Because of improper parameter checking within the application

Buffer Overflow attack takes advantage of improper parameter checking
within the application. This is the classic form of buffer overflow and occurs because the
programmer accepts whatever input the user supplies without checking to make sure that
the length of the input is less than the size of the buffer in the program.
The buffer overflow problem is one of the oldest and most common problems in software
development and programming, dating back to the introduction of interactive computing. It
can result when a program fills up the assigned buffer of memory with more data than its
buffer can hold. When the program begins to write beyond the end of the buffer, the
program’s execution path can be changed, or data can be written into areas used by the
operating system itself. This can lead to the insertion of malicious code that can be used to
gain administrative privileges on the program or system. As explained by Gaurab, it can become very complex. At the time of input even if you are
checking the length of the input, it has to be check against the buffer size. Consider a case
where entry point of data is stored in Buffer1 of Application1 and then you copy it to Buffer2
within Application2 later on, if you are just checking the length of data against Buffer1, it will
not ensure that it will not cause a buffer overflow in Buffer2 of Application2.
A bit of reassurance from the ISC2 book about level of Coding Knowledge needed for the
exam:
It should be noted that the CISSP is not required to be an expert programmer or know the
inner workings of developing application software code, like the FORTRAN programming
language, or how to develop Web applet code using Java. It is not even necessary that the
CISSP know detailed security-specific coding practices such as the major divisions of
buffer overflow exploits or the reason for preferring str(n)cpy to strcpy in the C language
(although all such knowledge is, of course, helpful). Because the CISSP may be the person
responsible for ensuring that security is included in such developments, the CISSP should
know the basic procedures and concepts involved during the design and development of
software programming. That is, in order for the CISSP to monitor the software development
process and verify that security is included, the CISSP must understand the fundamental concepts of programming developments and the security strengths and weaknesses of
various application development processes.
The following are incorrect answers:
"Because buffers can only hold so much data" is incorrect. This is certainly true but is not
the best answer because the finite size of the buffer is not the problem - the problem is that the programmer did not check the size of the input before moving it into the buffer.
"Because they are an easy weakness to exploit" is incorrect. This answer is sometimes
true but is not the best answer because the root cause of the buffer overflow is that the
programmer did not check the size of the user input.
"Because of insufficient system memory" is incorrect. This is irrelevant to the occurrence of
a buffer overflow.
Reference(s) used for this question:
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third
Edition ((ISC)2 Press) (Kindle Locations 13319-13323). Auerbach Publications. Kindle
Edition.
 

Convenience and centralized administration

Convenience -Using single sign-on users have to type their passwords only
once when they first log in to access all the network resources; and Centralized
Administration as some single sign-on systems are built around a unified server
administration system. This allows a single administrator to add and delete accounts
across the entire network from one user interface.
The following answers are incorrect:
Convenience - alone this is not the correct answer.
Centralized Data or Network Administration - these are thrown in to mislead the student.
Neither are a benefit to SSO, as these specifically should not be allowed with just an SSO. References: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management
Handbook, 4th Edition, Volume 1, page 35.
TIPTON, Harold F. & HENRY, Kevin, Official (ISC)2 Guide to the CISSP CBK, 2007, page
180.

Neither label contains all the categories of the other.

If a category does not exist then you cannot compare it. Incomparable is
when you have two disjointed sensitivity labels, that is a category in one of the labels is not
in the other label. "Because neither label contains all the categories of the other, the labels
can't be compared. They're said to be incomparable"
COMPARABILITY:
The label:
TOP SECRET [VENUS ALPHA]
is "higher" than either of the labels:
SECRET [VENUS ALPHA] TOP SECRET [VENUS]
But you can't really say that the label:
TOP SECRET [VENUS]
is higher than the label:
SECRET [ALPHA] Because neither label contains all the categories of the other, the labels can't be compared.
They're said to be incomparable. In a mandatory access control system, you won't be
allowed access to a file whose label is incomparable to your clearance. The Multilevel Security policy uses an ordering relationship between labels known as the
dominance relationship. Intuitively, we think of a label that dominates another as being
"higher" than the other. Similarly, we think of a label that is dominated by another as being
"lower" than the other. The dominance relationship is used to determine permitted
operations and information flows.
DOMINANCE
The dominance relationship is determined by the ordering of the Sensitivity/Clearance
component of the label and the intersection of the set of Compartments.
Sample Sensitivity/Clearance ordering are:
Top Secret > Secret > Confidential > Unclassified
s3 > s2 > s1 > s0
Formally, for label one to dominate label 2 both of the following must be true: The sensitivity/clearance of label one must be greater than or equal to the
sensitivity/clearance of label two.
The intersection of the compartments of label one and label two must equal the
compartments of label two.
Additionally:
Two labels are said to be equal if their sensitivity/clearance and set of compartments are
exactly equal. Note that dominance includes equality.
One label is said to strictly dominate the other if it dominates the other but is not equal to
the other.
Two labels are said to be incomparable if each label has at least one compartment that is
not included in the other's set of compartments.
The dominance relationship will produce a partial ordering over all possible MLS labels,
resulting in what is known as the MLS Security Lattice. The following answers are incorrect:
The number of classification in the two labels is different. Is incorrect because the
categories are what is being compared, not the classifications.
Neither label contains all the classifications of the other. Is incorrect because the categoriesare what is being compared, not the classifications.
the number of categories in the two labels is different. Is incorrect because it is possibe a
category exists more than once in one sensitivity label and does exist in the other so they
would be comparable.
Reference(s) used for this question:
OReilly - Computer Systems and Access Control (Chapter 3)
http://www.oreilly.com/catalog/csb/chapter/ch03.html
and
http://rubix.com/cms/mls_dom

Single Sign-On (SSO)

The advantages of SSO include having the ability to use stronger passwords,
easier administration as far as changing or deleting the passwords, minimize the risks of
orphan accounts, and requiring less time to access resources.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 39.

Role-based access control

Role-based access control (RBAC) gives the security officers the ability to
specify and enforce enterprise-specific security policies in a way that maps naturally to an
organization's structure. Each user is assigned one or more roles, and each role is
assigned one or more privileges that are given to users in that role. An access control list
(ACL) is a table that tells a system which access rights each user has to a particular
system object. With discretionary access control, administration is decentralized and
owners of resources control other users' access. Non-mandatory access control is not a
defined access control technique.
Source: ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 2: Access Control
Systems and Methodology (page 9).

Degaussing

A "Degausser (Otherwise known as a Bulk Eraser) has the main function of
reducing to near zero the magnetic flux stored in the magnetized medium. Flux density is
measured in Gauss or Tesla. The operation is speedier than overwriting and done in one
short operation. This is achieved by subjecting the subject in bulk to a series of fields of
alternating polarity and gradually decreasing strength.
The following answers are incorrect:Parity Bit Manipulation. Parity has to do with disk lerror
detection, not data removal. A bit or series of bits appended to a character or block of characters to ensure that the information received is the same as the infromation that was
sent.
Zeroization. Zeroization involves overwrting data to sanitize it. It is time-consuming and not
foolproof. The potential of restoration of data does exist with this method.
Buffer overflow. This is a detractor. Although many Operating Systems use a disk buffer to
temporarily hold data read from disk, its primary purpose has no connection to data
removal. An overflow goes outside the constraints defined for the buffer and is a method
used by an attacker to attempt access to a system.
The following reference(s) were/was used to create this question:  Shon Harris AIO v3. pg 908
Reference: What is degaussing.

C

Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide:
Mastering the Ten Domains of Computer Security, page 197.
Also: THE source for all TCSEC "level" questions:
http://csrc.nist.gov/publications/secpubs/rainbow/std001.txt

Security awareness

Security awareness is a preventive measure, not a compensating measure
for access violations.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control
systems (page 50).

both physical attacks and attacks from malicious code.

Since all the secret keys are held and authentication is performed on the
Kerberos TGS and the authentication servers, these servers are vulnerable to both
physical attacks and attacks from malicious code.
Because a client's password is used in the initiation of the Kerberos request for the service
protocol, password guessing can be used to impersonate a client.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 42.

Retina scan

The biometric device that is least user accepted is the retina scan, where a
system scans the blood-vessel pattern on the backside of the eyeball. When using this
device, an individual has to place their eye up to a device, and may require a puff of air to
be blown into the eye. The iris scan only needs for an individual to glance at a camera that
could be placed above a door.
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-
Hill/Osborne, 2002, Chapter 4: Access Control (page 131).C