KoreaDumps 의 IT전문가들이 자신만의 경험과 끊임없는 노력으로 최고의 ISC SSCP학습자료를 작성해 여러분들이ISC SSCP시험에서 패스하도록 최선을 다하고 있습니다. 덤프는 최신 시험문제를 커버하고 있어 시험패스율이 높습니다. ISC SSCP시험을 보기로 결심한 분은 가장 안전하고 가장 최신인 적중율 100%에 달하는ISC SSCP시험대비덤프를 KoreaDumps에서 받을 수 있습니다.
SSCP 인증은 네트워크 및 시스템 보안에 전문화하고자 하는 IT 전문가들에게 훌륭한 선택입니다. 이 프로그램은 정보 보안의 주요 개념과 최상의 실천 방법에 대한 포괄적인 이해를 제공하기 위해 설계되었으며, 전 세계적으로 유용한 자격증으로 인정받고 있습니다. 이 인증은 네트워크 보안 엔지니어, 시스템 관리자, 보안 분석가 및 보안 컨설턴트와 같은 역할을 하는 전문가들에게 이상적입니다.
ISC SSCP 자격증 시험은 전 세계적으로 많은 조직에서 인정하는 벤더-중립적인 자격증입니다. 이 시험은 IT 인프라 보안에 책임을 지는 전문가들의 기술과 지식을 검증하기 위해 설계되었습니다. 이 자격증 시험은 시험에서 다루는 공통 지식 몸체의 일곱 가지 도메인 중 하나 이상에서 최소한 1년 이상의 경험이 있는 IT 전문가들을 대상으로 합니다.
다른 사이트에서도ISC SSCP인증시험관련 자료를 보셨다고 믿습니다.하지만 우리 KoreaDumps의 자료는 차원이 다른 완벽한 자료입니다.100%통과 율은 물론KoreaDumps을 선택으로 여러분의 직장생활에 더 낳은 개변을 가져다 드리며 ,또한KoreaDumps를 선택으로 여러분은 이미 충분한 시험준비를 하였습니다.우리는 여러분이 한번에 통과하게 도와주고 또 일년무료 업데이트서비스도 드립니다.
질문 # 1263
Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished:
정답:D
설명:
Section: Analysis and Monitoring
Explanation/Reference:
Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished through access control mechanisms that require identification and authentication and through the audit function. These controls must be in accordance with and accurately represent the organization's security policy. Assurance procedures ensure that the control mechanisms correctly implement the security policy for the entire life cycle of an information system.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33.
질문 # 1264
A central authority determines what subjects can have access to certain objects based on the organizational security policy is called:
정답:A
설명:
A central authority determines what subjects can have access to certain
objects based on the organizational security policy.
The key focal point of this question is the 'central authority' that determines access rights.
Cecilia one of the quiz user has sent me feedback informing me that NIST defines MAC as:
"MAC Policy means that Access Control Policy Decisions are made by a CENTRAL
AUTHORITY. Which seems to indicate there could be two good answers to this question.
However if you read the NISTR document mentioned in the references below, it is also
mentioned that: MAC is the most mentioned NDAC policy. So MAC is a form of NDAC
policy.
Within the same document it is also mentioned: "In general, all access control policies
other than DAC are grouped in the category of non- discretionary access control (NDAC).
As the name implies, policies in this category have rules that are not established at the
discretion of the user. Non-discretionary policies establish controls that cannot be changed
by users, but only through administrative action."
Under NDAC you have two choices:
Rule Based Access control and Role Base Access Control
MAC is implemented using RULES which makes it fall under RBAC which is a form of
NDAC. It is a subset of NDAC.
This question is representative of what you can expect on the real exam where you have
more than once choice that seems to be right. However, you have to look closely if one of
the choices would be higher level or if one of the choice falls under one of the other choice.
In this case NDAC is a better choice because MAC is falling under NDAC through the use
of Rule Based Access Control.
The following are incorrect answers:
MANDATORY ACCESS CONTROL
In Mandatory Access Control the labels of the object and the clearance of the subject
determines access rights, not a central authority. Although a central authority (Better known
as the Data Owner) assigns the label to the object, the system does the determination of
access rights automatically by comparing the Object label with the Subject clearance. The
subject clearance MUST dominate (be equal or higher) than the object being accessed.
The need for a MAC mechanism arises when the security policy of a system dictates that:
1.Protection decisions must not be decided by the object owner.
2.The system must enforce the protection decisions (i.e., the system enforces the security policy over the wishes or intentions of the object owner).
Usually a labeling mechanism and a set of interfaces are used to determine access based on the MAC policy; for example, a user who is running a process at the Secret classification should not be allowed to read a file with a label of Top Secret. This is known as the "simple security rule," or "no read up."
Conversely, a user who is running a process with a label of Secret should not be allowed to write to a file with a label of Confidential. This rule is called the "*-property" (pronounced "star property") or "no write down." The *-property is required to maintain system security in an automated environment.
DISCRETIONARY ACCESS CONTROL In Discretionary Access Control the rights are determined by many different entities, each of the persons who have created files and they are the owner of that file, not one central authority.
DAC leaves a certain amount of access control to the discretion of the object's owner or anyone else who is authorized to control the object's access. For example, it is generally used to limit a user's access to a file; it is the owner of the file who controls other users' accesses to the file. Only those users specified by the owner may have some combination of read, write, execute, and other permissions to the file.
DAC policy tends to be very flexible and is widely used in the commercial and government sectors. However, DAC is known to be inherently weak for two reasons:
First, granting read access is transitive; for example, when Ann grants Bob read access to a file, nothing stops Bob from copying the contents of Ann's file to an object that Bob controls. Bob may now grant any other user access to the copy of Ann's file without Ann's knowledge.
Second, DAC policy is vulnerable to Trojan horse attacks. Because programs inherit the identity of the invoking user, Bob may, for example, write a program for Ann that, on the surface, performs some useful function, while at the same time destroys the contents of Ann's files. When investigating the problem, the audit files would indicate that Ann destroyed her own files. Thus, formally, the drawbacks of DAC are as follows:
Discretionary Access Control (DAC) Information can be copied from one object to another;
therefore, there is no real assurance on the flow of information in a system.
No restrictions apply to the usage of information when the user has received it.
The privileges for accessing objects are decided by the owner of the object, rather than
through a system-wide policy that reflects the organization's security requirements.
ACLs and owner/group/other access control mechanisms are by far the most common
mechanism for implementing DAC policies. Other mechanisms, even though not designed
with DAC in mind, may have the capabilities to implement a DAC policy.
RULE BASED ACCESS CONTROL
In Rule-based Access Control a central authority could in fact determine what subjects can
have access when assigning the rules for access. However, the rules actually determine
the access and so this is not the most correct answer.
RuBAC (as opposed to RBAC, role-based access control) allow users to access systems
and information based on pre determined and configured rules. It is important to note that
there is no commonly understood definition or formally defined standard for rule-based
access control as there is for DAC, MAC, and RBAC. "Rule-based access" is a generic
term applied to systems that allow some form of organization-defined rules, and therefore
rule-based access control encompasses a broad range of systems. RuBAC may in fact be
combined with other models, particularly RBAC or DAC. A RuBAC system intercepts every
access request and compares the rules with the rights of the user to make an access
decision. Most of the rule-based access control relies on a security label system, which
dynamically composes a set of rules defined by a security policy. Security labels are
attached to all objects, including files, directories, and devices. Sometime roles to subjects
(based on their attributes) are assigned as well. RuBAC meets the business needs as well
as the technical needs of controlling service access. It allows business rules to be applied
to access control-for example, customers who have overdue balances may be denied
service access. As a mechanism for MAC, rules of RuBAC cannot be changed by users.
The rules can be established by any attributes of a system related to the users such as
domain, host, protocol, network, or IP addresses. For example, suppose that a user wants
to access an object in another network on the other side of a router. The router employs
RuBAC with the rule composed by the network addresses, domain, and protocol to decide
whether or not the user can be granted access. If employees change their roles within the
organization, their existing authentication credentials remain in effect and do not need to be
re configured. Using rules in conjunction with roles adds greater flexibility because rules
can be applied to people as well as to devices. Rule-based access control can be
combined with role-based access control, such that the role of a user is one of the
attributes in rule setting. Some provisions of access control systems have rule- based policy engines in addition to a role-based policy engine and certain implemented dynamic policies [Des03]. For example, suppose that two of the primary types of software users are product engineers and quality engineers. Both groups usually have access to the same data, but they have different roles to perform in relation to the data and the application's function. In addition, individuals within each group have different job responsibilities that may be identified using several types of attributes such as developing programs and testing areas. Thus, the access decisions can be made in real time by a scripted policy that regulates the access between the groups of product engineers and quality engineers, and each individual within these groups. Rules can either replace or complement role-based access control. However, the creation of rules and security policies is also a complex process, so each organization will need to strike the appropriate balance.
References used for this question: http://csrc.nist.gov/publications/nistir/7316/NISTIR-7316.pdf and AIO v3 p162-167 and OIG (2007) p.186-191 also KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33.
질문 # 1265
What is it called when a computer uses more than one CPU in parallel to execute
instructions?
정답:D
설명:
A system with multiple processors is called a multiprocessing system.
Multitasking is incorrect. Multitasking involves sharing the processor amoung all ready processes. Though it appears to the user that multiple processes are executing at the same time, only one process is running at any point in time.
Multithreading is incorrect. The developer can structure a program as a collection of independent threads to achieve better concurrency. For example, one thread of a program might be performing a calculation while another is waiting for additional input from the user.
"Parallel running" is incorrect. This is not a real term and is just a distraction.
References:
CBK, pp. 315-316 AIO3, pp. 234 - 239
질문 # 1266
Who is responsible for implementing user clearances in computer-based information systems at the B3 level of the TCSEC rating ?
정답:B
설명:
Section: Security Operation Adimnistration
Explanation/Reference:
Security administrator functions include user-oriented activities such as setting user clearances, setting initial password, setting other security characteristics for new users or changing security profiles for existing users.
Data owners have the ultimate responsibility for protecting data, thus determining proper user access rights to data.
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
질문 # 1267
In the CIA triad, what does the letter A stand for?
정답:D
설명:
The CIA triad stands for Confidentiality, Integrity and Availability.
질문 # 1268
......
KoreaDumps는ISC인증SSCP시험에 대하여 가이드를 해줄 수 있는 사이트입니다. KoreaDumps는 여러분의 전업지식을 업그레이드시켜줄 수 잇고 또한 한번에ISC인증SSCP시험을 패스하도록 도와주는 사이트입니다. KoreaDumps제공하는 자료들은 모두 it업계전문가들이 자신의 지식과 끈임없은 경헌등으로 만들어낸 퍼펙트 자료들입니다. 품질은 정확도 모두 보장되는 문제집입니다.ISC인증SSCP시험은 여러분이 it지식을 한층 업할수 잇는 시험이며 우리 또한 일년무료 업데이트서비스를 제공합니다.
SSCP예상문제: https://www.koreadumps.com/SSCP_exam-braindumps.html
