[Cisspstudy] Access Control

fzbrick fzbrick at gmail.com
Sat Aug 29 21:39:11 EDT 2009 

I am curious, is the CISSP given in different languages besides English?

 

 

 

  _____  

From: cisspstudy-bounces at cccure.org [mailto:cisspstudy-bounces at cccure.org]
On Behalf Of Ashraf Amin
Sent: Saturday, August 29, 2009 4:32 PM
To: cisspstudy at cccure.org
Subject: Re: [Cisspstudy] Access Control

 

 <http://csrc.nist.gov/rbac> 

Shon Harris page 210, 217,  cccure.org but ISC2 official  book page 189 says
DAC

For accurate information  <http://csrc.nist.gov/rbac>
http://csrc.nist.gov/rbac

---
Best Regards,
Ashraf Amin


 








  

  _____  

From: twayde86 at hotmail.com
To: cisspstudy at cccure.org
Date: Sat, 29 Aug 2009 16:28:04 -0400
Subject: [Cisspstudy] Access Control

Based on the comments for question 978 one would believe that "rule-based
access control is an example of mandatory access control" and that it would
be the correct answer for question 398. However the answer for 398 is
"Rule-based access control is a type of non-discretionary access control" .

Clement tries to clarify in the comments for 398 by noting "Mandatory Access
Control must make use of LABELS as well.  If there is only rules and no
label, it cannot be Mandatory Access Control" however in question 978 there
is no mention ob labels either but the correct answer is MAC.

I need some clarification as to whether I am missing something.

Thanks

 

Question: 978 | Difficulty: 4/5 | Relevancy: 3/3 


Which of the following is an example of discretionary access control?


*	>  Identity-based access control   
*	   Task-based access control   
*	   Role-based access control   
*	   Rule-based access control  

Sorry - you had a wrong answer. Please review details below.


Details

Submit a comment on this
<http://www.freepracticetests.org/quiz/qcomment.php?q=978>  question

An identity-based access control is an example of discretionary access
control that is based on an individual's identity. Task-based and role-based
access controls are examples of non-discretionary access controls and a
rule-based access control is an example of mandatory access control.
Source: KRUTZ, Ronald L. & VINES, Russel D., The
<http://www.amazon.com/exec/obidos/ASIN/0471413569/thecisspopens-20>  CISSP
Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley &
Sons, 2001, Chapter 2: Access control systems (page 33).

 

 

Question: 398 | Difficulty: 4/5 | Relevancy: 3/3 


The rule-based access control where access is determined by rules is a type
of:


*	   Discretionary Access Control   
*	   Mandatory Access control   
*	>  Non-Discretionary Access Control   
*	   Lattice-based Access control  

Sorry - you had a wrong answer. Please review details below.


Details

Submit a comment on this question
<http://www.freepracticetests.org/quiz/qcomment.php?q=398> 

Rule-based access control is a type of non-discretionary access control
because this access is determined by rules and the subject does not decide
what those rules will be, the rules are uniformly applied to ALL of the
users or subjects. 

Source: KRUTZ, Ronald L. & VINES, Russel D., The
<http://www.amazon.com/exec/obidos/ASIN/0471413569/thecisspopens-20>  CISSP
Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley
& Sons, Page 33.

Comment: NOTE FROM CLEMENT:
Lot of people tend to confuse MAC and Rule Based Access Control.
Mandatory Access Control must make use of LABELS as well.  If there is only
rules and no label, it cannot be Mandatory Access Control.  This is whey
they use they call it Non Discretionary Access control.  In MAC subjects
must have clearance to access sensitive objects.  Objects have labels that
contain the classification to indicate the sensitivity of the object and the
label also has categories to enforce the need to know.
Today the best example of rule based access control would be a firewall.
All rules are imposed globally to any user attempting to connect through the
device.  This is NOT the case with MAC.
  

Contributor: Rakesh Sud

Study area: CISSP CBK - Access Control

Covered topic: Rule-based access control 

This question C Copyright 2003-2009 Rakesh Sud, cccure.org. All rights
reserved. No unauthorized use or duplication without explicit written
permission of author and of cccure.org.

 

 

 

 

Sarchasm -: The gulf between the author of sarcastic wit and the person who
doesn't get it

 

  _____  

Windows Live Messenger: Celebrate 10 amazing years with free winks and
emoticons. Get Them <http://clk.atdmt.com/UKM/go/157562755/direct/01/>  Now

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090829/33e71486/attachment-0001.html>

More information about the cisspstudy mailing list