FREE SSCP Certification II Questions and Answers
What distinguishes a synchronous password token from an asynchronous password token?
Synchronous and asynchronous password tokens are two different types of authentication devices used for generating one-time passwords (OTPs) in two-factor authentication systems. The main difference between them lies in how the OTPs are generated.
Synchronous tokens, also known as time-based tokens, rely on a clock or timer mechanism. These tokens are synchronized with a server or a central time source. They generate OTPs based on a shared secret key and the current time, usually in sync with the server's clock. The server and the token must be synchronized for the OTP to be validated successfully.
Which of the following is an example of a view-based access control system?
View-Based Access Control (VBAC) is a security model that restricts a user's interface to only display information relevant to their authorization level. It provides a constrained user interface, where users are granted access to specific views or subsets of data based on their privileges. By limiting the information visible to a user, VBAC helps enforce access controls and prevent unauthorized access to sensitive data.
Which of the following is one of the Biba model's three main rules?
The Biba model is a security model that focuses on data integrity. It defines three primary rules, also known as the Biba integrity rules. These rules are designed to prevent data corruption and maintain the integrity of information within a system.
What behavioral characteristics are present in a biometric device?
Behavioral biometrics refer to the analysis and recognition of unique patterns in human behavior. These patterns can be used as traits for biometric authentication. Among the options provided, voice pattern and keystroke dynamics are examples of behavioral traits in a biometric device.
Which one of the following should each side employ in symmetric key cryptography?
In symmetric key cryptography, the same key is used by both the sender and the receiver to encrypt and decrypt the data. This shared secret key must be securely exchanged between the parties before communication begins. The key should remain confidential and known only to the communicating parties.
What one of the following is a network device that makes use of context-based access control?
Context-Based Access Control (CBAC) is a network security mechanism that evaluates various contextual factors, such as source/destination IP addresses, ports, protocols, and connection state, to make access control decisions. CBAC is typically implemented in firewalls to enhance network security by allowing or blocking network traffic based on the context of the communication.
Which of the following allows for HTTP traffic to be sent securely?
Transport Layer Security (TLS) is a cryptographic protocol that ensures secure communication over a network. It is commonly used to secure HTTP traffic, providing encryption, data integrity, and authentication. When TLS is implemented, it encrypts the HTTP data transmitted between a client and a server, preventing unauthorized access and protecting the confidentiality of the information exchanged.