Controls to keep password sniffing attacks from compromising computer systems include which of the following?
Answer(s): C
To minimize the chance of passwords being captured one-time passwords would prevent a password sniffing attack because once used it is no longer valid. Encryption will also minimize these types of attacks.The following answers are correct:static and recurring passwords. This is incorrect because if there is no encryption then someone password sniffing would be able to capture the password much easier if it never changed.encryption and recurring passwords. This is incorrect because while encryption helps, recurring passwords do nothing to minimize the risk of passwords being captured.static and one-time passwords. This is incorrect because while one-time passwords will prevent these types of attacks, static passwords do nothing to minimize the risk of passwords being captured.
Kerberos can prevent which one of the following attacks?
Answer(s): B
Each ticket in Kerberos has a timestamp and are subject to time expiration to help prevent these types of attacks.The following answers are incorrect:tunneling attack. This is incorrect because a tunneling attack is an attempt to bypass security and access low-level systems. Kerberos cannot totally prevent these types of attacks.destructive attack. This is incorrect because depending on the type of destructive attack, Kerberos cannot prevent someone from physically destroying a server.process attack. This is incorrect because with Kerberos cannot prevent an authorzied individuals from running processes.
In discretionary access environments, which of the following entities is authorized to grant information access to other people?
Answer(s): D
In Discretionary Access Control (DAC) environments, the user who creates a file is also considered the owner and has full control over the file including the ability to set permissionsfor that file.The following answers are incorrect:manager. Is incorrect because in Discretionary Access Control (DAC) environments it is the owner/user that is authorized to grant information access to other people.group leader. Is incorrect because in Discretionary Access Control (DAC) environments it is the owner/user that is authorized to grant information access to other people.security manager. Is incorrect because in Discretionary Access Control (DAC) environments it is the owner/user that is authorized to grant information access to other people.IMPORTANT NOTE:The term Data Owner is also used within Classifications as well. Under the subject of classification the Data Owner is a person from management who has been entrusted with a data set that belongs to the company. For example it could be the Chief Financial Officer (CFO) who is entrusted with all of the financial data for a company. As such the CFO would determine the classification of the financial data and who can access as well. The Data Owner would then tell the Data Custodian (a technical person) what the classification and need to know is on the specific set of data.The term Data Owner under DAC simply means whoever created the file and as the creator of the file the owner has full access and can grant access to other subjects based on their identity.
What is the main concern with single sign-on?
Answer(s): A
A major concern with Single Sign-On (SSO) is that if a user's ID and password are compromised, the intruder would have access to all the systems that the user was authorized for.The following answers are incorrect:The security administrator's workload would increase. Is incorrect because the security administrator's workload would decrease and not increase. The admin would not be responsible for maintaining multiple user accounts just the one.The users' password would be too hard to remember. Is incorrect because the users would have less passwords to remember.User access rights would be increased. Is incorrect because the user access rights would not be any different than if they had to log into systems manually.
Who developed one of the first mathematical models of a multilevel-security computer system?
In 1973 Bell and LaPadula created the first mathematical model of a multi-level security system.The following answers are incorrect:Diffie and Hellman. This is incorrect because Diffie and Hellman was involved with cryptography. Clark and Wilson. This is incorrect because Bell and LaPadula was the first model. The Clark- Wilson model came later, 1987.Gasser and Lipner. This is incorrect, it is a distractor. Bell and LaPadula was the first model.
Share your comments for ISC SSCP exam with other users:
answer 10 should be a because only a new project will be created & the organization is the same.
can you please upload the dump again
is it legit questions from sap certifications ?
question 16 should be b (changing the connector settings on the monitor) pc and monitor were powered on. the lights on the pc are on indicating power. the monitor is showing an error text indicating that it is receiving power too. this is a clear sign of having the wrong input selected on the monitor. thus, the "connector setting" needs to be switched from hdmi to display port on the monitor so it receives the signal from the pc, or the other way around (display port to hdmi).
q 10. ans is d (in the target org: open deployment settings, click edit next to the source org. select allow inbound changes and save
very useful
i purchased this exam dumps from another website with way more questions but they were all invalid and outdate. this exam dumps was right to the point and all from recent exam. it was a hard pass.
it was a good experience and i got 90% in the 200-901 exam.
hi please upload this
please upload it
really need this dump. can you please help.
really good and covers many areas explaining the answer.
yes, can you please upload the exam?
how many questions are there in these dumps?
hi team, please upload this , i need it.
question 14 - run terraform import: this is the recommended best practice for bringing manually created or destroyed resources under terraform management. you use terraform import to associate an existing resource with a terraform resource configuration. this ensures that terraform is aware of the resource, and you can subsequently manage it with terraform.
please upload dump. thanks in advance.
great great
answer 16 should be b your organizational policies require you to use virtual machines directly
the question are kind of tricky of you didnt get the hnag on it.
can anyone tell me if this is for rhel8 or rhel9?
good content
pdb and cdb are critical to the database
till 104 questions are free, lets see how it helps me in my exam today.
question # 56, answer is true not false.
i would be requiring dumps to prepare for certification exam
very helpful
control file is the heart of rman backup
hi could you please upload the ibm c2090-543 dumps
appriciate if you could upload this again
please upload the dump
i found some questions answers mismatch with explanation answers. please properly update
nothing to mention
knowable questions