| Question.46 Which of the following division is defined in the TCSEC (Orange Book) as minimal protection? (A) Division D (B) Division C (C) Division B (D) Division A |
46. Click here to View Answer
Correct Answer: A
The criteria are divided into four divisions: D, C, B, and A ordered in a hierarchical manner with the highest division (A) being reserved for systems providing the most comprehensive security.
Each division represents a major improvement in the overall confidence one can place in the system for the protection of sensitive information.
Within divisions C and B there are a number of subdivisions known as classes. The classes are also ordered in a hierarchical manner with systems representative of division C and lower classes of division B being characterized by the set of computer security mechanisms that they possess.
Assurance of correct and complete design and implementation for these systems is gained mostly through testing of the security- relevant portions of the system.
The security-relevant portions of a system are referred to throughout this document as the Trusted Computing Base (TCB).
Systems representative of higher classes in division B and division A derive their security attributes more from their design and implementation structure.
Increased assurance that the required features are operative, correct, and tamperproof under all circumstances is gained through progressively more rigorous analysis during the design process.
TCSEC provides a classification system that is divided into hierarchical divisions of assurance levels:
Division D – minimal security –
Division C – discretionary protection
Division B – mandatory protection
Division A – verified protection
Reference: page 358 AIO V.5 Shon Harris
also
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 197.
Also:
THE source for all TCSEC “level” questions: http://csrc.nist.gov/publications/secpubs/rainbow/std001.txt
| Question.47 Which of the following was developed by the National Computer Security Center (NCSC) for the US Department of Defense ? (A) TCSEC (B) ITSEC (C) DIACAP (D) NIACAP |
47. Click here to View Answer
Correct Answer: A
| Question.48 Which of the following was developed to address some of the weaknesses in Kerberos and uses public key cryptography for the distribution of secret keys and provides additional access control support? (A) SESAME (B) RADIUS (C) KryptoKnight (D) TACACS+ |
48. Click here to View Answer
Correct Answer: A
Secure European System for Applications in a Multi-vendor Environment (SESAME) was developed to address some of the weaknesses in Kerberos and uses public key cryptography for the distribution of secret keys and provides additional access control support.
Reference:
TIPTON, Harold, Official (ISC)2 Guide to the CISSP CBK (2007), page 184.
ISC OIG Second Edition, Access Controls, Page 111
| Question.49 Single Sign-on (SSO) is characterized by which of the following advantages? (A) Convenience (B) Convenience and centralized administration (C) Convenience and centralized data administration (D) Convenience and centralized network administration |
49. Click here to View Answer
Correct Answer: B
Convenience -Using single sign-on users have to type their passwords only once when they first log in to access all the network resources; and Centralized
Administration as some single sign-on systems are built around a unified server administration system. This allows a single administrator to add and delete accounts across the entire network from one user interface.
The following answers are incorrect:
Convenience – alone this is not the correct answer.
Centralized Data or Network Administration – these are thrown in to mislead the student. Neither are a benefit to SSO, as these specifically should not be allowed with just an SSO.
References: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 1, page 35.
TIPTON, Harold F. & HENRY, Kevin, Official (ISC)2 Guide to the CISSP CBK, 2007, page 180.
| Question.50 The “vulnerability of a facility” to damage or attack may be assessed by all of the following except: (A) Inspection (B) History of losses (C) Security controls (D0 security budget |
50. Click here to View Answer
Correct Answer: D
Source: The CISSP Examination Textbook- Volume 2: Practice by S. Rao Vallabhaneni.