The test plan and results should always be retained as part of the system's permanent documentation.
A bottom-up approach to testing begins testing of atomic units, such as programs or modules, and works upwards until a complete system testing has taken place. It allows errors in critical modules to be found early. A top-down approach allows for early detection of interface errors and raises confidence in the system, as programmers and users actually see a working system. White box testing is predicated on a close examination of procedural detail. Black box testing examines some aspect of the system with little regard for the internal logical structure of the software. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 6: Business Application System Development, Acquisition, Implementation and Maintenance (page 300).
Top Down Testing: An approach to integration testing where the component at the top of the component hierarchy is tested first, with lower level components being simulated by stubs. Tested components are then used to test lower level components. The process is repeated until the lowest level components have been tested.
Bottom Up Testing: An approach to integration testing where the lowest level components are tested first, then used to facilitate the testing of higher level components. The process is repeated until the component at the top of the hierarchy is tested.
Black Box Testing: Testing based on an analysis of the specification of a piece of software without reference to its internal workings. The goal is to test how well the component conforms to the published requirements for the component.

There is no such component within kerberos environment. Kerberos uses only symmetric encryption and does not make use of any public key component.
The other answers are incorrect because :
Symmetric key cryptography is a part of Kerberos as the KDC holds all the users' and services' secret keys.
Authentication service (AS) : KDC (Key Distribution Center) provides an authentication service
Principals : Key Distribution Center provides services to principals , which can be users , applications or network services.
References : Shon Harris , AIO v3 , Chapter - 4: Access Control , Pages : 152-155

Explanation/Reference:
Explanation:
The Bell-LaPadula model is a security model, not a Security and Audit Frameworks and Methodology. The Bell-LaPadula model is a subject-to-object model. An example would be how you (subject) could read a data element (object) from a specific database and write data into that database. The Bell-LaPadula model focuses on ensuring that subjects are properly authenticated-by having the necessary security clearance, need to know, and formal access approval-before accessing an object.
The Control Objectives for Information and related Technology (CobiT) is a framework and set of control objectives developed by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI). It defines goals for the controls that should be used to properly manage IT and to ensure that IT maps to business needs.
CobiT was derived from the COSO framework, developed by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting.
The Information Technology Infrastructure Library (ITIL) is the de facto standard of best practices for IT service management. ITIL is a customizable framework that is provided in a set of books or in an online format.
Incorrect Answers:
B: Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a Security and Audit Frameworks and Methodology.
C: IT Infrastructure Library (ITIL) is a Security and Audit Frameworks and Methodology.
D: Control Objectives for Information and related Technology (COBIT) is a Security and Audit Frameworks and Methodology.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 55-60, 369

When planning for high availability, any critical component of your data network should have some sort of redundancy or backup plan in case it does fail.
Usually this involves things like backup data circuits, fault tolerant systems and otherwise redundant technology across the board.
This can include items like these:
- RAID array disks on servers so that if any single drive fails the server remains available.
- Backup network connections. Many internet services providers provide these for a fee.
- Backup power for all systems and circuits.
- Fire suppression and evacuation plans.
- A data backup practice to backup and restore data while storing backups offsite in a safe, remote location.
Also critical to high availability is a well-planned and tested disaster recovery plan. You can either develop one, find one free online or pay a contract agency to develop one for you.
The lines get a little blurry between fault tolerance and high availability because one is the direct result of the other but the questions on the exam should be pretty clear.
The following answers are incorrect:
- Good hiring practices: High Availability doesn't really involve good hiring practices but when you higher good technicians you availability would definitely improve.
- Updated Antivirus Software: This isn't directly related to high availability, although it's a critical part of defense in depth.
- Senior Executive Support: While this is important for funding equipment for high availability it isn't directly related to providing the high availability.
The following reference(s) was used to create this question:
2013. Official Security+ Curriculum.