ISC SSCP Exam Dumps

security

The correct answer to this "security". It is a major factor in deciding if a
centralized or decentralized environment is more appropriate.
Example: In a centralized computing environment, you have a central server and
workstations (often "dumb terminals") access applications, data, and everything else from
that central servers. Therefore, the vast majority of your security resides on a centrally
managed server. In a decentralized (or distributed) environment, you have a collection of
PC's each with their own operating systems to maintain, their own software to maintain,
local data storage requiring protection and backup. You may also have PDA's and "smart
phones", data watches, USB devices of all types able to store data... the list gets longer all
the time.
It is entirely possible to reach a reasonable and acceptable level of security in a distributed environment. But doing so is significantly more difficult, requiring more effort, more money,
and more time.
The other answers are not correct because:
scalability - A distributed computing environment is almost infinitely scalable. Much more so
than a centralized environment. This is therefore a bad answer.
heterogeneity - Having products and systems from multiple vendors in a distributed
environment is significantly easier than in a centralized environment. This would not be a
"challenge of distributed computing solutions" and so is not a good answer.
usability - This is potentially a challenge in either environment, but whether or not this is a
problem has very little to do with whether it is a centralized or distributed environment.
Therefore, this would not be a good answer.
Reference:
Official ISC2 Guide page: 313-314
All in One Third Edition page: (unavailable at this time)

 One-time pads.

A One-Time Pad uses a keystream string of bits that is generated completely
at random that is used only once. Because it is used only once it is considered
unbreakable.
The following answers are incorrect:
Symmetric ciphers. This is incorrect because a Symmetric Cipher is created by substitution
and transposition. They can and have been broken
DES codebooks. This is incorrect because Data Encryption Standard (DES) has been
broken, it was replaced by Advanced Encryption Standard (AES).
Elliptic Curve Cryptography. This is incorrect because Elliptic Curve Cryptography or ECC
is typically used on wireless devices such as cellular phones that have small processors.
Because of the lack of processing power the keys used at often small. The smaller the key,
the easier it is considered to be breakable. Also, the technology has not been around long
enough or tested thourough enough to be considered truly unbreakable.

 One-time or dynamic password

"one-time password" provides maximum security because a new password is
required for each new log-on.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 36.