Verified CSSLP dumps Q As - 2023 Latest CSSLP Download Updated 100% Cover Real CSSLP Exam Questions - 100% Pass Guarantee NEW QUESTION # 114 Which of the following models uses a directed graph to specify the rights that a subject can transfer to an object or that a subject can take from another subject? A. Bell-LaPadula Model B. Take-Grant Protection Model C. Biba Integrity Model D. Access Matrix Answer: [...]

All Products Contact now

Verified CSSLP dumps Q&As - 2023 Latest CSSLP Download [Q114-Q137]

Share

Verified CSSLP  dumps Q&As - 2023 Latest CSSLP  Download

Updated 100% Cover Real CSSLP Exam Questions - 100% Pass Guarantee

NEW QUESTION # 114
Which of the following models uses a directed graph to specify the rights that a subject can transfer to an object or that a subject can take from another subject?

  • A. Bell-LaPadula Model
  • B. Take-Grant Protection Model
  • C. Biba Integrity Model
  • D. Access Matrix

Answer: B

Explanation:
The take-grant protection model is a formal model used in the field of computer security to establish or disprove the safety of a given computer system that follows specific rules. It shows that for specific systems the question of safety is decidable in linear time, which is in general undecidable. The model represents a system as directed graph, where vertices are either subjects or objects. The edges between them are labeled and the label indicates the rights that the source of the edge has over the destination. Two rights occur in every instance of the model: take and grant. They play a special role in the graph rewriting rules describing admissible changes of the graph. Answer D is incorrect. The access matrix is a straightforward approach that provides access rights to subjects for objects. Answer C is incorrect. The Bell-LaPadula model deals only with the confidentiality of classified material. It does not address integrity or availability. Answer B is incorrect. The integrity model was developed as an analog to the Bell-LaPadula confidentiality model and then became more sophisticated to address additional integrity requirements.


NEW QUESTION # 115
You are the project manager of the GHY project for your organization. You are about to start the qualitative risk analysis process for the project and you need to determine the roles and responsibilities for conducting risk management. Where can you find this information?

  • A. Staffing management plan
  • B. Enterprise environmental factors
  • C. Risk register
  • D. Risk management plan

Answer: D

Explanation:
The risk management plan defines the roles and responsibilities for conducting risk management. A Risk management plan is a document arranged by a project manager to estimate the effectiveness, predict risks, and build response plans to mitigate them. It also consists of the risk assessment matrix. Risks are built in with any project, and project managers evaluate risks repeatedly and build plans to address them. The risk management plan consists of analysis of possible risks with both high and low impacts, and the mitigation strategies to facilitate the project and avoid being derailed through which the common problems arise. Risk management plans should be timely reviewed by the project team in order to avoid having the analysis become stale and not reflective of actual potential project risks. Most critically, risk management plans include a risk strategy for project execution. Answer A is incorrect. The risk register does not define the risk management roles and responsibilities. Answer D is incorrect. Enterprise environmental factors may define the roles that risk management officials or departments play in the project, but the best answer for all projects is the risk management plan. Answer B is incorrect. The staffing management plan does not define the risk management roles and responsibilities.


NEW QUESTION # 116
Which of the following are examples of passive attacks? Each correct answer represents a complete solution. Choose all that apply.

  • A. Placing a backdoor
  • B. Eavesdropping
  • C. Dumpster diving
  • D. Shoulder surfing

Answer: B,C,D

Explanation:
In eavesdropping, dumpster diving, and shoulder surfing, the attacker violates the confidentiality of a system without affecting its state. Hence, they are considered passive attacks.


NEW QUESTION # 117
Which of the following is a formula, practice, process, design, instrument, pattern, or compilation of information which is not generally known, but by which a business can obtain an economic advantage over its competitors?

  • A. Trade secret
  • B. Copyright
  • C. Explanation:
    A trade secret is a formula, practice, process, design, instrument, pattern, or compilation of information which is not generally known. It helps a business to obtain an economic advantage over its competitors or customers. In some jurisdictions, such secrets are referred to as confidential information or classified information.
  • D. Utility model
  • E. Cookie

Answer: A

Explanation:
is incorrect. A copyright is a form of intellectual property, which secures to its holder the exclusive right to produce copies of his or her works of original expression, such as a literary work, movie, musical work or sound recording, painting, photograph, computer program, or industrial design, for a defined, yet extendable, period of time. It does not cover ideas or facts. Copyright laws protect intellectual property from misuse by other individuals. Answer B is incorrect. A utility model is an intellectual property right to protect inventions. Answer D is incorrect. A cookie is a small bit of text that accompanies requests and pages as they move between Web servers and browsers. It contains information that is read by a Web application, whenever a user visits a site. Cookies are stored in the memory or hard disk of client computers. A Web site stores information, such as user preferences and settings in a cookie. This information helps in providing customized services to users. There is absolutely no way a Web server can access any private information about a user or his computer through cookies, unless a user provides the information. A Web server cannot access cookies created by other Web servers.


NEW QUESTION # 118
Which of the following methods is a means of ensuring that system changes are approved before being implemented, only the proposed and approved changes are implemented, and the implementation is complete and accurate?

  • A. Configuration identification
  • B. Configuration auditing
  • C. Configuration control
  • D. Documentation control

Answer: D

Explanation:
Explanation/Reference:
Explanation: Documentation control is a method of ensuring that system changes should be agreed upon before being implemented, only the proposed and approved changes are implemented, and the implementation is complete and accurate. Documentation control is involved in the strict events for proposing, monitoring, and approving system changes and their implementation. It helps the change process by supporting the person who synchronizes the analytical task, approves system changes, reviews the implementation of changes, and oversees other tasks such as documenting the controls.
AnswerD is incorrect. Configuration auditing is the quality assurance element of configuration
management. It is occupied in the process of periodic checks to establish the consistency and completeness of accounting information and to validate that all configuration management policies are being followed. Configuration audits are broken into functional and physical configuration audits. They occur either at delivery or at the moment of effecting the change. A functional configuration audit ensures that functional and performance attributes of a configuration item are achieved, while a physical configuration audit ensures that a configuration item is installed in accordance with the requirements of its detailed design documentation. AnswerA is incorrect. Configuration control is a procedure of the Configuration management. Configuration control is a set of processes and approval stages required to change a configuration item's attributes and to re-baseline them. It supports the change of the functional and physical attributes of software at various points in time, and performs systematic control of changes to the identified attributes. Answer C is incorrect. Configuration identification is the process of identifying the attributes that define every aspect of a configuration item. A configuration item is a product (hardware and/ or software) that has an end-user purpose. These attributes are recorded in configuration documentation and baselined. Baselining an attribute forces formal configuration change control processes to be effected in the event that these attributes are changed.


NEW QUESTION # 119
Which of the following rated systems of the Orange book has mandatory protection of the TCB?

  • A. A-rated
  • B. B-rated
  • C. D-rated
  • D. C-rated

Answer: B

Explanation:
A B-rated system of the orange book has mandatory protection of the trusted computing base (TCB). Trusted computing base (TCB) refers to hardware, software, controls, and processes that cause a computer system or network to be devoid of malicious software or hardware. Maintaining the trusted computing base (TCB) is essential for security policy to be implemented successfully.


NEW QUESTION # 120
Which of the following ISO standards is entitled as "Information technology - Security techniques - Information security management - Measurement"?

  • A. ISO 27006
  • B. ISO 27003
  • C. ISO 27005
  • D. ISO 27004

Answer: D

Explanation:
Explanation/Reference:
Explanation: ISO 27004 is an information security standard developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It is entitled as "Information technology - Security techniques - Information security management - Measurement". The ISO 27004 standard provides guidelines on specifications and use of measurement techniques for the assessment of the effectiveness of an implemented information security management system and controls. It also helps an organization in establishing the effectiveness of ISMS implementation, embracing benchmarking, and performance targeting within the PDCA (plan-do-check-act) cycle. AnswerA is incorrect. ISO 27003 is entitled as "Information Technology - Security techniques - Information security management system implementation guidance". Answer B is incorrect. ISO 27005 is entitled as "ISO/IEC 27005:2008 Information technology -- Security techniques -- Information security risk management". Answer: D is incorrect. ISO 27006 is entitled as "Information technology - Security techniques - Requirements for bodies providing audit and certification of information security management systems".


NEW QUESTION # 121
You work as a project manager for a company. The company has started a new security software project.
The software configuration management will be used throughout the lifecycle of the project. You are tasked to modify the functional features and the basic logic of the software and then make them compatible to the initial design of the project. Which of the following procedures of the configuration management will you follow to accomplish the task?

  • A. Configuration identification
  • B. Configuration control
  • C. Configuration audits
  • D. Configuration status accounting

Answer: B

Explanation:
Explanation/Reference:
Explanation: Configuration control is a procedure of the Configuration management. Configuration control is a set of processes and approval stages required to change a configuration item's attributes and to re- baseline them. It supports the change of the functional and physical attributes of software at various points in time, and performs systematic control of changes to the identified attributes. Answer: C is incorrect.
Configuration audits confirm that the configuration identification for a configured item is accurate, complete, and will meet specified program needs. Configuration audits are broken into functional and physical configuration audits. They occur either at delivery or at the moment of effecting the change. A functional configuration audit ensures that functional and performance attributes of a configuration item are achieved, while a physical configuration audit ensures that a configuration item is installed in accordance with the requirements of its detailed design documentation. Answer: D is incorrect. Configuration identification is the process of identifying the attributes that define every aspect of a configuration item. A configuration item is a product (hardware and/or software) that has an end-user purpose. These attributes are recorded in configuration documentation and baselined. Baselining an attribute forces formal configuration change control processes to be effected in the event that these attributes are changed. Answer: A is incorrect. The configuration status accounting procedure is the ability to record and report on the configuration baselines associated with each configuration item at any moment of time. It supports the functional and physical attributes of software at various points in time, and performs systematic control of accounting to the identified attributes for the purpose of maintaining software integrity and traceability throughout the software development life cycle.


NEW QUESTION # 122
Digital rights management (DRM) consists of compliance and robustness rules. Which of the following features does the robustness rule have? Each correct answer represents a complete solution. Choose three.

  • A. It specifies the various levels of robustness that are needed for asset security.
  • B. It specifies the behaviors of the DRM implementation and applications accessing the implementation.
  • C. It contains assets, such as device key, content key, algorithm, and profiling data.
  • D. It specifies minimum techniques for asset security.

Answer: A,C,D

Explanation:
Explanation/Reference:
Explanation: The DRM (digital rights management) technology includes the following rules: 1.Compliance rule: This rule specifies the behaviors of the DRM implementation, and applications that are accessing the implementation. The compliance rule specifies the following elements: Definition of specific license rights Device requirements Revocation of license path or penalties when the implementation is not robust enough or noncompliant 2.Robustness rule: This rule has the following features: It specifies the various levels of robustness that are needed for asset security. It contains assets, such as device key, content key, algorithm, and profiling data. It specifies minimum techniques for asset security.


NEW QUESTION # 123
The Phase 3 of DITSCAP C&A is known as Validation. The goal of Phase 3 is to validate that the preceding work has produced an IS that operates in a specified computing environment. What are the process activities of this phase? Each correct answer represents a complete solution. Choose all that apply.

  • A. Perform certification evaluation of the integrated system
  • B. Develop recommendation to the DAA
  • C. System development
  • D. Certification and accreditation decision
  • E. Continue to review and refine the SSAA

Answer: A,B,D,E

Explanation:
The Phase 3 of DITSCAP C&A is known as Validation. The goal of Phase 3 is to validate that the preceding work has produced an IS that operates in a specified computing environment. The process activities of this phase are as follows: Continue to review and refine the SSAA Perform certification evaluation of the integrated system Develop recommendation to the DAA Certification and accreditation decision Answer D is incorrect. System development is a Phase 2 activity.


NEW QUESTION # 124
According to the NIST SAMATE, dynamic analysis tools operate by generating runtime vulnerability scenario using some functions. Which of the following are functions that are used by the dynamic analysis tools and are summarized in the NIST SAMATE? Each correct answer represents a complete solution.
Choose all that apply.

  • A. Source code security
  • B. Implementation attack
  • C. Network fault injection
  • D. File corruption

Answer: B,C,D

Explanation:
Explanation/Reference:
Explanation: According to the NIST SAMATE, dynamic analysis tools operate by generating runtime vulnerability scenario using the following functions: Resource fault injection Network fault injection System fault injection User interface fault injection Design attack Implementation attack File corruption AnswerB is incorrect. This function is summarized for static analysis tools.


NEW QUESTION # 125
You work as a Security Manager for Tech Perfect Inc. You find that some applications have failed to encrypt network traffic while ensuring secure communications in the organization. Which of the following will you use to resolve the issue?

  • A. TLS
  • B. SCP
  • C. HTTPS
  • D. IPSec

Answer: A

Explanation:
Explanation/Reference:
Explanation: In order to resolve the issue, you should use TLS (Transport Layer Security). Transport Layer Security (TLS) is a cryptographic protocol that provides security and data integrity for communications over networks such as the Internet. TLS and SSL encrypt the segments of network connections at the Transport Layer end-to-end. Several versions of the protocols are in wide-spread use in applications like web browsing, electronic mail, Internet faxing, instant messaging, and voice-over-IP (VoIP). The TLS protocol, an application layer protocol, allows client/server applications to communicate across a network in a way designed to prevent eavesdropping, tampering, and message forgery. TLS provides endpoint authentication and communications confidentiality over the Internet using cryptography. AnswerC is incorrect. Internet Protocol Security (IPSec) is a method of securing data. It secures traffic by using encryption and digital signing. It enhances the security of data as if an IPSec packet is captured, its contents cannot be read. IPSec also provides sender verification that ensures the certainty of the datagram's origin to the receiver. Answer D is incorrect. Hypertext Transfer Protocol Secure (HTTPS) protocol is a protocol used in the Universal Resource Locater (URL) address line to connect to a secure site. If a site has been made secure by using the Secure Sockets Layer (SSL) then HTTPS, instead of HTTP protocol, should be used as a protocol type in the URL. Answer: A is incorrect. The SCP (secure copy) protocol is a network protocol that supports file transfers. The SCP protocol, which runs on port 22, is based on the BSD RCP protocol which is tunneled through the Secure Shell (SSH) protocol to provide encryption and authentication. SCP might not even be considered a protocol itself, but merely a combination of RCP and SSH. The RCP protocol performs the file transfer and the SSH protocol performs authentication and encryption. SCP protects the authenticity and confidentiality of the data in transit. It hinders the ability for packet sniffers to extract usable information from the data packets.


NEW QUESTION # 126
In which type of access control do user ID and password system come under?

  • A. Technical
  • B. Physical
  • C. Administrative
  • D. Power

Answer: A

Explanation:
Technical access controls include IDS systems, encryption, network segmentation, and antivirus controls. Answer D is incorrect. The policies and procedures implemented by an organization come under administrative access controls. Answer A is incorrect. Security guards, locks on the gates, and alarms come under physical access controls. Answer C is incorrect. There is no such type of access control as power control.


NEW QUESTION # 127
Which of the following statements best describes the difference between the role of a data owner and the role of a data custodian?

  • A. The custodian makes the initial information classification assignments, and the operations manager implements the scheme.
  • B. The custodian implements the information classification scheme after the initial assignment by the operations manager.
  • C. The data custodian implements the information classification scheme after the initial assignment by the data owner.
  • D. The data owner implements the information classification scheme after the initial assignment by the custodian.

Answer: C

Explanation:
The data owner is responsible for ensuring that the appropriate security controls are in place, for assigning the initial classification to the data to be protected, for approving access requests from other parts of the organization, and for periodically reviewing the data classifications and access rights. Data owners are primarily responsible for determining the data's sensitivity or classification levels, whereas the data custodian has the responsibility for backup, retention, and recovery of data. The data owner delegates these responsibilities to the custodian. Answer B, A, and C are incorrect. These are not the valid answers.


NEW QUESTION # 128
Which of the following phases of DITSCAP includes the activities that are necessary for the continuing operation of an accredited IT system in its computing environment and for addressing the changing threats that a system faces throughout its life cycle?

  • A. Phase 3, Validation
  • B. Phase 4, Post Accreditation Phase
  • C. Phase 2, Verification
  • D. Phase 1, Definition

Answer: B

Explanation:
Explanation/Reference:
Explanation: Phase 4, Post Accreditation Phase of the DITSCAP includes the activities, which are necessary for the continuing operation of an accredited IT system in its computing environment and for addressing the changing threats that a system faces throughout its life cycle. Answer: B is incorrect. Phase
1, Definition, focuses on understanding the mission, the environment, and the architecture in order to determine the security requirements and level of effort necessary to achieve accreditation. Answer: C is incorrect. Phase 2, Verification, verifies the evolving or modified system's compliance with the information agreed on in the System Security Authorization Agreement (SSAA). Answer: A is incorrect. Phase 3 validates the compliance of a fully integrated system with the information stated in the SSAA.


NEW QUESTION # 129
Which of the following phases of NIST SP 800-37 C&A methodology examines the residual risk for acceptability, and prepares the final security accreditation package?

  • A. Continuous Monitoring
  • B. Security Accreditation
  • C. Initiation
  • D. Security Certification

Answer: B

Explanation:
The various phases of NIST SP 800-37 C&A are as follows: Phase 1: Initiation- This phase includes preparation, notification and resource identification. It performs the security plan analysis, update, and acceptance. Phase 2: Security Certification- The Security certification phase evaluates the controls and documentation. Phase 3: Security Accreditation- The security accreditation phase examines the residual risk for acceptability, and prepares the final security accreditation package. Phase 4: Continuous Monitoring-This phase monitors the configuration management and control, ongoing security control verification, and status reporting and documentation.


NEW QUESTION # 130
Software Development Life Cycle (SDLC) is a logical process used by programmers to develop software.
Which of the following SDLC phases meets the audit objectives defined below: System and data are validated. System meets all user requirements. System meets all control requirements.

  • A. Initiation
  • B. Evaluation and acceptance
  • C. Definition
  • D. Programming and training

Answer: B

Explanation:
Explanation/Reference:
Explanation: It is the evaluation and acceptance phase of the SDLC, which meets the following audit objectives: System and data are validated. System meets all user requirements. System meets all control requirements AnswerD is incorrect. During the initiation phase, the need for a system is expressed and the purpose of the system is documented. Answer: C is incorrect. During the definition phase, users' needs are defined and the needs are translated into requirements statements that incorporate appropriate controls. Answer: B is incorrect. During the programming and training phase, the software and other components of the system are faithfully incorporated into the design specifications. Proper documentation and training are provided in this phase.


NEW QUESTION # 131
Which of the following models manages the software development process if the developers are limited to go back only one stage to rework?

  • A. Waterfall model
  • B. Prototyping model
  • C. RAD model
  • D. Spiral model

Answer: A

Explanation:
In the waterfall model, software development can be managed if the developers are limited to go back only one stage to rework. If this limitation is not imposed mainly on a large project with several team members, then any developer can be working on any phase at any time, and the required rework might be accomplished several times. Answer B is incorrect. The spiral model is a software development process combining elements of both design and prototyping-instages, in an effort to combine advantages of top-down and bottom-up concepts. The basic principles of the spiral model are as follows: The focus is on risk assessment and minimizing project risks by breaking a project into smaller segments and providing more ease-of- change during the development process, as well as providing the opportunity to evaluate risks and weigh consideration of project continuation throughout the life cycle. Each cycle involves a progression through the same sequence of steps, for each portion of the product and for each of its levels of elaboration, from an overall concept-of-operation document down to the coding of each individual program. Each trip around the spiral traverses the following four basic quadrants: Determine objectives, alternatives, and constraints of the iteration. Evaluate alternatives, and identify and resolve risks. Develop and verify deliverables from the iteration. Plan the next iteration. Begin each cycle with an identification of stakeholders and their win conditions, and end each cycle with review and commitment. Answer D is incorrect. The Prototyping model is a systems development method (SDM). In this model, a prototype is created, tested, and then reworked as necessary until an adequate prototype is finally achieved from which the complete system or product can now be developed. Answer C is incorrect. Rapid Application Development (RAD) refers to a type of software development methodology that uses minimal planning in favor of rapid prototyping.


NEW QUESTION # 132
Part of your change management plan details what should happen in the change control system for your project. Theresa, a junior project manager, asks what the configuration management activities are for scope changes. You tell her that all of the following are valid configuration management activities except for which one?

  • A. Configuration Status Accounting
  • B. Configuration Item Costing
  • C. Configuration Verification and Auditing
  • D. Configuration Identification

Answer: B

Explanation:
Configuration item cost is not a valid activity for configuration management. Cost changes are managed by the cost change control system; configuration management is concerned with changes to the features and functions of the project deliverables.


NEW QUESTION # 133
You are responsible for network and information security at a large hospital. It is a significant concern that any change to any patient record can be easily traced back to the person who made that change. What is this called?

  • A. Non repudiation
  • B. Availability
  • C. Confidentiality
  • D. Data Protection

Answer: A

Explanation:
Explanation/Reference:
Explanation: Non repudiation refers to mechanisms that prevent a party from falsely denying involvement in some data transaction.


NEW QUESTION # 134
Which of the following federal agencies has the objective to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life?

  • A. National Security Agency (NSA)
  • B. Committee on National Security Systems (CNSS)
  • C. United States Congress
  • D. National Institute of Standards and Technology (NIST)

Answer: D

Explanation:
Explanation/Reference:
Explanation: The National Institute of Standards and Technology (NIST), known between 1901 and 1988 as the National Bureau of Standards (NBS), is a measurement standards laboratory which is a non- regulatory agency of the United States Department of Commerce. The institute's official mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve quality of life. Answer D is incorrect.
The Committee on National Security Systems (CNSS) is a United States intergovernmental organization that sets policy for the security of the US security systems. The CNSS holds discussions of policy issues, sets national policy, directions, operational procedures, and guidance for the information systems operated by the U.S. Government, its contractors, or agents that contain classified information, involve intelligence activities, involve cryptographic activities related to national security, etc. Answer A is incorrect.
The National Security Agency/Central Security Service (NSA/CSS) is a crypto-logic intelligence agency of the United States government. It is administered as part of the United States Department of Defense. NSA is responsible for the collection and analysis of foreign communications and foreign signals intelligence, which involves cryptanalysis. NSA is also responsible for protecting U.S. government communications and information systems from similar agencies elsewhere, which involves cryptography. NSA is a key component of the U.S. Intelligence Community, which is headed by the Director of National Intelligence.
The Central Security Service is a co-located agency created to coordinate intelligence activities and co- operation between NSA and U.S. military cryptanalysis agencies. NSA's work is limited to communications intelligence. It does not perform field or human intelligence activities. Answer C is incorrect. The United States Congress is the bicameral legislature of the federal government of the United States of America. It consists of the Senate and the House of Representatives. The Congress meets in the United States Capitol in Washington, D.C. Both senators and representatives are chosen through direct election. Each of the 435 members of the House of Representatives represents a district and serves a two-year term. House seats are apportioned among the states by population. The 100 Senators serve staggered six-year terms.
Each state has two senators, regardless of population. Every two years, approximately one-third of the Senate is elected at a time. The United States Congress main function is to make laws. The Office of the Law Revision Counsel organizes and publishes the United States Code (USC). It is a consolidation and codification by subject matter of the general and permanent laws of the United States.


NEW QUESTION # 135
You work as a Security Manager for Tech Perfect Inc. In the organization, Syslog is used for computer system management and security auditing, as well as for generalized informational, analysis, and debugging messages. You want to prevent a denial of service (DoS) for the Syslog server and the loss of Syslog messages from other sources. What will you do to accomplish the task?

  • A. Limit the number of Syslog messages or TCP connections from a specific source for a certain time period.
  • B. Use a different message format other than Syslog in order to accept data.
  • C. Encrypt rotated log files automatically using third-party or OS mechanisms.
  • D. Enable the storage of log entries in both traditional Syslog files and a database.

Answer: A

Explanation:
Explanation/Reference:
Explanation: In order to accomplish the task, you should limit the number of Syslog messages or TCP connections from a specific source for a certain time period. This will prevent a denial of service (DoS) for the Syslog server and the loss of Syslog messages from other sources. Answer: D is incorrect. You can encrypt rotated log files automatically using third-party or OS mechanisms to protect data confidentiality.
Answer A is incorrect. You can use a different message format other than Syslog in order to accept data
for aggregating data from hosts that do not support Syslog. Answer: B is incorrect. You can enable the storage of log entries in both traditional Syslog files and a database for creating a database storage for logs.


NEW QUESTION # 136
Which of the following authentication methods is used to access public areas of a Web site?

  • A. Multi-factor authentication
  • B. Mutual authentication
  • C. Biometrics authentication
  • D. Anonymous authentication

Answer: D

Explanation:
Explanation/Reference:
Explanation: Anonymous authentication is an authentication method used for Internet communication. It provides limited access to specific public folders and directory information or public areas of a Web site. It is supported by all clients and is used to access unsecured content in public folders. An administrator must create a user account in IIS to enable the user to connect anonymously. Answer: D is incorrect. Multi-factor authentication involves a combination of multiple methods of authentication. For example, an authentication method that uses smart cards as well as usernames and passwords can be referred to as multi-factor authentication. Answer: C is incorrect. Mutual authentication is a process in which a client process and server are required to prove their identities to each other before performing any application function. The client and server identities can be verified through a trusted third party and use shared secrets as in the case of Kerberos v5. The MS-CHAP v2 and EAP-TLS authentication methods support mutual authentication.
Answer B is incorrect. Biometrics authentication uses physical characteristics, such as fingerprints, scars,
retinal patterns, and other forms of biophysical qualities to identify a user.


NEW QUESTION # 137
......

Use Real Dumps - 100% Free CSSLP Exam Dumps: https://pass4sure.guidetorrent.com/CSSLP-dumps-questions.html

Related Articles

more
ISC CSSLP Certification Practice Exam