CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISC
  5. SSCP

Free SSCP Exam Braindumps (page: 35)

Page 34 of 269
PDF with 1074 Questions

Which of the following security models does NOT concern itself with the flow of data?

  1. The information flow model
  2. The Biba model
  3. The Bell-LaPadula model
  4. The noninterference model

Answer(s): D

Explanation:

The goal of a noninterference model is to strictly separate differing security levels to assure that higher-level actions do not determine what lower-level users can see. This is in contrast to other security models that control information flows between differing levels of users, By maintaining strict separation of security levels, a noninterference model minimizes leakages that might happen through a covert channel.
The Bell-LaPadula model is incorrect. The Bell-LaPadula model is concerned with confidentiality and bases access control decsions on the classfication of objects and the clearences of subjects.
The information flow model is incorrect. The information flow models have a similar framework to the Bell-LaPadula model and control how information may flow between objects based on security classes.
The Biba model is incorrect. The Biba model is concerned with integrity and is a complement to the Bell-LaPadula model in that higher levels of integrity are more trusted than lower levels. Access control us based on these integrity levels to assure that read/write operations do not decrease an object's integrity.


Reference:

CBK, pp 325 - 326
AIO3, pp. 290 - 291



What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?

  1. A
  2. D
  3. E
  4. F

Answer(s): B

Explanation:

D or "minimal protection" is reserved for systems that were evaluated under the TCSEC but did not meet the requirements for a higher trust level.
A is incorrect. A or "Verified Protectection" is the highest trust level under the TCSEC. E is incorrect. The trust levels are A - D so "E" is not a valid trust level. F is incorrect. The trust levels are A - D so "F" is not a valid trust level.
CBK, pp. 329 - 330
AIO3, pp. 302 - 306



Which division of the Orange Book deals with discretionary protection (need-to-know)?

  1. D
  2. C
  3. B
  4. A

Answer(s): B

Explanation:

C deals with discretionary protection. See matric below:

TCSEC Matric
The following are incorrect answers:
D is incorrect. D deals with minimal security.
B is incorrect. B deals with mandatory protection.
A is incorrect. A deals with verified protection.


Reference:

CBK, p. 329 ­ 330
and
Shon Harris, CISSP All In One (AIO), 6th Edition , page 392-393



Which of the following are not Remote Access concerns?

  1. Justification for remote access
  2. Auditing of activities
  3. Regular review of access privileges
  4. Access badges

Answer(s): D

Explanation:

Access badges are more relevant to physical security rather than remote access.
"Justification for remote access" is incorrect. Justification for remote access is a relevant concern.
"Auditing of activities" is incorrect. Auditing of activites is an imporant aspect to assure that malicious or unauthorized activities are not occuring.
"Regular review of access privileges" is incorrect. Regular review of remote accept privileges is an important management responsibility.


Reference:

AIO3, pp. 547 - 548






Post your Comments and Discuss ISC SSCP exam with other Community members:

SSCP Discussions & Posts