Free Access to ISC.SSCP.v2022-07-27.q281 with Valid Practice Test (Page 25)

Question 116

Which of the following is the act of performing tests and evaluations to test a system's security level to see if it complies with the design specifications and security requirements?

A.Validation
B.Verification
C.Assessment
D.Accuracy

Correct Answer: B

Verification vs. Validation:
Verification determines if the product accurately represents and meets the specifications. A product can be developed that does not match the original specifications. This step ensures that the specifications are properly met.
Validation determines if the product provides the necessary solution intended real-world problem. In large projects, it is easy to lose sight of overall goal. This exercise ensures that the main goal of the project is met.
From DITSCAP:
6.3.2. Phase 2, Verification. The Verification phase shall include activities to verify compliance of the system with previously agreed security requirements. For each life-cycle development activity, DoD Directive 5000.1 (reference (i)), there is a corresponding set of security activities, enclosure 3, that shall verify compliance with the security requirements and evaluate vulnerabilities.
6.3.3. Phase 3, Validation. The Validation phase shall include activities to evaluate the fully integrated system to validate system operation in a specified computing environment with an acceptable level of residual risk. Validation shall culminate in an approval to operate.
You must also be familiar with Verification and Validation for the purpose of the exam. A simple definition for Verification would be whether or not the developers followed the design specifications along with the security requirements. A simple definition for Validation would be whether or not the final product meets the end user needs and can be use for a specific purpose.
Wikipedia has an informal description that is currently written as: Validation can be expressed by the query "Are you building the right thing?" and Verification by "Are you building it right?
NOTE: DITSCAP was replaced by DIACAP some time ago (2007). While DITSCAP had defined both a verification and a validation phase, the DIACAP only has a validation phase. It may not make a difference in the answer for the exam; however, DIACAP is the cornerstone policy of DOD C&A and IA efforts today. Be familiar with both terms just in case all of a sudden the exam becomes updated with the new term.
Reference(s) used for this question:
Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 1106). McGraw-Hill. Kindle Edition.
http://iase.disa.mil/ditscap/DITSCAP.html https://en.wikipedia.org/wiki/Verification_and_validation For the definition of "validation" in DIACAP, Click Here Further sources for the phases in DIACAP, Click Here

Question 117

The Diffie-Hellman algorithm is used for:

A.Encryption
B.Digital signature
C.Key agreement
D.Non-repudiation

Question 118

Which of the following access control models introduces user security clearance and data classification?

A.Role-based access control
B.Discretionary access control
C.Non-discretionary access control
D.Mandatory access control

Question 119

Which of the following biometric parameters are better suited for authentication use over a long period of time?

A.Iris pattern
B.Voice pattern
C.Signature dynamics
D.Retina pattern

Question 120

Which of the following statements pertaining to Kerberos is false?

A.The Key Distribution Center represents a single point of failure.
B.Kerberos manages access permissions.
C.Kerberos uses a database to keep a copy of all users' public keys.
D.Kerberos uses symmetric key cryptography.

Question 116

Question 117

Question 118

Question 119

Question 120

Download PDF File