Which of the following are not Remote Access concerns?
Answer(s): D
Access badges are more relevant to physical security rather than remote access."Justification for remote access" is incorrect. Justification for remote access is a relevant concern."Auditing of activities" is incorrect. Auditing of activites is an imporant aspect to assure that malicious or unauthorized activities are not occuring."Regular review of access privileges" is incorrect. Regular review of remote accept privileges is an important management responsibility.
AIO3, pp. 547 - 548
Smart cards are an example of which type of control?
Answer(s): C
Logical or technical controls involve the restriction of access to systems and the protection of information. Smart cards and encryption are examples of these types of control.Controls are put into place to reduce the risk an organization faces, and they come in three main flavors: administrative, technical, and physical. Administrative controls are commonly referred to as "soft controls" because they are more management-oriented. Examples of administrative controls are security documentation, risk management, personnel security, and training. Technical controls (also called logical controls) are software or hardware components, as in firewalls, IDS, encryption, identification and authentication mechanisms. And physical controls are items put into place to protect facility, personnel, and resources. Examples of physical controls are security guards, locks, fencing, and lighting.Many types of technical controls enable a user to access a system and the resources within that system. A technical control may be a username and password combination, a Kerberos implementation, biometrics, public key infrastructure (PKI), RADIUS, TACACS +, or authentication using a smart card through a reader connected to a system. These technologies verify the user is who he says he is by using different types of authentication methods. Once a user is properly authenticated, he can be authorized and allowed access to network resources.
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (p. 245). McGraw-Hill.Kindle Edition.andKRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 32).
What security model is dependent on security labels?
With mandatory access control (MAC), the authorization of a subject's access to an object is dependant upon labels, which indicate the subject's clearance, and the classification or sensitivity of the object. Label-based access control is not defined.
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 33).
What security model implies a central authority that define rules and sometimes global rules, dictating what subjects can have access to what objects?
As a security administrator you might configure user profiles so that users cannot change the system's time, alter system configuration files, access a command prompt, or install unapproved applications. This type of access control is referred to as nondiscretionary, meaning that access decisions are not made at the discretion of the user. Nondiscretionary access controls are put into place by an authoritative entity (usually a security administrator) with the goal of protecting the organization's most critical assets.Non-discretionary access control is when a central authority determines what subjects can have access to what objects based on the organizational security policy. Centralized access control is not an existing security model.Both, Rule Based Access Control (RuBAC or RBAC) and Role Based Access Controls (RBAC) falls into this category.
Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 221). McGraw-Hill.Kindle Edition.andKRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 33).
Which type of password token involves time synchronization?
Answer(s): B
Synchronous dynamic password tokens generate a new unique password value at fixed time intervals, so the server and token need to be synchronized for the password to be accepted.
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 37).Also check out: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw- Hill/Osborne, 2002, chapter 4: Access Control (page 136).
Share your comments for ISC SSCP exam with other users:
its really good to eventuate knowledge before appearing for the actual exam.
this is great
please i want the questions to pass the exam
i need to pass exam
great, i appreciate it.
please could you upload (isc)2 certified in cybersecurity (cc) exam questions
good questions, wrong answers
im preparing for exams
question no: 42 isnt azure vm an iaas solution? so, shouldnt the answer be "no"?
im study azure
i need this now
i took the aws saa-c03 test and scored 935/1000. it has all the exam dumps and important info.
good questions
well explained
i got the full version and it helped me pass the exam. pdf version is very good.
provide the download link, please
please upload thank.
please can you share 1z0-1055-22 dump pls
i will wait impatiently. thank youu
is it possible to clear the exam if we focus on only these 156 questions instead of 623 questions? kindly help!
really helped with preparation of my scrum exam
very informative and through explanations
prep for exam
thanks for helping us
i prepared for the eccouncil 350-401 exam. i scored 92% on the test.
aba questions to practice
great content
how do i get the remaining questions?
well formatted pdf and the test engine software is free. well worth the money i sept.
looking for 1z0-116
in question 22, shouldnt be in the data (option a) layer?
the questions are incredibly close to real exam. you people are amazing.
q15. answer is b. simple
great practice