In which of the following security models is the subject's clearance compared to the object's classification such that specific rules can be applied to control how the subject-to-object interactions take place?
Answer(s): A
The Bell-LAPadula model is also called a multilevel security system because users with different clearances use the system and the system processes data with different classifications. Developed by the US Military in the 1970s.A security model maps the abstract goals of the policy to information system terms by specifying explicit data structures and techniques necessary to enforce the security policy. A security model is usually represented in mathematics and analytical ideas, which are mapped to system specifications and then developed by programmers through programming code. So we have a policy that encompasses security goals, such as "each subject must be authenticated and authorized before accessing an object." The security model takes this requirement and provides the necessary mathematical formulas, relationships, and logic structure to be followed to accomplish this goal.A system that employs the Bell-LaPadula model is called a multilevel security system because users with different clearances use the system, and the system processes data at different classification levels. The level at which information is classified determines the handling procedures that should be used. The Bell-LaPadula model is a state machine model that enforces the confidentiality aspects of access control. A matrix and security levels are used to determine if subjects can access different objects. The subject's clearance is compared to the object's classification and then specific rules are applied to control how subject-to-object subject-to-object interactions can take place.
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (p. 369). McGraw-Hill.Kindle Edition.
Which of the following classes is the first level (lower) defined in the TCSEC (Orange Book) as mandatory protection?
B level is the first Mandatory Access Control Level.First published in 1983 and updated in 1985, the TCSEC, frequently referred to as the Orange Book, was a United States Government Department of Defense (DoD) standard that sets basic standards for the implementation of security protections in computing systems. Primarily intended to help the DoD find products that met those basic standards, TCSEC was used to evaluate,classify, and select computer systems being considered for the processing, storage, and retrieval of sensitive or classified information on military and government systems. As such, it was strongly focused on enforcing confidentiality with no focus on other aspects of security such as integrity or availability. Although it has since been superseded by the common criteria, it influenced the development of other product evaluation criteria, and some of its basic approach and terminology continues to be used.
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 17920-17926). Auerbach Publications. Kindle Edition.andTHE source for all TCSEC "level" questions:http://csrc.nist.gov/publications/secpubs/rainbow/std001.txt (paragraph 3 for this one)
Which of the following classes is defined in the TCSEC (Orange Book) as discretionary protection?
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 197.Also: THE source for all TCSEC "level" questions:http://csrc.nist.gov/publications/secpubs/rainbow/std001.txt
Which of the following division is defined in the TCSEC (Orange Book) as minimal protection?
The criteria are divided into four divisions: D, C, B, and A ordered in a hierarchical manner with the highest division (A) being reserved for systems providing the most comprehensive security.Each division represents a major improvement in the overall confidence one can place in the system for the protection of sensitive information.Within divisions C and B there are a number of subdivisions known as classes. The classes are also ordered in a hierarchical manner with systems representative of division C and lower classes of division B being characterized by the set of computer security mechanisms that they possess.Assurance of correct and complete design and implementation for these systems is gained mostly through testing of the security- relevant portions of the system. The security-relevant portions of a system are referred to throughout this document as the Trusted Computing Base (TCB).Systems representative of higher classes in division B and division A derive their security attributes more from their design and implementation structure. Increased assurance that the required features are operative, correct, and tamperproof under all circumstances is gained through progressively more rigorous analysis during the design process.TCSEC provides a classification system that is divided into hierarchical divisions of assurance levels:Division D - minimal securityDivision C - discretionary protectionDivision B - mandatory protectionDivision A - verified protection
page 358 AIO V.5 Shon Harrisalso KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 197.Also:THE source for all TCSEC "level" questions:http://csrc.nist.gov/publications/secpubs/rainbow/std001.txt
Which of the following was developed by the National Computer Security Center (NCSC) for the US Department of Defense ?
TCSEC; The TCSEC, frequently referred to as the Orange Book, is the centerpiece of the DoD Rainbow Series publications.Initially issued by the National Computer Security Center (NCSC) an arm of the National Security Agency in 1983 and then updated in 1985, TCSEC was replaced with the development of the Common Criteria international standard originally published in 2005.
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, pages 197-199.Wikepediahttp://en.wikipedia.org/wiki/TCSEC
Share your comments for ISC SSCP exam with other users:
i never use these dumps sites but i had to do it for this exam as it is impossible to pass without using these question dumps.
good practice and well sites.
passed my first exam last week and pass the second exam this morning. thank you sir for all the help and these brian dumps.
does anyone who attended exam csa 8.8, can confirm these questions are really coming ? or these are just for practicing?
kindly share the dumps
very nice content
passed today
hi can you please upload questions
please upload quetions
i passed my exam thanks to this braindumps questions. these questions are valid in us and i highly recommend it!
are they truely latest
questions appear contemporary.
good to prepare in this site
very helpful to crack first attempt
please upload this exam
please upload the c_activate22 dump questions with answer
q10 - the answer should be a. if its c, the criteria will meet if either the prospect is not part of the suppression lists or if the job title contains vice president
this was on the exam as of 1211/2023
great for prep
i think in question 7 the first answer should be power bi portal (not power bi)
on question 10 and so far 2 wrong answers as evident in the included reference link.
wonderful material
i passed!! ...but barely! got 728, but needed 720 to pass. the exam hit me with labs right out of the gate! then it went to multiple choice. protip: study the labs!
correct answer for question 92 is c -aws shield
great !! it is really good
explanations for the answers are to the point.
how can rea next
question: 128 d is the wrong answer...should be c
thanks for az 700 dumps
thank you for this tableau dumps . it will helpfull for tableau certification
good content
just testing if the comments are real
very helpful for exam preparation
question 11: https://help.salesforce.com/s/articleview?id=sf.admin_lead_to_patient_setup_overview.htm&type=5