[Cisspstudy] Bell-Lapadula?

Clement Dupuis clement.dupuis at cccure.com
Mon Sep 7 20:27:15 EDT 2009 

Good day,

I totally agree with what you were told at the review seminar as far as the
real exam is concerned.  On the real exam you ALWAYS answer ALL of the
questions.  Even if you have to completely guess.  You are not penalize for
the wrong answer.

In this case you try to identify the best of the bad answers but do not
spent too much time on coming up with answer to bad questions.  Just ensure
you DO KNOW what is the best answer and you will be fine for the exam.  If
you run into a strange question on the exam there are a form you can fill
out to report the question that you disagree.

Do take care

Clement


On Mon, Sep 7, 2009 at 14:53, <An.Dang at do.treas.gov> wrote:

> Clement,
>
> Thank you for the information.  If we run into "bad" questions like this
> ... Which I don't doubt... should we leave the answer blank or go with the
> "best" answer and darken in the best guestimate.
>
> I was told to circle in something is better than leaving it blank at the
> Review Seminar.
>
> Thanks.
>
>
> ----- Original Message -----
> From: cisspstudy-bounces at cccure.org <cisspstudy-bounces at cccure.org>
> To: cisspstudy at cccure.org <cisspstudy at cccure.org>
> Sent: Mon Sep 07 09:49:53 2009
> Subject: cisspstudy Digest, Vol 15, Issue 11
>
> Send cisspstudy mailing list submissions to
>        cisspstudy at cccure.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> or, via email, send a message with subject or body 'help' to
>        cisspstudy-request at cccure.org
>
> You can reach the person managing the list at
>        cisspstudy-owner at cccure.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of cisspstudy digest..."
>
>
> Today's Topics:
>
>    1. Re: Bell-Lapadula? (Clement Dupuis)
>   2. Re: Bell-Lapadula? (gerritsjs)
>   3. Re: Bell-Lapadula? (gerritsjs)
>   4. Re: Bell-Lapadula? (Clement Dupuis)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 7 Sep 2009 06:25:39 -0400
> From: Clement Dupuis <clement.dupuis at cccure.com>
> To: The CISSP Study Mailing list <cisspstudy at cccure.org>
> Subject: Re: [Cisspstudy] Bell-Lapadula?
> Message-ID:
>        <959788640909070325h1ef07924n33a15ea186a67fe at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> With info this time:
>
> A system state is defined to be "secure" if the only permitted access modes
> of subjects to objects are in accordance with a security
> policy<http://en.wikipedia.org/wiki/Security_policy>.
> To determine whether a specific access mode is allowed, the clearance of a
> subject is compared to the classification of the object (more precisely, to
> the combination of classification and set of compartments, making up
> the *security
> level*) to determine if the subject is authorized for the specific access
> mode. The clearance/classification scheme is expressed in terms of a
> lattice. The model defines two mandatory access
> control<http://en.wikipedia.org/wiki/Mandatory_access_control>(MAC)
> rules and one discretionary
> access control <http://en.wikipedia.org/wiki/Discretionary_access_control
> >(DAC)
> rule with three security properties:
>
>
> Take care
>
> Clement
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090907/32503f89/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Mon, 7 Sep 2009 06:44:42 -0700
> From: "gerritsjs" <gerritsjs at gmail.com>
> To: "'The CISSP Study Mailing list'" <cisspstudy at cccure.org>
> Subject: Re: [Cisspstudy] Bell-Lapadula?
> Message-ID: <4aa50e4e.1d1d640a.422b.ffff9d6f at mx.google.com>
> Content-Type: text/plain; charset="us-ascii"
>
> So what is the best answer, or there are many?
>
>
>
>  _____
>
> From: cisspstudy-bounces at cccure.org [mailto:cisspstudy-bounces at cccure.org]
> On Behalf Of Clement Dupuis
> Sent: Monday, September 07, 2009 3:26 AM
> To: The CISSP Study Mailing list
> Subject: Re: [Cisspstudy] Bell-Lapadula?
>
>
>
> With info this time:
>
> A system state is defined to be "secure" if the only permitted access modes
> of subjects to objects are in accordance with a security
> <http://en.wikipedia.org/wiki/Security_policy>  policy. To determine
> whether
> a specific access mode is allowed, the clearance of a subject is compared
> to
> the classification of the object (more precisely, to the combination of
> classification and set of compartments, making up the security level) to
> determine if the subject is authorized for the specific access mode. The
> clearance/classification scheme is expressed in terms of a lattice. The
> model defines two mandatory access control
> <http://en.wikipedia.org/wiki/Mandatory_access_control>  (MAC) rules and
> one
> discretionary access control
> <http://en.wikipedia.org/wiki/Discretionary_access_control>  (DAC) rule
> with
> three security properties:
>
>
> Take care
>
> Clement
>
>
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090907/792a3d08/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 3
> Date: Mon, 7 Sep 2009 06:46:37 -0700
> From: "gerritsjs" <gerritsjs at gmail.com>
> To: "'The CISSP Study Mailing list'" <cisspstudy at cccure.org>
> Subject: Re: [Cisspstudy] Bell-Lapadula?
> Message-ID: <4aa50ec1.0e36640a.094f.ffff845a at mx.google.com>
> Content-Type: text/plain; charset="us-ascii"
>
> What do you then define a system to be in a 'secure' state?
>
>
>
>  _____
>
> From: cisspstudy-bounces at cccure.org [mailto:cisspstudy-bounces at cccure.org]
> On Behalf Of Clement Dupuis
> Sent: Monday, September 07, 2009 3:26 AM
> To: The CISSP Study Mailing list
> Subject: Re: [Cisspstudy] Bell-Lapadula?
>
>
>
> With info this time:
>
> A system state is defined to be "secure" if the only permitted access modes
> of subjects to objects are in accordance with a security
> <http://en.wikipedia.org/wiki/Security_policy>  policy. To determine
> whether
> a specific access mode is allowed, the clearance of a subject is compared
> to
> the classification of the object (more precisely, to the combination of
> classification and set of compartments, making up the security level) to
> determine if the subject is authorized for the specific access mode. The
> clearance/classification scheme is expressed in terms of a lattice. The
> model defines two mandatory access control
> <http://en.wikipedia.org/wiki/Mandatory_access_control>  (MAC) rules and
> one
> discretionary access control
> <http://en.wikipedia.org/wiki/Discretionary_access_control>  (DAC) rule
> with
> three security properties:
>
>
> Take care
>
> Clement
>
>
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090907/7f0cb639/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 4
> Date: Mon, 7 Sep 2009 09:49:48 -0400
> From: Clement Dupuis <clement.dupuis at cccure.com>
> To: The CISSP Study Mailing list <cisspstudy at cccure.org>
> Subject: Re: [Cisspstudy] Bell-Lapadula?
> Message-ID:
>        <959788640909070649o6a5de8b5m86cf0abe8fccd047 at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> There is NO best answer.
>
> It is a bad questions
>
> Take care
>
> Clement
>
> Cl?ment Dupuis, CD
> CISSP, GCFW, GCIA, Security+, CEH, ECSA, LPT, CCSA, CCSE, MBNS, MBIS, MBHS,
>  ACE
>
> ----------------------------------------------------------------------------------------------
> In real life:
> Senior Security Specialist and Instructor
> Security University
> >>  Call me to get the best CISSP training  <<
>
> ----------------------------------------------------------------------------------------------
> In Cyberspace:
> President/Security Evangelist/Chief Learning Officer (CLO)
> The CCCure Family of Portals
>
> ----------------------------------------------------------------------------------------------
> Business:  407 479 3903
> Fax:          407 264 8396
>
> Maintainer of :
> The CISSP and SSCP Open Study Guides Web Site
> http://www.cccure.org
>
> The Professional Security Testers Warehouse
> http://www.professionalsecuritytesters.org
>
> Knowledge sharing and giving back to the community
>
>
> On Mon, Sep 7, 2009 at 09:44, gerritsjs <gerritsjs at gmail.com> wrote:
>
> >  So what is the best answer, or there are many?
> >
> >
> >  ------------------------------
> >
> > *From:* cisspstudy-bounces at cccure.org [mailto:
> > cisspstudy-bounces at cccure.org] *On Behalf Of *Clement Dupuis
> > *Sent:* Monday, September 07, 2009 3:26 AM
> > *To:* The CISSP Study Mailing list
> > *Subject:* Re: [Cisspstudy] Bell-Lapadula?
> >
> >
> >
> > With info this time:
> >
> >
> > A system state is defined to be "secure" if the only permitted access
> modes
> > of subjects to objects are in accordance with a security policy<
> http://en.wikipedia.org/wiki/Security_policy>.
> > To determine whether a specific access mode is allowed, the clearance of
> a
> > subject is compared to the classification of the object (more precisely,
> to
> > the combination of classification and set of compartments, making up the
> *security
> > level*) to determine if the subject is authorized for the specific access
> > mode. The clearance/classification scheme is expressed in terms of a
> > lattice. The model defines two mandatory access control<
> http://en.wikipedia.org/wiki/Mandatory_access_control>(MAC) rules and one
> discretionary
> > access control <
> http://en.wikipedia.org/wiki/Discretionary_access_control>(DAC) rule with
> three security properties:
> >
> >
> > Take care
> >
> > Clement
> >
> >
> >
> > _______________________________________________
> > cisspstudy mailing list
> > cisspstudy at cccure.org
> > http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
> >
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090907/b6888594/attachment.html
> >
>
> ------------------------------
>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
> End of cisspstudy Digest, Vol 15, Issue 11
> ******************************************
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090907/d85c198e/attachment-0001.html>

More information about the cisspstudy mailing list