Free SSCP Exam Braindumps

- (Topic 3)
Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished:

1. A. through access control mechanisms that require identification and authentication and through the audit function.
2. B. through logical or technical controls involving the restriction of access to systems and the protection of information.
3. C. through logical or technical controls but not involving the restriction of access to systems and the protection of information.
4. D. through access control mechanisms that do not require identification and authentication and do not operate through the audit function.

Correct Answer: A
Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished through access control mechanisms that require identification and authentication and through the audit function. These controls must be in accordance with and accurately represent the organization's security policy. Assurance procedures ensure that the control mechanisms correctly implement the security policy for the entire life cycle of an information system.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33.

- (Topic 2)
What is RAD?

1. A. A development methodology
2. B. A project management technique
3. C. A measure of system complexity
4. D. Risk-assessment diagramming

Correct Answer: A
RAD stands for Rapid Application Development.
RAD is a methodology that enables organizations to develop strategically important systems faster while reducing development costs and maintaining quality.
RAD is a programming system that enables programmers to quickly build working programs.
In general, RAD systems provide a number of tools to help build graphical user interfaces that would normally take a large development effort.
Two of the most popular RAD systems for Windows are Visual Basic and Delphi. Historically, RAD systems have tended to emphasize reducing development time, sometimes at the expense of generating in-efficient executable code. Nowadays, though, many RAD systems produce extremely faster code that is optimized.
Conversely, many traditional programming environments now come with a number of visual tools to aid development. Therefore, the line between RAD systems and other development environments has become blurred.
Reference:
Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 307)
http://www.webopedia.com

- (Topic 2)
What can best be defined as the sum of protection mechanisms inside the computer, including hardware, firmware and software?

1. A. Trusted system
2. B. Security kernel
3. C. Trusted computing base
4. D. Security perimeter

Correct Answer: C
The Trusted Computing Base (TCB) is defined as the total combination of protection mechanisms within a computer system. The TCB includes hardware, software, and firmware. These are part of the TCB because the system is sure that these components will enforce the security policy and not violate it.
The security kernel is made up of hardware, software, and firmware components at fall within the TCB and implements and enforces the reference monitor concept.
Reference:
AIOv4 Security Models and Architecture pgs 268, 273

- (Topic 5)
Which of the following statements pertaining to message digests is incorrect?

1. A. The original file cannot be created from the message digest.
2. B. Two different files should not have the same message digest.
3. C. The message digest should be calculated using at least 128 bytes of the file.
4. D. Messages digests are usually of fixed size.

Correct Answer: C
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 160).

- (Topic 2)
Which of the following is an advantage of prototyping?

1. A. Prototype systems can provide significant time and cost savings.
2. B. Change control is often less complicated with prototype systems.
3. C. It ensures that functions or extras are not added to the intended system.
4. D. Strong internal controls are easier to implement.

Correct Answer: A
Prototype systems can provide significant time and cost savings, however they also have several disadvantages. They often have poor internal controls, change control becomes much more complicated and it often leads to functions or extras being added to the system that were not originally intended.
Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 306).