Like what you see? Get it in one document for easy printing!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Test yourself better with 300 extra Security+ questions!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 7:  Practice Exam Answers

Previous Topic/Section
Answers to Questions 6-10
Previous Page
Pages in Current Topic/Section
1
Next Page
Answers to Questions 16-20
Next Topic/Section

Answers to Questions 11-15

11. Under MAC, which of the following is true?

A. All that is not expressly permitted is forbidden

B. All that is expressly permitted is forbidden

C. All that is not expressly permitted is not forbidden

D. No Answer is Correct

Explanation: MAC is the acronym for Mandatory Access Control. It is important to note that mandatory controls are prohibitive (i.e., all that is not expressly permitted is forbidden), not permissive. Only within that context do discretionary controls operate, prohibiting still more access with the same exclusionary principle. In this type of control system decisions are based on privilege (clearance) of subject (user) and sensitivity (classification) of object (file). It requires labeling.

Under MAC, you define who is allowed to access objects, and if you haven't defined an access right, access is not permitted. So, it is not the case that All that is expressly permitted is forbidden, or that All that is not expressly permitted is not forbidden.

& Section 1.1: Access Control

& Section 5.5.5: MAC/DAC/RBAC

 

12. Under MAC, a clearance is a:

A. Privilege

B. Subject

C. Sensitivity

D. Object

Explanation: MAC is the acronym for Mandatory Access Control. It is important to note that mandatory controls are prohibitive (i.e., all that is not expressly permitted is forbidden), not permissive. Only within that context do discretionary controls operate, prohibiting still more access with the same exclusionary principle. In this type of control system decisions are based on privilege (clearance) of subject (user) and sensitivity (classification) of object (file). It requires labeling.

In MAC, subjects (such as users) are each assigned a clearance (such as "secret" or "top secret"). Objects (containers for information, such as files) are assigned a sensitivity (classification, similar to clearance). When determining whether or not to grant a subject access to an object, the requesting subject's clearance is compared with the sensitivity of the object, and if the clearance is at or higher than the object's sensitivity level, access is granted. Therefore, a clearance functions as a privilege.

& Section 1.1: Access Control

& Section 5.5.5: MAC/DAC/RBAC

 

13. Access controls that are not based on the policy are characterized as:

A. Mandatory controls

B. Discretionary controls

C. Secret controls

D. Corrective controls

Explanation: Access controls that are not based on the policy are characterized as discretionary controls by the U.S. government and as need-to-know controls by other organizations. The latter term connotes least privilege - those who may read an item of data are precisely those whose tasks entail the need.

Mandatory controls are based on policy. Secret controls and corrective controls are not related to access control.

& Section 1.1: Access Control

& Section 5.5.5: MAC/DAC/RBAC

 

14. DAC are characterized by many organizations as:

A. Preventive controls

B. Mandatory adjustable controls

C. Need-to-know controls

D. No Answer is Correct

Explanation: DAC is the acronym for Discretionary Access Controls. Access controls that are not based on the policy are characterized as discretionary controls by the U.S. government and as need-to-know controls by other organizations. The latter term connotes least privilege - those who may read an item of data are precisely those whose tasks entail the need.

Preventive controls and mandatory adjustable controls do not characterize DAC.

& Section 1.1: Access Control

& Section 5.5.5: MAC/DAC/RBAC

 

15. A password represents:

A. Something you know

B. Something you have

C. Something you are

D. No Answer is Correct

Explanation: Authentication is accomplished through something you know, something you have and/or something you are. The canonical example of something you know is a password or pass phrase. You might type or speak the value. A number of schemes are possible for obtaining what you know. It might be assigned to you, or you may have picked the value yourself. Constraints may exist regarding the form the value can take, or the alphabet from which you are allowed to construct the value might be limited to letters only. If you forget the value, you may not be able to authenticate yourself to the system.

Something you have, would be a physical item you possess, such as a smartcard. Something you are, would be a personal characteristic of you, not a piece of information you know.

& Section 1.2: Authentication

& Section 1.2.4: Username/Password


Previous Topic/Section
Answers to Questions 6-10
Previous Page
Pages in Current Topic/Section
1
Next Page
Answers to Questions 16-20
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.