server; their only notification system is the use of a logon banner.References used for this question:KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 50.andShon Harris, CISSP All-in-one, 5th edition, pg 873
Which of the following pairings uses technology to enforce access control policies?
The preventive/technical pairing uses technology to enforce access control policies.TECHNICAL CONTROLSTechnical security involves the use of safeguards incorporated in computer hardware, operations or applications software, communications hardware and software, and related devices. Technical controls are sometimes referred to as logical controls.Preventive Technical ControlsPreventive technical controls are used to prevent unauthorized personnel or programs from gaining remote access to computing resources. Examples of these controls include:Access control software.Antivirus software.Library control systems.Passwords.Smart cards.Encryption.Dial-up access control and callback systems.Preventive Physical ControlsPreventive physical controls are employed to prevent unauthorized personnel from entering computing facilities (i.e., locations housing computing resources, supporting utilities, computer hard copy, and input data media) and to help protect against natural disasters. Examples of these controls include:Backup files and documentation.Fences.Security guards.Badge systems.Double door systems.Locks and keys.Backup power.Biometric access controls.Site selection.Fire extinguishers.Preventive Administrative ControlsPreventive administrative controls are personnel-oriented techniques for controlling people's behavior to ensure the confidentiality, integrity, and availability of computing data and programs. Examples of preventive administrative controls include:Security awareness and technical training.Separation of duties.Procedures for recruiting and terminating employees.Security policies and procedures.Supervision.Disaster recovery, contingency, and emergency plans.User registration for computer access.
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the TenDomains of Computer Security, 2001, John Wiley & Sons, Page 34.
Access control is the collection of mechanisms that permits managers of a system to exercise a directing or restraining influence over the behavior, use, and content of a system. It does not permit management to:
Answer(s): C
Access control is the collection of mechanisms that permits managers of a system to exercise a directing or restraining influence over the behavior, use, and content of a system. It permits management to specify what users can do, which resources they can access, and what operations they can perform on a system. Specifying HOW to restrain hackers is not directly linked to access control.
DUPUIS, Clement, Access Control Systems and Methodology, Version 1, May 2002, CISSP Open Study Group Study Guide for Domain 1, Page 12.
Access Control techniques do not include which of the following choices?
Access Control TechniquesDiscretionary Access ControlMandatory Access ControlLattice Based Access ControlRule-Based Access ControlRole-Based Access Control
DUPUIS, Clement, Access Control Systems and Methodology, Version 1, May 2002, CISSP Open Study Group Study Guide for Domain 1, Page 13.
Share your comments for ISC SSCP exam with other users:
i need it right now if it was possible please
i need it very much please share it in the fastest time.
correct answer is d for student.java program
q:37 c is correct
q6 exam topic: terramearth, c: correct answer: copy 1petabyte to encrypted usb device ???
explained answers
plan to take theaws certified developer - associate dva-c02 in the next few weeks
very helpfull
good questions
help to practice csa exam
nice tip and well documented
i need the exam
please upload
prepping for fsc exam
pd1 with great experience
@t it seems like azure service bus message quesues could be the best solution
helpful to check your understanding.
question 128 the answer should be static not auto
more comments here
great support to appear for exams
useful dumps
making progress
q31 answer should be d i think
is this real?
q10: c and f are also true. q11: this is outdated. you no longer need ownership on a pipe to operate it
good questions with simple explanation
admin guide (windows) respond to malicious causality chains. when the cortex xdr agent identifies a remote network connection that attempts to perform malicious activity—such as encrypting endpoint files—the agent can automatically block the ip address to close all existing communication and block new connections from this ip address to the endpoint. when cortex xdrblocks an ip address per endpoint, that address remains blocked throughout all agent profiles and policies, including any host-firewall policy rules. you can view the list of all blocked ip addresses per endpoint from the action center, as well as unblock them to re-enable communication as appropriate. this module is supported with cortex xdr agent 7.3.0 and later. select the action mode to take when the cortex xdr agent detects remote malicious causality chains: enabled (default)—terminate connection and block ip address of the remote connection. disabled—do not block remote ip addresses. to allow specific and known s
very inciting
question 5, it seems a instead of d, because: - care plan = case - patient = person account - product = product2;
it look like real one
i am taking oracle fcc certification test next two days, pls share question dumps
i need dumps
its time to comptia sec+
question 35 has an answer for a different question. i believe the answer is "a" because it shut off the firewall. "0" in registry data means that its false (aka off).