CSSLP Exam Guide | 2024 Questions & Answers
| 100% Correct | Verified
Which access control mechanism provides the owner of an object the opportunity to determine the
access control permissions for other subjects?
a. Mandatory
b. Role-based
c. Discretionary
d. Token-based - Discretionary
The...
CSSLP Exam Guide | 2024 Questions & Answers
| 100% Correct | Verified
Which access control mechanism provides the owner of an object the opportunity to determine the
access control permissions for other subjects?
a. Mandatory
b. Role-based
c. Discretionary
d. Token-based - ✔✔Discretionary
The elements UDI and CDI are associated with which access control model?
a. Mandatory access control
b. Clark-Wilson
c. Biba integrity
d. Bell-LaPadula confidentiality - ✔✔Clark-Wilson
The concept of separating elements of a system to prevent inadvertent information sharing is?
a. Leverage existing components
b. separation of duties
c. weakest link
d. least common mechanism - ✔✔Least Common Mechanism
Which of the following is true about the Biba Integrity Model?
a. No write up, no read down
b. No read up, no write down
c. It is described by the simple security rule
d. It uses the high-water-mark principle - ✔✔No write up, no read down
,The concept of preventing a subject from denying a previous action with an object in a system is a
description of?
a. Simple security rule
b. Non-repudiation
c. Defense in depth
d. Constrained data item (CDI) - ✔✔Non-repudiation
What was described as being essential in order to implement discretionary access controls?
a. Object owner-defined security access
b. Certificates
c. Labels
d. Security classifications - ✔✔Object owner-defined security access
The CIA of security includes:
a. Confidentiality, integrity, authentication
b. Certificates, integrity, availability
c. Confidentiality, inspection, authentication
d. Confidentiality, integrity, availability - ✔✔Confidentiality, integrity, availability
Complete mediation is an approach to security that includes:
a. Protect systems and networks by using defense in depth
b. A security design that cannot be bypassed or circumvented
c. The use of interlocking rings of trust to ensure protection to data elements
d. The use of access control lists to enforce security rules - ✔✔A security design that cannot be bypassed
or circumvented (Complete Mediation)
The fundamental approach to security in which an object has only the necessary rights and privilege to
perform its task with no additional permissions is a description of:
a. Layered security
b. Least privilege
,c. Role-based security
d. Clark-Wilson model - ✔✔Least Privilege
Which access control technique relies on a set of rules to determine whether access to an object will be
granted or not?
a. role-based access control
b. Object and rule instantiate access control
c. Rule-based access control
d. Discretionary access control - ✔✔Rule-based access control
The security principle that ensures that no critical function can be executed by any single individual (by
dividing the function into multiple tasks that can't all be executed by the same individual) is know as:
a. Discretionary access control
b. Security through obscurity
c. Separation of duties
d. Implicit deny - ✔✔Separation of duties
The ability of a subject to interact with an object describes:
a. authentication
b. Access
c. Confidentiality
d. Mutual authentication - ✔✔Access
Open design places the focus of security efforts on:
a. Open-source software components
b. Hiding key elements (security through obscurity)
c. Proprietary algorithms
d. Producing a security mechanism in which its strength is independent of its design - ✔✔Producing a
security mechanism in which its strength is independent of its design
, The security principle of fail-safe is related to:
a. Session management
b. Exception management
c. Least privilege
d. Single point of failure - ✔✔Exception management
Using the principle of keeping things simple is related to:
a. Layered security
b. simple Security Rule
c. Economy of mechanism
d. Implementing least privilege for access control - ✔✔Economy of mechanism
Of the following, which is not a class of controls?
a. Physical
b. Informative
c. Technical
d. Administrative - ✔✔Informative
Log file analysis is a form of what type of control?
a. Preventive
b. Detective
c. Corrective
d. Compensating - ✔✔Detective
To calculate ALE, you need?
a. SLE, asset value
b. ARO, asset value
Los beneficios de comprar resúmenes en Stuvia estan en línea:
Garantiza la calidad de los comentarios
Compradores de Stuvia evaluaron más de 700.000 resúmenes. Así estas seguro que compras los mejores documentos!
Compra fácil y rápido
Puedes pagar rápidamente y en una vez con iDeal, tarjeta de crédito o con tu crédito de Stuvia. Sin tener que hacerte miembro.
Enfócate en lo más importante
Tus compañeros escriben los resúmenes. Por eso tienes la seguridad que tienes un resumen actual y confiable.
Así llegas a la conclusión rapidamente!
Preguntas frecuentes
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
100% de satisfacción garantizada: ¿Cómo funciona?
Nuestra garantía de satisfacción le asegura que siempre encontrará un documento de estudio a tu medida. Tu rellenas un formulario y nuestro equipo de atención al cliente se encarga del resto.
Who am I buying this summary from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller hov. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy this summary for $8.99. You're not tied to anything after your purchase.
