L7 - Mandatory Access Control Flashcards
What is DAC?
Discretionary Access Control, where an owner of a resource decides how it can be shared.
What is MAC?
Access Control where an organization decides how a resource can be shared.
In a certain company, payroll data is sensitive. A file that stores payroll data is created by a certain user who is an employee of the company. Access to this file should be controlled with a …
a) DAC policy that allows the user to share it with others judiciously
b) It must use a MAC model as the company must decide who can access it
b) It must use a MAC model as the company must decide who can access it
The company needs to control access to salary data.
A hospital is found to be lax in securing access to patient records after it suffers a major breach. It may have violated the following policy:
a) HIPAA
b) BLP
a) HIPAA
BLP is not for healthcare.
Highly sensitive defense or intelligence information should only be accessed by cleared personnel. Approximately, how many people in the United States have various types of clearances?
a) 10,000
b) 100,000
c) 1,000,000
d) 5,000,000
d) 5,000,000
The “
a) Total order
If 2 numbers are different, then one of them will definitely be greater than the other.
If L1 = (secret, {Asia, Europe}) and
L2 = (top-secret, {Europe, South-America}), …
a) L1 dominates L2
b) L2 dominates L1
c) Neither L1 nor L2 dominates the other one
c) Neither L1 nor L2 dominates the other one
Compartment for L1 and L2 are different so they can’t be compared.
Assume that label L1 of a document D1 dominates label L2 of document D2 when these labels are defined by (sensitivity level, compartment).
a) D1 contains more sensitive data than D2
b) D2 is more sensitive than D1
c) The data contained in D2 has a narrower scope as defined by its compartment
A and C
a) D1 contains more sensitive data than D2
c) The data contained in D2 has a narrower scope as defined by its compartment
D1 has more topics than D2. D1 is a superset of D2
Since an unclassified document contains no sensitive information, it can be read or written by anyone in a system that implements BLP
a) True
b) False
b) False
It can be read by anyone. Cannot be written by anyone.
BLP allows an unclassified user to write a top secret document.
a) True
b) False
a) True
Tranquility principle in the BLP model states that classification of a subject or object does not change during a session. This principle is needed to avoid…
a) Information flow that may violate confidentiality requirements defined by BLP
b) To reduce overhead associated with change of classification level
a) Information flow that may violate confidentiality requirements defined by BLP
If you’re reading Top-secret, then your label changes to Secret. Now you can write at the Secret level. The Top-Secret document you could read previously can now be written as Secret.
BIPA is
a) Read-down, write-up
b) Read-up, write-down
b) Read-up, write-down
The NY Times is high, Tabloids are low. Tabloids should not be able to write high integrity articles.
Clark-Wilson is a mandatory access control policy because…
a) Any user in a company can decide what files can be accessed by a program
b) Only the company can decide (e.g. sysadmin) what files can be accessed by a program
b) Only the company can decide (e.g. sysadmin) what files can be accessed by a program
A large law firm currently has two client companies that compete with each other. Thus, its lawyers working on cases related to one company must not be able to access documents related to the other company. To ensure proper access control, which policy should the law firm use?
a) Clark-Wilson
b) Chinese Wall
b) Chinese Wall
Role-based access control (RBAC) is often used in a commercial setting. RBAC is an example of MAC because…
a) File permissions are associated only with riles and not users
b) Only the company can decide roles of its employees
b) Only the company can decide roles of its employees
