QUESTION 69
What is the window of time for recovery of information processing capabilities based on?
A. Quality of the data to be processed
B. Nature of the disaster
C. Criticality of the operations affected
D. Applications that are mainframe based
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
30
ISC CISSP Exam
QUESTION 70
What is the Maximum Tolerable Downtime (MTD):
A. Maximum elapsed time required to complete recovery of application data
B. Minimum elapsed time required to complete recovery of application data
C. Maximum elapsed time required to move back to primary site a major disruption
D. It is maximum delay businesses that can tolerate and still remain viable
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation: “The MTD is the period of time a business function or process can remain interrupted before its
ability to recover becomes questionable.” Pg 678 Hansche: Official (ISC)2 Guide to the CISSP Exam
QUESTION 71
A “critical application” is one that MUST
A. Remain operational for the organization to survive.
B. Be subject to continual program maintenance.
C. Undergo continual risk assessments.
D. Be constantly monitored by operations management.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation: I am assuming that I don’t need to put a reference for this answer. Yeah ok here it is but I cheated
and used a earlier reference
“A BIA is performed at the beginning of disaster recovery and continuity planning to identify the areas that would
suffer the greatest financial or operational loss in the event of a disaster or disruption. It identifies the
company’s critical systems needed for survival and estimates the outage time that can be tolerated by the
company as a result of disaster or disruption.” – Shon Harris All-in-one CISSP Certification Guide pg 597
QUESTION 72
31
ISC CISSP Exam
Which of the following questions is less likely to help in assessing physical and environmental protection?
A. Are entry codes changed periodically?
B. Are appropriate fire suppression and prevention devices installed and working?
C. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or steal printed or
electronic information?
D. Is physical access to data transmission lines controlled?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 73
A common Limitation of information classification systems is the INABILITY to
A. Limit the number of classifications.
B. Generate internal labels on diskettes.
C. Declassify information when appropriate.
D. Establish information ownership.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: I could not find a reference for this. However I do agree that declassifying information is harder to
do the classifying, but use your best judgment based on experience and knowledge.
QUESTION 74
The purpose of information classification is to
A. Assign access controls.
B. Apply different protective measures.
C. Define the parameters required for security labels.
D. Ensure separation of duties.
32
ISC CISSP Exam
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 75
Who should determine the appropriate access control of information?
A. Owner
B. User
C. Administrator
D. Server
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
All information generated, or used must have a designated owner. The owner must determine appropriate
sensitivity classifications, and access controls. The owner must also take steps to ensure the appropriate
controls for the storage, handling, distribution, and use of the information in a secure manner.
QUESTION 76
What is the main responsibility of the information owner?
A. making the determination to decide what level of classification the information requires
B. running regular backups
C. audit the users when they require access to the information
D. periodically checking the validity and accuracy for all data in the information system
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
33
ISC CISSP Exam
QUESTION 77
What process determines who is trusted for a given purpose?
A. Identification
B. Authorization
C. Authentication
D. Accounting
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Authorization determines who is trusted for a given purpose. More precisely, it determines whether a particular
principal, who has been authenticated as the source of a request to do something, is trusted for that operation.
Authorization may also include controls on the time at which something can be done (e.g. only during working
hours) or the computer terminal from which it can be requested (e.g. only the one on the system administrator
desk).
QUESTION 78
The intent of least privilege is to enforce the most restrictive user rights required
A. To execute system processes.
B. By their job description.
C. To execute authorized tasks.
D. By their security role.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: Least Privilege; the security principle that requires each subject to be granted the most restrictive
set of privileges needed for the performance of authorized tasks. The application of this principle limits the
damage that can result from accident, error, or unauthorized. – Shon Harris All-in-one CISSP Certification Guide
pg 933
34
ISC CISSP Exam
QUESTION 79
What principle requires that a user be given no more privilege then necessary to perform a job?
A. Principle of aggregate privilege.
B. Principle of most privilege.
C. Principle of effective privilege.
D. Principle of least privilege.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
As described at http://hissa.nist.gov/rbac/paper/node5.html, the principle of least privilege has been described
as important for meeting integrity objectives. The principle of least privilege requires that a user be given no
more privilege than necessary to perform a job.
QUESTION 80
To ensure least privilege requires that __________ is identified.
A. what the users privilege owns
B. what the users job is
C. what the users cost is
D. what the users group is
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Ensuring least privilege requires identifying what the user’s job is, determining the minimum set of privileges
required to perform that job, and restricting the user to a domain with those privileges and nothing more. By
denying to subjects transactions that are not necessary for the performance of their duties, those denied
privileges couldn’t be used to circumvent the organizational security policy. Although the concept of least
privilege currently exists within the context of the TCSEC, requirements restrict those privileges of the system
administrator. Through the use of RBAC, enforced minimum privileges for general system users can be easily
achieved.
35
ISC CISSP Exam
QUESTION 81
The concept of least privilege currently exists within the context of:
A. ISO
B. TCSEC
C. OSI
D. IEFT
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Ensuring least privilege requires identifying what the user’s job is, determining the minimum set of privileges
required to perform that job, and restricting the user to a domain with those privileges and nothing more. By
denying to subjects transactions that are not necessary for the performance of their duties, those denied
privileges couldn’t be used to circumvent the organizational security policy. Although the concept of least
privilege currently exists within the context of the TCSEC, requirements restrict those privileges of the system
administrator. Through the use of RBAC, enforced minimum privileges for general system users can be easily
achieved.
QUESTION 82
Which of the following rules is less likely to support the concept of least privilege?
A. The number of administrative accounts should be kept to a minimum
B. Administrators should use regular accounts when performing routing operations like reading mail
C. Permissions on tools that are likely to be used by hackers should be as restrictive as possible
D. Only data to and from critical systems and applications should be allowed through the firewall
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
36
ISC CISSP Exam
QUESTION 83
Which level of “least privilege” enables operators the right to modify data directly in it’s original location, in
addition to data copied from the original location?
A. Access Change
B. Read/Write
C. Access Rewrite
D. Access modify
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 84
This is a common security issue that is extremely hard to control in large environments. It occurs when a user
has more computer rights, permissions, and privileges that what is required for the tasks the user needs to
fulfill. What best describes this scenario?
A. Excessive Rights
B. Excessive Access
C. Excessive Permissions
D. Excessive Privileges
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Reference: “Excessive Privileges: This is a common security issue that is extremely hard to control in vast,
complex environments. It occurs when a user has more computer rights, permissions, and privileges than what
is required for the tasks she needs to fulfill.” pg 603 Shon Harris: All-in-One CISSP Certification
QUESTION 85
One method to simplify the administration of access controls is to group
A. Capabilities and privileges
B. Objects and subjects
37
ISC CISSP Exam
C. Programs and transactions
D. Administrators and managers
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 86
Cryptography does not concern itself with:
A. Availability
B. Integrity
C. Confidentiality
D. Authenticity
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 87
Which of the following measures would be the BEST deterrent to the theft of corporate information from a
laptop which was left in a hotel room?
A. Store all data on disks and lock them in an in-room safe
B. Remove the batteries and power supply from the laptop and store them separately from the computer
C. Install a cable lock on the laptop when it is unattended
D. Encrypt the data on the hard drive
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 88
To support legacy applications that rely on risky protocols (e.g,, plain text passwords), which one of the
following can be implemented to mitigate the risks on a corporate network?
38
ISC CISSP Exam
A. Implement strong centrally generated passwords to control use of the vulnerable applications.
B. Implement a virtual private network (VPN) with controls on workstations joining the VPN.
C. Ensure that only authorized trained users have access to workstations through physical access control.
D. Ensure audit logging is enabled on all hosts and applications with associated frequent log reviews.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation: It makes more sense to provide VPN client to workstations opposed to physically securing
workstations.
QUESTION 89
Which of the following computer crime is more often associated with insiders?
A. IP spoofing
B. Password sniffing
C. Data diddling
D. Denial of Service (DOS)
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 90
The technique of skimming small amounts of money from multiple transactions is called the
A. Scavenger technique
B. Salami technique
C. Synchronous attack technique
D. Leakage technique
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
39
ISC CISSP Exam
QUESTION 91
What best describes a scenario when an employee has been shaving off pennies from multiple accounts and
depositing the funds into his own bank account?
A. Data fiddling
B. Data diddling
C. Salami techniques
D. Trojan horses
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 92
What is the act of willfully changing data, using fraudulent input or removal of controls called?
A. Data diddling
B. Data contaminating
C. Data capturing
D. Data trashing
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation: Data-diddling – the modification of data -Ronald Krutz The CISSP PREP Guide (gold edition) pg
417
QUESTION 93
In the context of computer security, “scavenging” refers to searching
A. A user list to find a name.
B. Through storage to acquire information.
40
ISC CISSP Exam
C. Through data for information content.
D. Through log files for trusted path information.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: Scavenging is a form of dumpster diving performed electronically. Online scavenging searches for
useful information in the remnants of data left over after processes or tasks are completed. This could include
audit trails, logs files, memory dumps, variable settings, port mappings, and cached data. – Ed Tittle CISSP
Study Guide (sybex) pg 476
QUESTION 94
Which security program exists if a user accessing low-level data is able to draw conclusions about high-level
information?
A. Interference
B. Inference
C. Polyinstatiation
D. Under-classification
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation: Main Entry: in*fer*ence
Function: noun
Date: 1594
1 : the act or process of inferring : as a : the act of passing from one proposition, statement, or judgment
considered as true to another whose truth is believed to follow from that of the former b :
the act of passing from statistical sample data to generalizations (as of the value of population parameters)
usually with calculated degrees of certainty
2 : something that is inferred; especially : a proposition arrived at by inference
3 : the premises and conclusion of a process of inferring http://www.m-w.com/cgi-bin/dictionary
QUESTION 95
Which of the following is not a form of a passive attack?
41
ISC CISSP Exam
A. Scavenging
B. Data diddling
C. Shoulder surfing
D. Sniffing
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation: Data diddling is an active attack opposed to a passive attack. Reference: “Data Diddling occurs
when an attacker gains access to a system and makes small, random, or incremental changes to data rather
than obviously altering file contents or damaging or deleting entire files.” Pg 383 Tittel
QUESTION 96
An example of an individual point of verification in a computerized application is
A. An inference check.
B. A boundary protection.
C. A sensitive transaction.
D. A check digit.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation: Checkdigit: A one-digit checksum.
Checksum: A computed value which depends on the contents of a block of data and which is transmitted or
stored along with the data in order to detect corruption of the data. The receiving system recomputes the
checksum based upon the received data and compares this value with the one sent with the data. If the two
values are the same, the receiver has some confidence that the data was received correctly.
The checksum may be 8 bits (modulo 256 sum), 16, 32, or some other size. It is computed by summing the
bytes or words of the data block ignoring overflow. The checksum may be negated so that the total of the data
words plus the checksum is zero.
QUESTION 97
Data inference violations can be reduced using
42
ISC CISSP Exam
A. Polyinstantiation technique.
B. Rules based meditation.
C. Multi-level data classification.
D. Correct-state transformation.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation: “Polyinstantiation is the development of a detailed version of an object from another object using
different values in the new object. In the database information security, this term is concerned with the same
primary key for different relations at different classification levels being stored in the same database. For
example, in a relational database, the same of a military unit may be classified Secret in the database and may
have an identification number as the primary key. If another user at a lower classification level attempts to
create a confidential entry for another military unit using the same identification number as a primary key, a
rejection of this attempt would imply to the lower level user that the same identification number existed at a
higher level of classification. To avoid this inference channel of information, the lower level user would be
issued the same identification number for their unit and the database management system would manage this
situation where the same primary key was used for different units.” Pg 352-353 Krutz: The CISSP Prep Guide:
Gold Edition.
“As with aggregation, the best defense against inference attacks is to maintain constant vigilance over the
permissions granted to individual users. Furthermore, intentional blurring of data may be used to prevent the
inference of sensitive information.” Ed Tittle CISSP Study Guide (sybex) The other security issue is inference,
which is very similar to aggregation. The inference problem happens when a subject deduces information that
is restricted from data he has access to. This is seen when data at a lower security level indirectly portrays data
at a higher level…This problem is usually dealt with in the development of the database by implementing
content and context- dependent classification rules; this tracks the subject’s query requests and restricts
patterns that represent inference.
“Polyinstantiation is a process of interactively producing more detailed versions of objects by populating
variables with values or other variables”- Shon Harris All-in-one CISSP Certification Guide pg 725-727
Topic 2, Security Architecture and Models
QUESTION 98
What is it called when a computer uses more than one CPU in parallel to execute instructions?
43
ISC CISSP Exam
A. Multiprocessing
B. Multitasking
C. Multithreading
D. Parallel running
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 99
What is the main purpose of undertaking a parallel run of a new system?
A. Resolve any errors in the program and file interfaces
B. Verify that the system provides required business functionality
C. Validate the operation of the new system against its predecessor
D. Provide a backup of the old system
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 100
Which of the following provide network redundancy in a local network environment?
A. Mirroring
B. Shadowing
C. Dual backbones
D. Duplexing
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 101
A server farm is an example of:
44
ISC CISSP Exam
A. Server clustering
B. Redundant servers
C. Multiple servers
D. Server fault tolerance
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 102
In which state must a computer system operate to process input/output instructions?
A. User mode
B. Stateful inspection
C. Interprocess communication
D. Supervisor mode
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation: A computer is in a supervisory state when it is executing these privileged instructions. (privileged
instructions are executed by the system administrator or by an individual who is authorized to use those
instructions.) . -Ronald Krutz The CISSP PREP Guide (gold edition) pg 254-255
QUESTION 103
What should be the size of a Trusted Computer Base?
A. Small in order to permit it to be implemented in all critical system components without using excessive
resources.
B. Small in order to facilitate the detailed analysis necessary to prove that it meets design requirements.
C. Large in order to accommodate the implementation of future updates without incurring the time and
expense of recertification.
D. Large in order to enable it to protect the potentially large number of resources in a typical “Pass Any Exam.
Any Time.” – www.actualtests.com 45
ISC CISSP Exam
commercial system environment.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation: “It must be small enough to be able to be tested and verified in a complete and comprehensive
manner.” Shon Harris All-In-One CISSP Certification Guide pg. 232-233.
QUESTION 104
Which one of the following are examples of security and controls that would be found in a “trusted” application
system?
A. Data validation and reliability
B. Correction routines and reliability
C. File integrity routines and audit trail
D. Reconciliation routines and data labels
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: I have no specific reference for this question but the major resources hammer that there needs to
be methods to check the data for correctness.
QUESTION 105
Which of the following is an operating system security architecture that provides flexible support for security
policies?
A. OSKit
B. LOMAC
C. SE Linux
D. Flask
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Flask is an operating system security architecture that provides flexible support for
46
ISC CISSP Exam
security policies. The architecture was prototyped in the Fluke research operating system. Several of the Flask
interfaces and components were then ported from the Fluke prototype to the OSKit. The Flask architecture is
now being implemented in the Linux operating system (Security-Enhanced Linux) to transfer the technology to a
larger developer and user community.
QUESTION 106
Which of the following statements pertaining to the security kernel is incorrect?
A. It is made up of mechanisms that fall under the TCB and implements and enforces the reference monitor
concept.
B. It must provide isolation for the processes carrying out the reference monitor concept and they must be
tamperproof
C. It must be small enough to be able to be tested and verified in a complete and comprehensive manner
D. Is an access control concept, not an actual physical component
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 107
What is a PRIMARY reason for designing the security kernel to be as small as possible?
A. The operating system cannot be easily penetrated by users.
B. Changes to the kernel are not required as frequently.
C. Due to its compactness, the kernel is easier to formally verify.
D. System performance and execution are enhanced.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: I disagree with the original answer which was B (changes to the kernel) and think it is C (Due to its
compactness). However, use your best judgment based on knowledge and experience. Below is why I think it is
C.
“There are three main requirements of the security kernel:
47
ISC CISSP Exam
It must provide isolation for the processes carrying out the reference monitor concept and they must be
tamperproof.
The reference monitor must be invoked for every access attempt and must be impossible to circumvent. Thus
the reference monitor must be implemented in a complete and foolproof way. It must be small enough to be
able to be tested and verified in a complete and comprehensive manner.” – Shon Harris All-in-one CISSP
Certification Guide pg 232-233
QUESTION 108
Which of the following implements the authorized access relationship between subjects and objects of a
system?
A. Security model
B. Reference kernel
C. Security kernel
D. Information flow model
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 109
The concept that all accesses must be meditated, protected from modification, and verifiable as correct is the
concept of
A. Secure model
B. Security locking
C. Security kernel
D. Secure state
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: A security kernel is defined as the hardware, firmware, and software elements of a trusted
computing base that implements the reference monitor concept. A reference monitor is a
48
ISC CISSP Exam
system component that enforces access controls on an object. Therefore, the reference monitor concept is an
abstract machine that mediates all access of subjects to objects. The Security Kernel must:
Mediate all accesses
Be protected from modification
Be verified as correct.
-Ronald Krutz The CISSP PREP Guide (gold edition) pg 262
QUESTION 110
What is an error called that causes a system to be vulnerable because of the environment in which it is
installed?
A. Configuration error
B. Environmental error
C. Access validation error
D. Exceptional condition handling error
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 111
Which of the following ensures that security is not breached when a system crash or other system failure
occurs?
A. trusted recovery
B. hot swappable
C. redundancy
D. secure boot
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation: “Trusted Recovery
When an operating system or application crashes or freezes, it should not put the sytem in any time of secure
state.” Pg 762 Shon Harris: All-In-One CISSP Certification Exam Guide
49
ISC CISSP Exam
QUESTION 112
What type of subsystem is an application program that operates outside the operating system and carries out
functions for a group of users, maintains some common data for all users in the group, and protects the data
from improper access by users in the group?
A. Prevented subsystem
B. Protected subsystem
C. File subsystem
D. Directory subsystem
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 113
A ‘Pseudo flaw’ is which of the following?
A. An apparent loophole deliberately implanted in an operating system
B. An omission when generating Pseudo-code
C. Used for testing for bounds violations in application programming
D. A Normally generated page fault causing the system halt
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 114
Which of the following yellow-book defined types of system recovery happens after a system fails in an
uncrontrolled manner in response to a TCB or media failure and the system cannot be brought to a consistent
state?
50
ISC CISSP Exam
A. Recovery restart
B. System reboot
C. Emergency system restart
D. System Cold start
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Reference: “Emergency system restart is done after a system fails in an uncontrolled manner in response to a
TCB or media failure. In such cases, TCB and user objects on nonvolatile storage belonging to processes
active at the time of TCB or media failure may be left in an inconsistent state. The system enters maintenance
mode, recovery is performed automatically, and the system restarts with no user processes in progress after
bringing up the system in a consistent state.”
QUESTION 115
Which one of the following describes a reference monitor?
A. Access control concept that refers to an abstract machine that mediates all accesses to objects by subjects.
B. Audit concept that refers to monitoring and recording of all accesses to objects by subjects.
C. Identification concept that refers to the comparison of material supplied by a user with its reference profile.
D. Network control concept that distributes the authorization of subject accesses to objects.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation: A reference monitor is a system component that enforces access controls on an object. Therefore,
the reference monitor concept is an abstract machine that mediates all access of subjects to objects -Ronald
Krutz The CISSP PREP Guide (gold edition) pg 262
QUESTION 116
What can best be described as an abstract machine which must mediate all access to subjects to objects?
A. A security domain
B. The reference monitor
51
ISC CISSP Exam
C. The security kernel
D. The security perimeter
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Reference: pg 882 Shon Harris: All-in-One CISSP Certification
QUESTION 117
What is the PRIMARY component of a Trusted Computer Base?
A. The computer hardware
B. The security subsystem
C. The operating system software
D. The reference monitor
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation: “The security kernel is made up of hardware, software, and firmware components that fall within
the TCB and implements and enforces the reference monitor concept. The security kernel mediates all access
and functions between subjects and objects. The security kernel is the core of the TCB and is the most
commonly used approach to building trusted computing systems. There are three main requirements of the
security kernel:
· It must provide isolation for the processes carrying out the reference monitor concept, and the processes
must be tamperproof.
· It must be invoked for every access attempt and must be impossible to circumvent. Thus, the security kernel
must be implemented in a complete and foolproof way. · It must be small enough to be able to be tested and
verified in a complete and comprehensive manner.
These are the requirements of the reference monitor; therefore, they are the requirements of the components
that provide and enforce the reference monitor concept–the security kernel.” Shon Harris, “CISSP All-in-One
Exam Guide”, 3rd Ed, p
QUESTION 118
Which of the following is best defined as a mode of system termination that automatically leaves
52
ISC CISSP Exam
system processes and components in a secure state when a failure occurs or is detected in the system?
A. Fail proof
B. Fail soft
C. Fail safe
D. Fail resilient
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 119
LOMAC uses what Access Control method to protect the integrity of processes and data?
A. Linux based EFS.
B. Low Water-Mark Mandatory Access Control.
C. Linux based NFS.
D. High Water-Mark Mandatory Access Control.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
LOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect
the integrity of processes and data from viruses, Trojan horses, malicious remote users and compromised root
daemons. LOMAC is implemented as a loadable kernel module – no kernel recompilations or changes to
existing applications are required. Although not all the planned features are currently implemented, it presently
provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use.
QUESTION 120
On Linux, LOMAC is implemented as:
53
ISC CISSP Exam
A. Virtual addresses
B. Registers
C. Kernel built in functions
D. Loadable kernel module
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
LOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect
the integrity of processes and data from viruses, Trojan horses, malicious remote users and compromised root
daemons. LOMAC is implemented as a loadable kernel module – no kernel recompilations or changes to
existing applications are required. Although not all the planned features are currently implemented, it presently
provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use.
“Security Kernel – The hardware, firmware, and software elements of a trusted computing base (TCB) that
implements the reference monitor concept. It must mediate all accesses between subjects and objects, be
protected from modification, and be verifiable as correct.” – Shon Harris All-in-one CISSP Certification Guide pg
355
QUESTION 121
LOMAC is a security enhancement for what operating system?
A. Linux
B. Netware
C. Solaris
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
LOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect
the integrity of processes and data from viruses, Trojan horses, malicious remote users and compromised root
daemons. LOMAC is implemented as a loadable kernel module – no kernel recompilations or changes to
existing applications are required. Although not all the planned features are currently implemented, it presently
provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use.
54
ISC CISSP Exam
QUESTION 122
What was introduced for circumventing difficulties in classic approaches to computer security by limiting
damages produced by malicious programs?
A. Integrity-preserving
B. Reference Monitor
C. Integrity-monitoring
D. Non-Interference
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
“reference monitor … mediates all access subjects have to objects … protect the objects from unauthorized
access and destructive modification” , Ibid p 273 Reference monitor is part of the TCB concept
Not D: “noninterference … is implemented to ensure that any actions that take place at a higher security level
do not affect … actions that take place at a lower level”, Harris, 3rd Ed, p 290.
It is part of the information flow model.
QUESTION 123
A feature deliberately implemented in an operating system as a trap for intruders is called a:
A. Trap door
B. Trojan horse
C. Pseudo flaw
D. Logic bomb
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
“An apparent loophole deliberately implanted in an operating system program as a trap for
55
ISC CISSP Exam
intruders.” As defined by the Aqua Book NCSC-TG-004 a pseudo-flaw is an apparent loophole deliberately
implanted in an operating system program as a trap for intruders. Answer from http://www.cccure.org
QUESTION 124
Fault tolerance countermeasures are designed to combat threats to
A. an uninterruptible power supply
B. backup and retention capability
C. design reliability
D. data integrity
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 125
A ‘Psuedo flaw’ is which of the following?
A. An apparent loophole deliberately implanted in an operating system program as a trap for intruders
B. An omission when generating Psuedo-code
C. Used for testing for bounds violations in application programming
D. A normally generated page fault causing the system to halt
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 126
What Distributed Computing Environment (DCE) component provides a mechanism to ensure that services are
made available only to properly designated parties?
56
ISC CISSP Exam
A. Directory Service
B. Remote Procedure Call Service
C. Distributed File Service
D. Authentication and Control Service
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation: A directory service has a hierarchical database of users, computers, printers, resources, and
attributes of each. The directory is mainly used for lookup operations, which enable users to track down
resources and other users…The administrator can then develop access control, security, and auditing policies
that dictate who can access these objects, how the objects can be accessed, and audit each of these actions. –
Shon Harris All-in-one CISSP Certification Guide pg 436-437
QUESTION 127
What can be accomplished by storing on each subject a list of rights the subject has for every object?
A. Object
B. Capabilities
C. Key ring
D. Rights
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:
Capabilities are accomplished by storing on each subject a list of rights the subject has for every object. This
effectively gives each user a key ring. To remove access to a particular object, every user (subject) that has
access to it must be “touched”. A touch is an examination of a user’s rights to that object and potentially
removal of rights. This brings back the problem of sweeping changes in access rights.
QUESTION 128
In the Information Flow Model, what relates two versions of the same object?
57
ISC CISSP Exam
A. Flow
B. State
C. Transformation
D. Successive points
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
A flow is a type of dependency that relates two versions of the same object, and thus the transformation of one
state of that object into another, at successive points in time.
QUESTION 129
What is a security requirement that is unique to Compartmented Mode Workstations (CMW)?
A. Sensitivity Labels
B. Object Labels
C. Information Labels
D. Reference Monitors
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 130
The Common Criteria (CC) represents requirements for IT security of a product or system under which distinct
categories?
A. Functional and assurance
B. Protocol Profile (PP) and Security Target (ST)
C. Targets of Evaluation (TOE) and Protection Profile (PP)
D. Integrity and control
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation: “Like other evaluation criteria before it, Common Criteria works to answer two basic and general
questions about products being evaluated: what does it do (functionality), and how sure are you of that
(assurance)?” pg 232 Shon Harris CISSP All-In-One Certification Exam Guide
58
ISC CISSP Exam
QUESTION 131
What are the assurance designators used in the Common Criteria (CC)?
A. EAL 1, EAL 2, EAL 3, EAL 4, EAL 5, EAL 6, and EAL 7
B. A1, B1, B2, B3, C2, C1, and D
C. E0, E1, E2, E3, E4, E5, and E6
D. AD0, AD1, AD2, AD3, AD4, AD5, and AD6
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation: Original Answer was C. This is wrong in my view as the original answer confused ITSEC with the
CC per the following
The Common criteria terminology for the degree of examination of the product to be tested is the Evaluation
Assurance level (EAL). EALs range from EA1 (functional testing to EA7 (detailed testing and formal design
verification). -Ronald Krutz The CISSP PREP Guide (gold edition) pg 266-267
Note that Shon Harris All-in-one CISSP Certification Guide uses EAL (not just EA). EALs are combinations of
assurance components. They also can be conveniently compared to TSCEC and ITSEC. Like these security
evaluation criteria, EALs are scaled with from EAL1 through EAL7. Other EALs exist, but EAL 7 is the highest
with international recognition. – Roberta Bragg Cissp Certification Training Guide (que) pg 368
ITSEC separately evaluates functionality and assurance, and it includes 10 functionality classes (f), eight
assurance levels (q), seven levels of correctness (e), and eight basic security functions in its criteria. ). -Ronald
Krutz The CISSP PREP Guide (gold edition) pg 266
QUESTION 132
Which of the following uses protection profiles and security targets?
A. ITSEC
B. TCSEC
C. CTCPEC
D. International Standard 15408
59
ISC CISSP Exam
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation: “For historical and continuity purposes, ISO has accepted the continued use of the term “Common
Criteria” (CC) within this document, while recognizing the official ISO name for the new IS 15408 is “Evaluation
Criteria for Information Technology Security.” Pg. 552 Krutz: The CISSP Prep Guide: Gold Edition
“The Common Criteria define a Protection Profile (PP), which is an implementation-independent specification of
the security requirements and protections of a product that could be built. The Common Criteria terminology for
the degree of examination of the product to be tested is the Evaluation Assurance Level (EAL). EALs range
from EA1 (functional testing) to EA7 (detailed testing and formal design verification). The Common Criteria
TOE refers to the product to be tested. A Security Target (ST) is a listing of the security claims for a particular
IT security product. Also, the Common Criteria describe an intermediate grouping of security requirement
components as a package.” Pg. 266-267 Krutz: The CISSP Prep Guide: Gold Edition
QUESTION 133
According to Common Criteria, what can be described as an intermediate combination of security requirement
components?
A. Protection profile (PP)
B. Security target (ST)
C. Package
D. The Target of Evaluation (TOE)
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: “The Common Criteria define a Protection Profile (PP), which is an implementation- independent
specification of the security requirements and protections of a product that should be built. The Common
Criteria terminology for the degree of examination of the product to be tested is the Evaluation Assurance Level
(EAL.) EALs range from EA1 (functional testing() to EA7 (detailed testing and formal design verification). The
Common Criteria TOE refers to the product to be tested. A Security Target (ST) is a listing of the security
claims for a particular IT security product. Also, the Common Criteria describe an intermedicate grouping of
security requirement components as a package.”
Pg. 266- 267 Krutz: The CISSP Prep Guide: Gold Edition
60
ISC CISSP Exam
QUESTION 134
The Common Criteria construct which allows prospective consumers or developers to create standardized sets
of security requirements to meet there needs is
A. a Protection Profile (PP).
B. a Security Target (ST).
C. an evaluation Assurance Level (EAL).
D. a Security Functionality Component Catalog (SFCC).
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation: Protection Profiles: The Common Criteria uses protection profiles to evaluate products. The
protection profile contains the set of security requirements, their meaning and reasoning, and the corresponding
EAL rating. The profile describes the environmental assumptions, the objectives, and functional and assurance
level expectations. Each relevant threat is listed along with how it is to be controlled by specific objectives. It
also justifies the assurance level and requirements for the strength of each protection mechanism. The
protection profile provides a means for the consumer, or others, to identify specific security needs;p this is the
security problem to be conquered.
EAL: An evaluation is carried out on a product and is assigned an evaluation assurance level (EAL) The
thoroughness and stringent testing increases in detailed-oriented tasks as the levels increase. The Common
Criteria has seven aassurance levels. The ranges go from EAL1, where the functionality testing takes place, to
EAL7,where thorough testing is performed and the system is verified.
All-In-One CISSP Certification Exam Guide by Shon Harris pg. 262
Note:”The Common Criteria defines a Protection Profile (PP), which is an implementation- independent
specification of the security requirements and protections of a product that could be built. The Common Criteria
terminology for the degree of examination of the product to be tested is the Evaluation Assurance Level (EAL).
EALs range from EA1 (functional testing) to EA7 (detailed testing and formal design verification). The Common
Criteria TOE [target of evaluation] refers to the product to be tested. A Security Target (ST) is a listing of the
security claims for a particular IT security product.” -Ronald Krutz The CISSP PREP Guide (gold edition) pg
266-267
61
ISC CISSP Exam
QUESTION 135
The Information Technology Security Evaluation Criteria (ITSEC) was written to address which of the following
that the Orange Book did not address?
A. integrity and confidentiality
B. confidentiality and availability
C. integrity and availability
D. none of the above
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: “ITSECTCSEC (Orange Book)
E0D
F1+E1C1
F2+E2C2
F3+E3B1
F4+E4B2
F5+E5B3
F5+E6A1
F6=Systems that provide high integrity
F7=Systems that provide high availability
F8=Systems that provide data integrity during communication F9=Systems that provide high confidentiality
F10=Networks with high demands on confidentiality and integrity”
Pg. 230 Shon Harris: All-in-One CISSP Certification
QUESTION 136
Which of the following was developed by the National Computer Security Center (NCSC)?
A. TCSEC
B. ITSEC
C. DITSCAP
D. NIACAP
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Reference: pg 129 Hansche: Official (ISC)2 Guide to the CISSP Exam
62
ISC CISSP Exam
QUESTION 137
The Trusted Computer Security Evaluation Criteria (TBSEC) provides
A. a basis for assessing the effectiveness of security controls built into automatic data-processing system
products
B. a system analysis and penetration technique where specifications and document for the system are
analyzed.
C. a formal static transition model of computer security policy that describes a set of access control rules.
D. a means of restricting access to objects based on the identity of subjects and groups to which they belong.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation: TBSEC provides guidelines to be used with evaluating a security product. The TBSEC guidelines
address basic security functionality and allow evaluators to measure and rate the functionality of a system and
how trustworthy it is. Functionality and assurance are combined and not separated, as in criteria developed
later. TCSEC guidelines can be used for evaluating vendor products or by vendors to design necessary
functionality into new products. CISSP Study Guide by Tittel pg. 413.
QUESTION 138
Which Orange Book evaluation level is described as “Verified Design”?
A. A1
B. B3
C. B2
D. B1
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 139
63
ISC CISSP Exam
Which of the following classes is defined in the TCSEC (Orange Book) as mandatory protection?
A. B
B. A
C. C
D. D
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 140
Which Orange Book security rating requires that formal techniques are used to prove the equivalence between
the TCB specifications and the security policy model?
A. B2
B. B3
C. A1
D. A2
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Reference: Pg 226 Shon Harris: All-in-One CISSP Certification
QUESTION 141
According to the Orange Book, which security level is the first to require trusted recovery?
A. A1
B. B2
C. B3
D. B1
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: “Trusted recovery is required only for B3 and A1 level systems.” Pg 305 Krutz:
CISSP Prep Guide: Gold Edition.
64
ISC CISSP Exam
QUESTION 142
According to the Orange Book, which security level is the first to require a system to protect against covert
timing channels?
A. A1
B. B3
C. B2
D. B1
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: http://en.wikipedia.org/wiki/Trusted_Computer_System_Evaluation_Criteria
QUESTION 143
Which of the following is not an Orange Book-defined operational assurance requirement?
A. System architecture
B. Trusted facility management
C. Configuration management
D. Covert channel analysis
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: Systems Integrity is a part of operational assurance opposed to life cycle assurance.
“The operational assurance requirements specified in the Orange Book are as follows:
System Architecture
System integrity
Covert channel analysis
Trusted facility management
Trusted recovery
The life cycle assurance requirements specified in the Orange Book are as follows:
Security testing
Design specification and testing
Configuration Management
Trusted Distribution”
Pg. 301 Krutz: The CISSP Prep Guide: Gold Edition.
65
ISC CISSP Exam
QUESTION 144
Which of the following is least likely to be found in the Orange Book?
A. Security policy
B. Documentation
C. Accountability
D. Networks and network components
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 145
According to the Orange Book, which security level is the first to require a system to support separate operator
and system administrator rules?
A. A1
B. B1
C. B2
D. B3
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 146
Which of the following is not an Orange book-defined life cycle assurance requirement?
A. Security testing
B. Design specification and testing
C. Trusted distribution
D. System integrity
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
66
ISC CISSP Exam
Explanation: Systems Integrity is a part of operational assurance opposed to life cycle assurance.
“The operational assurance requirements specified in the Orange Book are as follows:
System Architecture
System integrity
Covert channel analysis
Trusted facility management
Trusted recovery
The life cycle assurance requirements specified in the Orange Book are as follows:
Security testing
Design specification and testing
Configuration Management
Trusted Distribution”
Pg. 301 Krutz: The CISSP Prep Guide: Gold Edition.
QUESTION 147
At what Trusted Computer Security Evaluation Criteria (TCSEC) or Information Technology Security Evaluation
Criteria (ITSEC) security level are database elements FIRST required to have security labels?
A. A1/E6
B. B1/E3
C. B2/E4
D. C2/E2
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation: “B1: Labeled Security
Each data object must contain a classification label and each subject must have a clearance label. When a
subject attempts to access an object, the system must compare the subject and object’s security labels to
ensure the requested actions are acceptable. Data leaving the system must also contain an accurate security
label. The security policy is based on an informal statement and the design specifications are reviewed and
verified. It is intended for environments that require systems to handle classified data.”
67
ISC CISSP Exam
” pg. 224-226 Shon Harris: All-In-One CISSP Certification Exam Guide
QUESTION 148
Which of the following statements pertaining to the Trusted Computer System Evaluation Criteria (TCSEC) is
incorrect?
A. With TCSEC, functionality and assurance are evaluated separately.
B. TCSEC provides a means to evaluate the trustworthiness of an information system
C. The Orange Book does not cover networks and communications
D. Database management systems are not covered by the TCSEC
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 149
Which of the following is the lowest TCSEC class wherein the systems must support separate operator and
system administrator roles?
A. B2
B. B1
C. A1
D. A2
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Reference: pg 129 Hansche: Official (ISC)2 Guide to the CISSP Exam
QUESTION 150
Which TCSEC (Orange Book) level requires the system to clearly identify functions of security administrator to
perform security-related functions?
A. C2
68
ISC CISSP Exam
B. B1
C. B2
D. B3
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation: B1: Labeled Security
Each data object must contain a classification label and each subject must have a clearance label. When a
subject attempts to access an object, the system must compare the subject and object’s security labels to
ensure the requested actions are acceptable. Data leaving the system must also contain an accurate security
label. The security policy is based on an informal statement and the design specifications are reviewed and
verified. It is intended for environments that require systems to handle classified data.
B2: Structured Protection
The security policy is clearly defined and documented, and the system design and implementation are
subjected to more thorough review and testing procedures. This class requires more stringent authentication
mechanisms and well-defined interfaces among layers. Subjects and devices require labels, and the system
must not allow covert channels. A trusted path for logon and authentication processes must be in place, which
means there are no trapdoors. A trusted path means that the subject is communicating directly with the
application or operating system. There is no way to circumvent or compromise this communication channel.
There is a separation of operator and administration functions within the system to provide more trusted and
protected operational functionality. Distinct address spaces must be provided to isolate processes, and a covert
channel analysis is conducted. This class adds assurance by adding requirements to the design of the system.
The environment that would require B2 systems could process sensitive data that require a higher degree of
security. This environment would require systems that are relatively resistant to penetration and compromise.
(A trusted path means that the user can be sure that he is talking to a genuine copy of the operating system.)
B3: Security Domains
In this class, more granularity is provided in each protection mechanism, and the programming code that is not
necessary to support the security policy is exclude. The design and implementation should not provide too
much complexity because as the complexity of a system increases, the ability of the individuals who need to
test, maintain, and configure it reduces; thus, the overall security can be threatened. The reference monitor
components must be small enough to test properly and be tamperproof. The security administrator role is
clearly defined, and the system must be able to recover from failures without it security level being
compromised. When the system starts up and loads it operating system and components, it must be done in an
initial secure state to ensure that any weakness of the system cannot be taken advantage of in this slice of
time. ” pg. 226 Shon Harris: All-In-One CISSP Certification Exam Guide
69
ISC CISSP Exam
QUESTION 151
Which of the following statements pertaining to the trusted computing base (TCB) is false?
A. It addresses the level of security a system provides
B. It originates from the Orange Book
C. It includes hardware, firmware, and software
D. A higher TCB rating will require that details of their testing procedures and documentation be reviewed with
more granularity
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 152
Which of the following is not an Orange book-defined operational assurance requirement?
A. System architecture
B. Trusted facility management
C. Configuration management
D. Covert channel analysis
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: Configuration management is a part of life cycle assurance opposed to operational assurance.
“The operational assurance requirements specified in the Orange Book are as follows:
System Architecture
System integrity
Covert channel analysis
Trusted facility management
Trusted recovery
The life cycle assurance requirements specified in the Orange Book are as follows:
Security testing
70
ISC CISSP Exam
Design specification and testing
Configuration Management
Trusted Distribution”
Pg. 301 Krutz: The CISSP Prep Guide: Gold Edition.
QUESTION 153
Which of the following focuses on the basic features and architecture of a system?
A. operational assurance
B. life cycle assurance
C. covert channel assurance
D. level A1
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation: “The operational assurance requirements specified in the Orange Book are as follows:
System Architecture
System integrity
Covert channel analysis
Trusted facility management
Trusted recovery”
Pg. 301 Krutz: The CISSP Prep Guide: Gold Edition
QUESTION 154
Which level(s) must protect against both covert storage and covert timing channels?
A. B3 and A1
B. B2, B3 and A1
C. A1
D. B1, B2, B3 and A1
71
ISC CISSP Exam
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Reference: pg 302 Krutz: CISSP Prep Guide: Gold Edition
QUESTION 155
According to the Orange Book, trusted facility management is not required for which of the following security
levels?
A. B1
B. B2
C. B3
D. A1
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation: B1 does not provide trusted facility management, the next highest level that does is B2.
“Trusted facility management is defined as the assignment of a specific individual to administer the securityrelated
functions of a system. Although trusted facility management is an assurance requirement only for highly
secure systems (B2, B3, and A1), many systems evaluated at lower security levels re structured to try to meet
this requirement.” Pg. 302 Krutz: The CISSP Prep Guide: Gold Edition
QUESTION 156
Which factor is critical in all systems to protect data integrity?
A. Data classification
B. Information ownership
C. Change control
D. System design
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation: A Integrity is dependent on confidentiality, which relies on data classification. Also Biba integrity
model relies on data classification.
72
ISC CISSP Exam
“There are numerous countermeasures to ensure confidentiality against possible threats. These include the use
of encryption, network traffic padding, strict access control, rigorous authentication procedures, data
classification, and extensive personnel training.
Confidentiality and integrity are dependent upon each other. Without object integrity, confidentiality cannon be
maintained. Other concepts, conditions, and aspects of confidentiality include sensitivity, discretion, criticality,
concealment, secrecy, privacy, seclusion, and isolation.” Pg 145 Tittel: CISSP Study Guide.
“Biba Integrity Model
Integrity is usually characterized by the three following goals:
1.)The data is protected from modification by unauthorized users. 2.)The data is protected from unauthorized
modification by authorized users. 3.)The data is internally and externally consistent; the data held in a database
must balance internally and correspond to the external, real world situation.”
Pg. 277 Krutz: The CISSP Prep Guide: Gold Edition.
QUESTION 157
Which of the following is not a common integrity goal?
A. Prevent unauthorized users from making modifications
B. Maintain internal and external consistency
C. Prevent authorized users from making improper modifications
D. Prevent paths that could lead to inappropriate disclosure
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 158
Which security model introduces access to objects only through programs?
73
ISC CISSP Exam
A. The Biba model
B. The Bell-LaPadula model
C. The Clark-Wilson model
D. The information flow model
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: “The Clark-Wilson model is also an integrity-protecting model. The Clark-Wilson model was
developed after Biba and approaches integrity protection from a different perspective. Rather than employing a
lattice structure, it uses a three-part relationship of subject/program/object known as a triple. Subjects do not
have direct access to objects. Objects can be access only t