Which of the following security models does NOT concern itself with the flow of data?
Correct Answer: D
Explanation/Reference: The goal of a noninterference model is to strictly separate differing security levels to assure that higher- level actions do not determine what lower-level users can see. This is in contrast to other security models that control information flows between differing levels of users, By maintaining strict separation of security levels, a noninterference model minimizes leakages that might happen through a covert channel. The Bell-LaPadula model is incorrect. The Bell-LaPadula model is concerned with confidentiality and bases access control decsions on the classfication of objects and the clearences of subjects. The information flow model is incorrect. The information flow models have a similar framework to the Bell- LaPadula model and control how information may flow between objects based on security classes. The Biba model is incorrect. The Biba model is concerned with integrity and is a complement to the Bell- LaPadula model in that higher levels of integrity are more trusted than lower levels. Access control us based on these integrity levels to assure that read/write operations do not decrease an object's integrity. References: CBK, pp 325 - 326 AIO3, pp. 290 - 291
SSCP Exam Question 17
Which of the following control pairings include: organizational policies and procedures, preemployment background checks, strict hiring practices, employment agreements, employee termination procedures, vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior awareness, and sign-up procedures to obtain access to information systems and networks?
Correct Answer: A
Preventive /Administrative Pairing: These mechanisms include organizational policies and procedures, pre-employment background checks, strict hiring practices, employment agreements, friendly and unfriendly employee termination procedures, vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior awareness, and sign-up procedures to obtain access to information systems and networks. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34.
SSCP Exam Question 18
When it comes to magnetic media sanitization, what difference can be made between clearing and purging information?
Correct Answer: B
Section: Security Operation Adimnistration Explanation/Reference: The removal of information from a storage medium is called sanitization. Different kinds of sanitization provide different levels of protection. A distinction can be made between clearing information (rendering it unrecoverable by a keyboard attack) and purging (rendering it unrecoverable against laboratory attack). There are three general methods of purging media: overwriting, degaussing, and destruction. There should be continuous assurance that sensitive information is protected and not allowed to be placed in a circumstance wherein a possible compromise can occur. There are two primary levels of threat that the protector of information must guard against: keyboard attack (information scavenging through system software capabilities) and laboratory attack (information scavenging through laboratory means). Procedures should be implemented to address these threats before the Automated Information System (AIS) is procured, and the procedures should be continued throughout the life cycle of the AIS. Reference(s) use for this question: SWANSON, Marianne & GUTTMAN, Barbara, National Institute of Standards and Technology (NIST), NIST Special Publication 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, September 1996 (page 26). and A guide to understanding Data Remanence in Automated Information Systems
SSCP Exam Question 19
What is the PRIMARY reason to maintain the chain of custody on evidence that has been collected?
Correct Answer: C
Explanation/Reference: This is the PRIMARY reason for the chain of custody of evidence. Evidence must be controlled every step of the way. If it is not, the evidence can be tampered with and ruled inadmissable. The Chain of Custody will include a detailed record of: Who obtained the evidence What was the evidence Where and when the evidence was obtained Who secured the evidence Who had control or possession of the evidence The following answers are incorrect because : To ensure that no evidence is lost is incorrect as it is not the PRIMARY reason. To ensure that all possible evidence is gathered is also incorrect as it is not the PRIMARY reason. To ensure that incidents were handled with due care and due diligence is also incorrect as it is also not the PRIMARY reason. The chain of custody is a history that shows how evidence was collected, analyzed, transported, and preserved in order to establish that it is sufficiently trustworthy to be presented as evidence in court. Because electronic evidence can be easily modified, a clearly defined chain of custody demonstrates that the evidence is trustworthy which would make it admissible in court. Reference : Shon Harris AIO v3 , Chapter-10: Law, Investigation, and Ethics , Page : 727
SSCP Exam Question 20
Which of the following was developed to address some of the weaknesses in Kerberos and uses public key cryptography for the distribution of secret keys and provides additional access control support?
Correct Answer: A
Explanation/Reference: Secure European System for Applications in a Multi-vendor Environment (SESAME) was developed to address some of the weaknesses in Kerberos and uses public key cryptography for the distribution of secret keys and provides additional access control support. Reference: TIPTON, Harold, Official (ISC)2 Guide to the CISSP CBK (2007), page 184. ISC OIG Second Edition, Access Controls, Page 111
