Free SSCP Exam Braindumps (page: 64)

Page 63 of 269

What mechanism does a system use to compare the security labels of a subject and an object?

  1. Validation Module.
  2. Reference Monitor.
  3. Clearance Check.
  4. Security Module.

Answer(s): B

Explanation:

Because the Reference Monitor is responsible for access control to the objects by the subjects it compares the security labels of a subject and an object.
According to the OIG: The reference monitor is an access control concept referring to an abstract machine that mediates all accesses to objects by subjects based on information in an access control database. The reference monitor must mediate all access, be protected from modification, be verifiable as correct, and must always be invoked. The reference monitor, in accordance with the security policy, controls the checks that are made in the access control database.
The following are incorrect:
Validation Module. A Validation Module is typically found in application source code and is used to validate data being inputted.
Clearance Check. Is a distractor, there is no such thing other than what someone would do when checking if someone is authorized to access a secure facility.
Security Module. Is typically a general purpose module that prerforms a variety of security related functions.


Reference:

OIG CBK, Security Architecture and Design (page 324)
AIO, 4th Edition, Security Architecture and Design, pp 328-328. Wikipedia - http://en.wikipedia.org/wiki/Reference_monitor



As per the Orange Book, what are two types of system assurance?

  1. Operational Assurance and Architectural Assurance.
  2. Design Assurance and Implementation Assurance.
  3. Architectural Assurance and Implementation Assurance.
  4. Operational Assurance and Life-Cycle Assurance.

Answer(s): D

Explanation:

Are the two types of assurance mentioned in the Orange book.
The following answers are incorrect:
Operational Assurance and Architectural Assurance. Is incorrect because Architectural Assurance is not a type of assurance mentioned in the Orange book.
Design Assurance and Implementation Assurance. Is incorrect because neither are types of assurance mentioned in the Orange book.
Architectural Assurance and Implementation Assurance. Is incorrect because neither are types of assurance mentioned in the Orange book.



Which of the following are required for Life-Cycle Assurance?

  1. System Architecture and Design specification.
  2. Security Testing and Covert Channel Analysis.
  3. Security Testing and Trusted distribution.
  4. Configuration Management and Trusted Facility Management.

Answer(s): C

Explanation:

Security testing and trusted distribution are required for Life-Cycle Assurance.
The following answers are incorrect:
System Architecture and Design specification. Is incorrect because System Architecture is not requried for Life-Cycle Assurance.
Security Testing and Covert Channel Analysis. Is incorrect because Covert Channel Analysis is not requried for Life-Cycle Assurance.
Configuration Management and Trusted Facility Management. Is incorrect because Trusted Facility Management. is not requried for Life-Cycle Assurance.



Memory management in TCSEC levels B3 and A1 operating systems may utilize "data hiding".
What does this mean?

  1. System functions are layered, and none of the functions in a given layer can access data outside that layer.
  2. Auditing processes and their memory addresses cannot be accessed by user processes.
  3. Only security processes are allowed to write to ring zero memory.
  4. It is a form of strong encryption cipher.

Answer(s): A

Explanation:

Data Hiding is protecting data so that it is only available to higher levels this is done and is also performed by layering, when the software in each layer maintains its own global data and does not directly reference data outside its layers.
The following answers are incorrect:
Auditing processes and their memory addresses cannot be accessed by user processes. Is incorrect because this does not offer data hiding.
Only security processes are allowed to write to ring zero memory. This is incorrect, the security kernel would be responsible for this.
It is a form of strong encryption cipher. Is incorrect because this does not conform to the definition of data hiding.






Post your Comments and Discuss ISC SSCP exam with other Community members:

SSCP Exam Discussions & Posts