Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISSP 2015 - GENERAL > Sybex Chp 8 > Flashcards

Sybex Chp 8 Flashcards

1
Q

This access control model ensures that all instances of subjects accessing objects are secure.

State Machine Model

Take-Grant Model

Graham-Denning

Sutherland

Clark-Wilson

Bell LaPadula

Biba

Noninterference Model

Information Flow Model

Goguen-Meseguer

Access Control Matrix

A

State Machine Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

This access control model is designed to prevent unauthorized, insecure, or restricted information flow.

State Machine Model

Take-Grant Model

Graham-Denning

Sutherland

Clark-Wilson

Bell LaPadula

Biba

Noninterference Model

Information Flow Model

Goguen-Meseguer

Access Control Matrix

A

Information Flow Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

This access control model prevents the actions of one subject from affecting the system state or actions of another subject.

State Machine Model

Take-Grant Model

Graham-Denning

Sutherland

Clark-Wilson

Bell LaPadula

Biba

Noninterference Model

Information Flow Model

Goguen-Meseguer

Access Control Matrix

A

Noninterference Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

This access control model dictates how rights can be passed from one subject to another or from one subject to an object.

State Machine Model

Take-Grant Model

Graham-Denning

Sutherland

Clark-Wilson

Bell LaPadula

Biba

Noninterference Model

Information Flow Model

Goguen-Meseguer

Access Control Matrix

A

Take-Grant Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

This access control model indicates the actions or functions that each subject can perform on each object.

State Machine Model

Take-Grant Model

Graham-Denning

Sutherland

Clark-Wilson

Bell LaPadula

Biba

Noninterference Model

Information Flow Model

Goguen-Meseguer

Access Control Matrix

A

Access Control Matrix

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

In this access control model the subjects have a clearance level that allows them to access only those onjects with the corresponding classification levels. This enforces confidentiality.

State Machine Model

Take-Grant Model

Graham-Denning

Sutherland

Clark-Wilson

Bell LaPadula

Biba

Noninterference Model

Information Flow Model

Goguen-Meseguer

Access Control Matrix

A

Bell LaPadula

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In this access control model prevents subjects with lower security levels from writing to objects with higher security levels.

State Machine Model

Take-Grant Model

Graham-Denning

Sutherland

Clark-Wilson

Bell LaPadula

Biba

Noninterference Model

Information Flow Model

Goguen-Meseguer

Access Control Matrix

A

Biba

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

This access control model relies on auditing to ensure that unauthorized subjects cannot access objects and that authorized users access objects properly.

State Machine Model

Take-Grant Model

Graham-Denning

Sutherland

Clark-Wilson

Bell LaPadula

Biba

Noninterference Model

Information Flow Model

Goguen-Meseguer

Access Control Matrix

A

Clark-Wilson

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

These two access control models enforce integrity while these two access control models focus on integrity.

State Machine Model

Take-Grant Model

Graham-Denning

Sutherland

Clark-Wilson

Bell LaPadula

Biba

Noninterference Model

Information Flow Model

Goguen-Meseguer

Access Control Matrix

A

Enforce: Biba, Clark-Wilson Focus: Goguen-Meseguer, Sutherland

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

This access control model focus on secure creation and deletion of both subjects and objects.

State Machine Model

Take-Grant Model

Graham-Denning

Sutherland

Clark-Wilson

Bell LaPadula

Biba

Noninterference Model

Information Flow Model

Goguen-Meseguer

Access Control Matrix

A

Graham-Denning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Allows a process to read and write to only certain memory locations and resources

Bounds

Confinement

Isolation

A

Confinement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Consist of limits set on memory addresses and resources a process can access.

Isolation

Confinement

Bounds

A

Bounds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

It is the responsibility of the __________ to enforce logical bounds and disallow access to other processes.

A

Operating System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

When a process is confined through enforcing access bounds.

Bounds

Isolation

Confinement

A

Isolation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

This ensures that any behavior will affect only the memory and resources associated with the process.

Bounds

Confinement

Isolation

A

Isolation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

True / False Physically bound memory can be very expensive but it’s more secure than logical bounds.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

An assessment of the reliability and usability of security features in a real-world situation.

A

Assurance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

This maintains a row of security attributes for each controlled object

A

Capabilities List

An Access Control Matrix is a table of subjects and objects and indicates the actions that each subject can perform on each object.

–Each column is an ACL (tied to the object)

——Easier to manage

–Each row is a Capabilities List (tied to the Subject)

——More diffidult to manage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A table of subjects and objects that indicate the actions or functions that each subject can perform on each object.

A

Access Control Matrix

An Access Control Matrix is a table of subjects and objects and indicates the actions that each subject can perform on each object.

–Each column is an ACL (tied to the object)

——Easier to manage

–Each row is a Capabilities List (tied to the Subject)

——More diffidult to manage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Columns in an Access Control Matrix are known as:

A

ACL

An Access Control Matrix is a table of subjects and objects and indicates the actions that each subject can perform on each object.

–Each column is an ACL (tied to the object)

——Easier to manage

–Each row is a Capabilities List (tied to the Subject)

——More diffidult to manage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

ACLs are tied to the: Subject Object

A

Object

An Access Control Matrix is a table of subjects and objects and indicates the actions that each subject can perform on each object.

–Each column is an ACL (tied to the object)

——Easier to manage

–Each row is a Capabilities List (tied to the Subject)

——More diffidult to manage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

True or False ACLs list the valid actions each subject can perform on an object.

A

True An Access Control Matrix is a table of subjects and objects and indicates the actions that each subject can perform on each object. –Each column is an ACL (tied to the object) ——Easier to manage –Each row is a Capabilities List (tied to the Subject) ——More diffidult to manage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Capabilities List are tied to the: Subject Object

A

Subject An Access Control Matrix is a table of subjects and objects and indicates the actions that each subject can perform on each object. –Each column is an ACL (tied to the object) ——Easier to manage –Each row is a Capabilities List (tied to the Subject) ——More diffidult to manage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Rows in an Access Control Matrix are known as:

A

Capabilities List

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

This access control model is focused on maintaining the confidentiality of objects

A

Bell-LaPadula

26
Q

Downsides of Bell-LaPadula

A

Does not address:

1) integrity or availability of objects
2) file sharing
3) networking
4) does not address covert channels

27
Q

Simple Security State

A

Bell-LaPadula No Read Up

28
Q

Simple Integrity State

A

Biba No Read Down

29
Q

Discretionary Security Property

A

Bell-LaPadula systems uses an access control matrix to enforce discretionary access control

30
Q

* Security Property

A

Bell-LaPadula No Write Down

31
Q

* Integrity Property

A

Biba No Write Up

32
Q

Downsides of Biba

A

Does not address:

1) confidentiality or availability of objects
2) only focuses on external threats
3) no way to change subject or object classification level
4) does not address covert channels

33
Q

In Bell-LaPadula and Biba, the __________ property always concerns reading Star Simple

A

simple

34
Q

In Bell-LaPadula and Biba, the __________ property always concerns writing Star Simple

A

star

35
Q

The property of the Access Control Model concerns itself with a “access control triple” (three part relationship of the subject / program (or transaction) / object. Subjects do not have direct access to objects. Objects can be accessed only through programs.

A

Clark-Wilson

36
Q

In the Clark-Wilson access control model, __________ is the data item whose integrity is protected by the security model. Integrity Verification Procedure (IVP) Transformation Procedure (TP) Constrained Data Item (CDI) Unconstrained Data Item (UDI)

A

Constrained Data Item (CDI)

37
Q

In the Clark-Wilson access control model, __________ is any data item that is not controlled by the security model. Integrity Verification Procedure (IVP) Transformation Procedure (TP) Constrained Data Item (CDI) Unconstrained Data Item (UDI)

A

Unconstrained Data Item (UDI)

38
Q

In the Clark-Wilson access control model, __________ is a procedure that scans data items and confirms their integrity. Integrity Verification Procedure (IVP) Transformation Procedure (TP) Constrained Data Item (CDI) Unconstrained Data Item (UDI)

A

Integrity Verification Procedure (IVP)

39
Q

In the Clark-Wilson access control model, __________ is a procedure that is allowed to modify a CDI. This limited access to CDIs forms the backbone of Clark-Wilson. Integrity Verification Procedure (IVP) Transformation Procedure (TP) Constrained Data Item (CDI) Unconstrained Data Item (UDI)

A

Transformation Procedure (TP)

40
Q

True or False Clark-Wilson does not enforce separation of duties

A

False Clark-Wilson enforces separation of duties

41
Q

In this access control model someone who works at Company C who has access to proprietary data for Company A should not also be allowed access to similar data for Company B if the two companies compete with each other.

A

Brewer Nash (Chinese Wall)

42
Q

In this access control model a subject at one classification level will see one set of data and have access to one set of functions while a second subject at another classification level will see a different set of data and have a different set of functions.

A

Clark-Wilson

43
Q

True or False Brewer Nash (Chinese Wall) enforces data isolation

A

True

44
Q

this access control model focuses on creating an access control matrix

A

Graham-Denning

45
Q

What was TCSEC used for?

A

TCSEC (Trusted Computer System Evaluation Criteria) was created by the DoD to impose security standards for the computer systems it purchased. Focused only on Confidentiality Four categories:

Category D - Minimal Protection

Category C - Discretionary Protection

Category B - Mandatory Protection

Category A - Verified Protection

Does not require reevaluation for OS upgrades, patches, application upgrades, or changes Superseded by Common Criteria (CC)

46
Q

What was ITSEC used for?

A

Alternative for TCSEC and used by the Europeans Focused on Confidentiality, Integrity, Availability

Used a TOE (target of evaluation) to rate

–functionality

–assurance

Does not rely on a TCB (Trusted Computer Base)

Does not require reevaluation for OS upgrades, patches, application upgrades, or changes Superseded by Common Criteria (CC)

47
Q

What is Common Criteria?

A

International standard that replaces TCSEC and ITSEC Use:

Protection Profiles (same thing as ITSEC TOES)

—-what customer wants Security Targets

—-what vendor says product can do Packages

—-additional features that can be purchased and added on

48
Q

Problems with Common Criteria ratings?

A

CC ratings do not equate to a guarantee that systems are completely secure or are devoid of vulnerabilities CC guidelines do not address:

—physical security

—how subjects use the data securely

—issues related to personnel, organizational practices, or procedures

49
Q

TCSEC level D corresponds to CC level __________

A

EAL0, EAL1

TCSEC – CC

D ———- EAL0, EAL1

C1 ———- EAL2

C2 ———- EAL3

B1 ———- EAL4

B2 ———- EAL5

B3 ———- EAL6

A1 ———- EAL7

50
Q

TCSEC level C1 corresponds to CC level __________

A

EAL2

TCSEC – CC

D ———- EAL0, EAL1

C1 ———- EAL2

C2 ———- EAL3

B1 ———- EAL4

B2 ———- EAL5

B3 ———- EAL6

A1 ———- EAL7

51
Q

TCSEC level C2 corresponds to CC level __________

A

EAL3

TCSEC – CC

D ———- EAL0, EAL1

C1 ———- EAL2

C2 ———- EAL3

B1 ———- EAL4

B2 ———- EAL5

B3 ———- EAL6

A1 ———- EAL7

52
Q

TCSEC level B1 corresponds to CC level __________

A

EAL4

TCSEC – CC

D ———- EAL0, EAL1

C1 ———- EAL2

C2 ———- EAL3

B1 ———- EAL4

B2 ———- EAL5

B3 ———- EAL6

A1 ———- EAL7

53
Q

TCSEC level B2 corresponds to CC level __________

A

EAL5

TCSEC – CC

D ———- EAL0, EAL1

C1 ———- EAL2

C2 ———- EAL3

B1 ———- EAL4

B2 ———- EAL5

B3 ———- EAL6

A1 ———- EAL7

54
Q

TCSEC level B3 corresponds to CC level __________

A

EAL6

TCSEC – CC

D ———- EAL0, EAL1

C1 ———- EAL2

C2 ———- EAL3

B1 ———- EAL4

B2 ———- EAL5

B3 ———- EAL6

A1 ———- EAL7

55
Q

TCSEC level A1 corresponds to CC level __________

A

EAL7

TCSEC – CC

D ———- EAL0, EAL1

C1 ———- EAL2

C2 ———- EAL3

B1 ———- EAL4

B2 ———- EAL5

B3 ———- EAL6

A1 ———- EAL7

56
Q

Combination of the hardware, software, and controls that work together to form a trusted base to enforce your security policy.

A

Trusted Computer Base (TCB)

57
Q

Imaginary boundary that separates the TCB from the rest of the system

A

Security Perimeter

58
Q

The TCB communicates with the rest of the system through __________

A

Trusted Paths

59
Q

Part of the TCB that enforces access control or authorization based on the desired security model (discretionary, mandatory, rule-based, etc.) The control enforcer for the TCB Mediates all access between subjects and objects. It enforces the system’s security policy, such as preventing a normal user from writing to a restricted file, such as the system password file. Always enabled and cannot be bypassed. LAWS

A

Reference Monitor

60
Q

Collection of components in the TCB that work together to implement reference monitor functions COPS

A

Security Kernel

61
Q

What is a confined process?

A

A process that can only access certain memory locations

62
Q

What is an access object?

A

An access object is a resource a user or process wants to access.

CISSP 2015 - GENERAL (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions