Which of the following services is NOT provided by the digital signature standard (DSS)?
Correct Answer: A
Explanation/Reference: DSS provides Integrity, digital signature and Authentication, but does not provide Encryption. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 160).
SSCP Exam Question 142
What can best be defined as the sum of protection mechanisms inside the computer, including hardware, firmware and software?
Correct Answer: C
Explanation/Reference: The Trusted Computing Base (TCB) is defined as the total combination of protection mechanisms within a computer system. The TCB includes hardware, software, and firmware. These are part of the TCB because the system is sure that these components will enforce the security policy and not violate it. The security kernel is made up of hardware, software, and firmware components at fall within the TCB and implements and enforces the reference monitor concept. Reference: AIOv4 Security Models and Architecture pgs 268, 273
SSCP Exam Question 143
Passwords can be required to change monthly, quarterly, or at other intervals:
Correct Answer: B
Section: Access Control Explanation/Reference: Passwords can be compromised and must be protected. In the ideal case, a password should only be used once. The changing of passwords can also fall between these two extremes. Passwords can be required to change monthly, quarterly, or at other intervals, depending on the criticality of the information needing protection and the password's frequency of use. Obviously, the more times a password is used, the more chance there is of it being compromised. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 36 & 37.
SSCP Exam Question 144
Which of the following is the most complete disaster recovery plan test type, to be performed after successfully completing the Parallel test?
Correct Answer: A
The difference between this and the full-interruption test is that the primary production processing of the business does not stop; the test processing runs in parallel to the real processing. This is the most common type of disaster recovery plan testing. A checklist test is only considered a preliminary step to a real test. In a structured walk-through test, business unit management representatives meet to walk through the plan, ensuring it accurately reflects the organization's ability to recover successfully, at least on paper. A simulation test is aimed at testing the ability of the personnel to respond to a simulated disaster, but not recovery process is actually performed. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 8: Business Continuity Planning and Disaster Recovery Planning (page 289).
SSCP Exam Question 145
Which of the following statements pertaining to access control is false?
Correct Answer: B
Access control mechanisms should default to no access to provide the necessary level of security and ensure that no security holes go unnoticed. If access is not explicitly allowed, it should be implicitly denied. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 4: Access Control (page 143).
