In which of the following security models is the subject's clearance compared to the object's classification such that specific rules can be applied to control how the subject-to-object interactions take place?
Answer(s): A
The Bell-LAPadula model is also called a multilevel security system because users with different clearances use the system and the system processes data with different classifications. Developed by the US Military in the 1970s.A security model maps the abstract goals of the policy to information system terms by specifying explicit data structures and techniques necessary to enforce the security policy. A security model is usually represented in mathematics and analytical ideas, which are mapped to system specifications and then developed by programmers through programming code. So we have a policy that encompasses security goals, such as "each subject must be authenticated and authorized before accessing an object." The security model takes this requirement and provides the necessary mathematical formulas, relationships, and logic structure to be followed to accomplish this goal.A system that employs the Bell-LaPadula model is called a multilevel security system because users with different clearances use the system, and the system processes data at different classification levels. The level at which information is classified determines the handling procedures that should be used. The Bell-LaPadula model is a state machine model that enforces the confidentiality aspects of access control. A matrix and security levels are used to determine if subjects can access different objects. The subject's clearance is compared to the object's classification and then specific rules are applied to control how subject-to-object subject-to-object interactions can take place.
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (p. 369). McGraw-Hill.Kindle Edition.
Which of the following classes is the first level (lower) defined in the TCSEC (Orange Book) as mandatory protection?
B level is the first Mandatory Access Control Level.First published in 1983 and updated in 1985, the TCSEC, frequently referred to as the Orange Book, was a United States Government Department of Defense (DoD) standard that sets basic standards for the implementation of security protections in computing systems. Primarily intended to help the DoD find products that met those basic standards, TCSEC was used to evaluate,classify, and select computer systems being considered for the processing, storage, and retrieval of sensitive or classified information on military and government systems. As such, it was strongly focused on enforcing confidentiality with no focus on other aspects of security such as integrity or availability. Although it has since been superseded by the common criteria, it influenced the development of other product evaluation criteria, and some of its basic approach and terminology continues to be used.
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 17920-17926). Auerbach Publications. Kindle Edition.andTHE source for all TCSEC "level" questions:http://csrc.nist.gov/publications/secpubs/rainbow/std001.txt (paragraph 3 for this one)
Which of the following classes is defined in the TCSEC (Orange Book) as discretionary protection?
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 197.Also: THE source for all TCSEC "level" questions:http://csrc.nist.gov/publications/secpubs/rainbow/std001.txt
Which of the following division is defined in the TCSEC (Orange Book) as minimal protection?
The criteria are divided into four divisions: D, C, B, and A ordered in a hierarchical manner with the highest division (A) being reserved for systems providing the most comprehensive security.Each division represents a major improvement in the overall confidence one can place in the system for the protection of sensitive information.Within divisions C and B there are a number of subdivisions known as classes. The classes are also ordered in a hierarchical manner with systems representative of division C and lower classes of division B being characterized by the set of computer security mechanisms that they possess.Assurance of correct and complete design and implementation for these systems is gained mostly through testing of the security- relevant portions of the system. The security-relevant portions of a system are referred to throughout this document as the Trusted Computing Base (TCB).Systems representative of higher classes in division B and division A derive their security attributes more from their design and implementation structure. Increased assurance that the required features are operative, correct, and tamperproof under all circumstances is gained through progressively more rigorous analysis during the design process.TCSEC provides a classification system that is divided into hierarchical divisions of assurance levels:Division D - minimal securityDivision C - discretionary protectionDivision B - mandatory protectionDivision A - verified protection
page 358 AIO V.5 Shon Harrisalso KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 197.Also:THE source for all TCSEC "level" questions:http://csrc.nist.gov/publications/secpubs/rainbow/std001.txt
Which of the following was developed by the National Computer Security Center (NCSC) for the US Department of Defense ?
TCSEC; The TCSEC, frequently referred to as the Orange Book, is the centerpiece of the DoD Rainbow Series publications.Initially issued by the National Computer Security Center (NCSC) an arm of the National Security Agency in 1983 and then updated in 1985, TCSEC was replaced with the development of the Common Criteria international standard originally published in 2005.
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, pages 197-199.Wikepediahttp://en.wikipedia.org/wiki/TCSEC
Share your comments for ISC SSCP exam with other users:
can you please upload the dumps for 1z0-1096-23 for oracle
its intresting, i would like to learn more abouth this
q252: dns poisoning is the correct answer, not locator redirection. beaconing is detected from a host. this indicates that the system has been infected with malware, which could be the source of local dns poisoning. location redirection works by either embedding the redirection in the original websites code or having a user click on a url that has an embedded redirect. since users at a different office are not getting redirected, it isnt an embedded redirection on the original website and since the user is manually typing in the url and not clicking a link, it isnt a modified link.
helpful dump questions
question 423 eigrp uses metric
hello nice dumps
good resource for learning
very useful
physical tempering techniques
its giving best technical knowledge
please upload
great question with explanation thanks!!
does this exam have lab sections?
please upload the braindump for .net
i need this exam 1z0-1107-2. please.
very useful!
for this question - "which three type of basic patient or member information is displayed on the patient info component? (choose three.)", list of conditions is not displayed (it is displayed in patient card, not patient info). so should be thumbnail of chatter photo
q52 should be d. vm storage controller bandwidth represents the amount of data (in terms of bandwidth) that a vms storage controller is using to read and write data to the storage fabric.
nice questions
question # 208: failure logs is not an example of operational metadata.
good questions
thank you for the test materials!
its very helpful
good questons
i need the dumb of the hcip security v4.0 exam
upload the dump please
yes, iam looking this
please upload cima e2 managing performance dumps
wonderful questions
i used this site since 2000, still great to support my career
why is the answer to "which of the following is required by scrum?" all of the following stated below since most of them are not mandatory? sprint retrospective. members must be stand up at the daily scrum. sprint burndown chart. release planning.