Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

ISC2 Exam CSSLP Topic 1 Question 37 Discussion

Actual exam question for ISC2's CSSLP exam
Question #: 37
Topic #: 1
[All CSSLP Questions]

Which of the following security models focuses on data confidentiality and controlled access to classified information?

Show Suggested Answer Hide Answer
Suggested Answer: D

The Bell-La Padula Model is a state machine model used for enforcing access control in government and military applications. The model is a

formal state transition model of computer security policy that describes a set of access control rules which use security labels on objects and

clearances for subjects. Security labels range from the most sensitive (e.g.,'Top Secret'), down to the least sensitive (e.g., 'Unclassified' or

'Public').

The Bell-La Padula model focuses on data confidentiality and controlled access to classified information, in contrast to the Biba Integrity Model

which describes rules for the protection of data integrity.

Answer B is incorrect. The Biba model is a formal state transition system of computer security policy that describes a set of access

control rules designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity. The model is designed so that

subjects may not corrupt data in a level ranked higher than the subject, or be corrupted by data from a lower level than the subject.

Answer A is incorrect. The Clark-Wilson model provides a foundation for specifying and analyzing an integrity policy for a computing

system. The model is primarily concerned with formalizing the notion of information integrity. Information integrity is maintained by preventing

corruption of data items in a system due to either error or malicious intent.

The model's enforcement and certification rules define data items and processes that provide the basis for an integrity policy. The core of the

model is based on the notion of a transaction.

Answer C is incorrect. The take-grant protection model is a formal model used in the field of computer security to establish or disprove

the safety of a given computer system that follows specific rules. It shows that for specific systems the question of safety is decidable in linear

time, which is in general undecidable.

The model represents a system as directed graph, where vertices are either subjects or objects. The edges between them are labeled and

the label indicates the rights that the source of the edge has over the destination. Two rights occur in every instance of the model: take and

grant. They play a special role in the graph rewriting rules describing admissible changes of the graph.


Contribute your Thoughts:

Currently there are no comments in this discussion, be the first to comment!


Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77