SSCP : System Security Certified Practitioner (SSCP) : Part 28

SSCP : System Security Certified Practitioner (SSCP) : Part 28

1. Which type of control is concerned with restoring controls?

   • Compensating controls
   • Corrective controls
   • Detective controls
   • Preventive controls

   Explanation:

   Corrective controls are concerned with remedying circumstances and restoring controls.

   Detective controls are concerned with investigating what happen after the fact such as logs and video surveillance tapes for example.

   Compensating controls are alternative controls, used to compensate weaknesses in other controls.
   Preventive controls are concerned with avoiding occurrences of risks.
   Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

2. Which access control model was proposed for enforcing access control in government and military applications?

   • Bell-LaPadula model
   • Biba model
   • Sutherland model
   • Brewer-Nash model
   Explanation:
   The Bell-LaPadula model, mostly concerned with confidentiality, was proposed for enforcing access control in government and military applications. It supports mandatory access control by determining the access rights from the security levels associated with subjects and objects. It also supports discretionary access control by checking access rights from an access matrix. The Biba model, introduced in 1977, the Sutherland model, published in 1986, and the Brewer-Nash model, published in 1989, are concerned with integrity.
   Source: ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 2: Access Control Systems and Methodology (page 11).

3. Which access control model achieves data integrity through well-formed transactions and separation of duties?

   • Clark-Wilson model
   • Biba model
   • Non-interference model
   • Sutherland model
   Explanation:
   The Clark-Wilson model differs from other models that are subject- and object- oriented by introducing a third access element programs resulting in what is called an access triple, which prevents unauthorized users from modifying data or programs. The Biba model uses objects and subjects and addresses integrity based on a hierarchical lattice of integrity levels. The non-interference model is related to the information flow model with restrictions on the information flow. The Sutherland model approaches integrity by focusing on the problem of inference.
   Source: ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 2: Access Control Systems and Methodology (page 12).
   And: KRAUSE, Micki & TIPTON, Harold F., Handbook of Information Security Management, CRC Press, 1997, Domain 1: Access Control.

4. Which TCSEC class specifies discretionary protection?

   • B2
   • B1
   • C2
   • C1
   Explanation:
   C1 involves discretionary protection, C2 involves controlled access protection, B1 involves labeled security protection and B2 involves structured protection.
   Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. 

5. Which of the following access control techniques best gives the security officers the ability to specify and enforce enterprise-specific security policies in a way that maps naturally to an organization’s structure?

   • Access control lists
   • Discretionary access control
   • Role-based access control
   • Non-mandatory access control
   Explanation:
   Role-based access control (RBAC) gives the security officers the ability to specify and enforce enterprise-specific security policies in a way that maps naturally to an organization’s structure. Each user is assigned one or more roles, and each role is assigned one or more privileges that are given to users in that role. An access control list (ACL) is a table that tells a system which access rights each user has to a particular system object. With discretionary access control, administration is decentralized and owners of resources control other users’ access. Non-mandatory access control is not a defined access control technique.
   Source: ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 2: Access Control Systems and Methodology (page 9).

6. Which security model uses division of operations into different parts and requires different users to perform each part?

   • Bell-LaPadula model
   • Biba model
   • Clark-Wilson model
   • Non-interference model
   Explanation:

   The Clark-Wilson model uses separation of duties, which divides an operation into different parts and requires different users to perform each part. This prevents authorized users from making unauthorized modifications to data, thereby protecting its integrity.

   The Clark-Wilson integrity model provides a foundation for specifying and analyzing an integrity policy for a computing system.

   The model is primarily concerned with formalizing the notion of information integrity. Information integrity is maintained by preventing corruption of data items in a system due to either error or malicious intent. An integrity policy describes how the data items in the system should be kept valid from one state of the system to the next and specifies the capabilities of various principals in the system. The model defines enforcement rules and certification rules.

   The model’s enforcement and certification rules define data items and processes that provide the basis for an integrity policy. The core of the model is based on the notion of a transaction.

   A well-formed transaction is a series of operations that transition a system from one consistent state to another consistent state.
   In this model the integrity policy addresses the integrity of the transactions.
   The principle of separation of duty requires that the certifier of a transaction and the implementer be different entities.

   The model contains a number of basic constructs that represent both data items and processes that operate on those data items. The key data type in the Clark-Wilson model is a Constrained Data Item (CDI). An Integrity Verification Procedure (IVP) ensures that all CDIs in the system are valid at a certain state. Transactions that enforce the integrity policy are represented by Transformation Procedures (TPs). A TP takes as input a CDI or Unconstrained Data Item (UDI) and produces a CDI. A TP must transition the system from one valid state to another valid state. UDIs represent system input (such as that provided by a user or adversary). A TP must guarantee (via certification) that it transforms all possible values of a UDI to a “safe” CDI.

   In general, preservation of data integrity has three goals:

   Prevent data modification by unauthorized parties
   Prevent unauthorized data modification by authorized parties
   Maintain internal and external consistency (i.e. data reflects the real world)

   Clark-Wilson addresses all three rules but BIBA addresses only the first rule of intergrity.

   References:
   HARRIS, Shon, All-In-One CISSP Certification Fifth Edition, McGraw-Hill/Osborne, Chapter 5: Security Architecture and Design (Page 341-344).
   and
   http://en.wikipedia.org/wiki/Clark-Wilson_model

7. What is the main objective of proper separation of duties?

   • To prevent employees from disclosing sensitive information.
   • To ensure access controls are in place.
   • To ensure that no single individual can compromise a system.
   • To ensure that audit trails are not tampered with.
   Explanation:
   The primary objective of proper separation of duties is to ensure that one person acting alone cannot compromise the company’s security in any way. A proper separation of duties does not prevent employees from disclosing information, nor does it ensure that access controls are in place or that audit trails are not tampered with.
   Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 12: Operations Security (Page 808).

8. What does the simple integrity axiom mean in the Biba model?

   • No write down
   • No read down
   • No read up
   • No write up
   Explanation:
   The simple integrity axiom of the Biba access control model states that a subject at one level of integrity is not permitted to observe an object of a lower integrity (no read down).
   Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security Architectures and Models (page 205).

9. What is the Biba security model concerned with?

   • Confidentiality
   • Reliability
   • Availability
   • Integrity
   Explanation:
   The Biba security model addresses the integrity of data being threatened when subjects at lower security levels are able to write to objects at higher security levels and when subjects can read data at lower levels.
   Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 5: Security Models and Architecture (Page 244).

10. Which of the following Operation Security controls is intended to prevent unauthorized intruders from internally or externally accessing the system, and to lower the amount and impact of unintentional errors that are entering the system?

    • Detective Controls
    • Preventative Controls
    • Corrective Controls
    • Directive Controls
    Explanation:
    In the Operations Security domain, Preventative Controls are designed to prevent unauthorized intruders from internally or externally accessing the system, and to lower the amount and impact of unintentional errors that are entering the system.
    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 217.

11. This baseline sets certain thresholds for specific errors or mistakes allowed and the amount of these occurrences that can take place before it is considered suspicious?

    • Checkpoint level
    • Ceiling level
    • Clipping level
    • Threshold level
    Explanation:

    Organizations usually forgive a particular type, number, or pattern of violations, thus permitting a predetermined number of user errors before gathering this data for analysis. An organization attempting to track all violations, without sophisticated statistical computing ability, would be unable to manage the sheer quantity of such data. To make a violation listing effective, a clipping level must be established.

    The clipping level establishes a baseline for violation activities that may be normal user errors. Only after this baseline is exceeded is a violation record produced. This solution is particularly effective for small- to medium-sized installations. Organizations with large-scale computing facilities often track all violations and use statistical routines to cull out the minor infractions (e.g., forgetting a password or mistyping it several times).

    If the number of violations being tracked becomes unmanageable, the first step in correcting the problems should be to analyze why the condition has occurred. Do users understand how they are to interact with the computer resource? Are the rules too difficult to follow? Violation tracking and analysis can be valuable tools in assisting an organization to develop thorough but useable controls. Once these are in place and records are produced that accurately reflect serious violations, tracking and analysis become the first line of defense. With this procedure, intrusions are discovered before major damage occurs and sometimes early enough to catch the perpetrator. In addition, business protection and preservation are strengthened.

    The following answers are incorrect:
    All of the other choices presented were simply detractors.

    The following reference(s) were used for this question:
    Handbook of Information Security Management

12. Which of the following is related to physical security and is not considered a technical control?

    • Access control Mechanisms
    • Intrusion Detection Systems
    • Firewalls
    • Locks
    Explanation:

    All of the above are considered technical controls except for locks, which are physical controls.

    Administrative, Technical, and Physical Security Controls

    Administrative security controls are primarily policies and procedures put into place to define and guide employee actions in dealing with the organization’s sensitive information. For example, policy might dictate (and procedures indicate how) that human resources conduct background checks on employees with access to sensitive information. Requiring that information be classified and the process to classify and review information classifications is another example of an administrative control. The organization security awareness program is an administrative control used to make employees cognizant of their security roles and responsibilities. Note that administrative security controls in the form of a policy can be enforced or verified with technical or physical security controls. For instance, security policy may state that computers without antivirus software cannot connect to the network, but a technical control, such as network access control software, will check for antivirus software when a computer tries to attach to the network.

    Technical security controls (also called logical controls) are devices, processes, protocols, and other measures used to protect the C.I.A. of sensitive information. Examples include logical access systems, encryptions systems, antivirus systems, firewalls, and intrusion detection systems.

    Physical security controls are devices and means to control physical access to sensitive information and to protect the availability of the information. Examples are physical access systems (fences, mantraps, guards), physical intrusion detection systems (motion detector, alarm system), and physical protection systems (sprinklers, backup generator). Administrative and technical controls depend on proper physical security controls being in place. An administrative policy allowing only authorized employees access to the data center do little good without some kind of physical access control.
    From the GIAC.ORG website

13. Which of the following floors would be most appropriate to locate information processing facilities in a 6-stories building?

    • Basement
    • Ground floor
    • Third floor
    • Sixth floor
    Explanation:

    You data center should be located in the middle of the facility or the core of a building to provide protection from natural disasters or bombs and provide easier access to emergency crewmembers if necessary. By being at the core of the facility the external wall would act as a secondary layer of protection as well.

    Information processing facilities should not be located on the top floors of buildings in case of a fire or flooding coming from the roof. Many crimes and theft have also been conducted by simply cutting a large hole on the roof.

    They should not be in the basement because of flooding where water has a natural tendancy to flow down 🙂 Even a little amount of water would affect your operation considering the quantity of electrical cabling sitting directly on the cement floor under under your raise floor.

    The data center should not be located on the first floor due to the presence of the main entrance where people are coming in and out. You have a lot of high traffic areas such as the elevators, the loading docks, cafeteria, coffee shopt, etc.. Really a bad location for a data center.

    So it was easy to come up with the answer by using the process of elimination where the top, the bottom, and the basement are all bad choices. That left you with only one possible answer which is the third floor.
    Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 5th Edition, Page 425.

14. For maximum security design, what type of fence is most effective and cost-effective method (Foot are being used as measurement unit below)?

    • 3′ to 4′ high
    • 6′ to 7′ high
    • 8′ high and above with strands of barbed wire
    • Double fencing
    Explanation:

    The most commonly used fence is the chain linked fence and it is the most affordable. The standard is a six-foot high fence with two-inch mesh square openings. The material should consist of nine-gauge vinyl or galvanized metal. Nine-gauge is a typical fence material installed in residential areas.

    Additionally, it is recommended to place barbed wire strands angled out from the top of the fence at a 45° angle and away from the protected area with three strands running across the top. This will provide for a seven-foot fence. There are several variations of the use of “top guards” using V-shaped barbed wire or the use of concertina wire as an enhancement, which has been a replacement for more traditional three strand barbed wire “top guards.”

    The fence should be fastened to ridged metal posts set in concrete every six feet with additional bracing at the corners and gate openings. The bottom of the fence should be stabilized against intruders crawling under by attaching posts along the bottom to keep the fence from being pushed or pulled up from the bottom. If the soil is sandy, the bottom edge of the fence should be installed below ground level.

    For maximum security design, the use of double fencing with rolls of concertina wire positioned between the two fences is the most effective deterrent and cost-efficient method. In this design, an intruder is required to use an extensive array of ladders and equipment to breach the fences.

    Most fencing is largely a psychological deterrent and a boundary marker rather than a barrier, because in most cases such fences can be rather easily penetrated unless added security measures are taken to enhance the security of the fence. Sensors attached to the fence to provide electronic monitoring of cutting or scaling the fence can be used.

    Reference(s) used for this question:
    Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 24416-24431). Auerbach Publications. Kindle Edition.

15. Another type of access control is lattice-based access control. In this type of control a lattice model is applied. How is this type of access control concept applied?

    • The pair of elements is the subject and object, and the subject has an upper bound equal or higher than the upper bound of the object being accessed.
    • The pair of elements is the subject and object, and the subject has an upper bound lower then the upper bound of the object being accessed.
    • The pair of elements is the subject and object, and the subject has no special upper or lower bound needed within the lattice.
    • The pair of elements is the subject and object, and the subject has no access rights in relation to an object.
    Explanation:

    To apply this concept to access control, the pair of elements is the subject and object, and the subject has to have an upper bound equal or higher than the object being accessed.

    WIKIPEDIA has a great explanation as well:

    In computer security, lattice-based access control (LBAC) is a complex access control based on the interaction between any combination of objects (such as resources, computers, and applications) and subjects (such as individuals, groups or organizations).
    In this type of label-based mandatory access control model, a lattice is used to define the levels of security that an object may have and that a subject may have access to. The subject is only allowed to access an object if the security level of the subject is greater than or equal to that of the object.

    Reference(s) used for this question:

    KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34.
    and
    http://en.wikipedia.org/wiki/Lattice-based_access_control

16. Detective/Technical measures:

    • include intrusion detection systems and automatically-generated violation reports from audit trail information.
    • do not include intrusion detection systems and automatically-generated violation reports from audit trail information.
    • include intrusion detection systems but do not include automatically-generated violation reports from audit trail information.
    • include intrusion detection systems and customised-generated violation reports from audit trail information.
    Explanation:
    Detective/Technical measures include intrusion detection systems and automatically-generated violation reports from audit trail information. These reports can indicate variations from “normal” operation or detect known signatures of unauthorized access episodes. In order to limit the amount of audit information flagged and reported by automated violation analysis and reporting mechanisms, clipping levels can be set.
    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 35.

17. In non-discretionary access control using Role Based Access Control (RBAC), a central authority determines what subjects can have access to certain objects based on the organizational security policy. The access controls may be based on:

    • The societies role in the organization
    • The individual’s role in the organization
    • The group-dynamics as they relate to the individual’s role in the organization
    • The group-dynamics as they relate to the master-slave role in the organization
    Explanation:

    In Non-Discretionary Access Control, when Role Based Access Control is being used, a central authority determines what subjects can have access to certain objects based on the organizational security policy. The access controls may be based on the individual’s role in the organization.

    Reference(S) used for this question:
    KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33.

18. In an organization where there are frequent personnel changes, non-discretionary access control using Role Based Access Control (RBAC) is useful because:

    • people need not use discretion
    • the access controls are based on the individual’s role or title within the organization.
    • the access controls are not based on the individual’s role or title within the organization
    • the access controls are often based on the individual’s role or title within the organization
    Explanation:

    In an organization where there are frequent personnel changes, non-discretionary access control (also called Role Based Access Control) is useful because the access controls are based on the individual’s role or title within the organization. You can easily configure a new employee acces by assigning the user to a role that has been predefine. The user will implicitly inherit the permissions of the role by being a member of that role.

    These access permissions defined within the role do not need to be changed whenever a new person takes over the role.

    Another type of non-discretionary access control model is the Rule Based Access Control (RBAC or RuBAC) where a global set of rule is uniformly applied to all subjects accessing the resources. A good example of RuBAC would be a firewall.

    This question is a sneaky one, one of the choice has only one added word to it which is often. Reading questions and their choices very carefully is a must for the real exam. Reading it twice if needed is recommended.

    Shon Harris in her book list the following ways of managing RBAC:

    Role-based access control can be managed in the following ways:

    Non-RBAC Users are mapped directly to applications and no roles are used. (No roles being used)

    Limited RBAC Users are mapped to multiple roles and mapped directly to other types of applications that do not have role-based access functionality. (A mix of roles for applications that supports roles and explicit access control would be used for applications that do not support roles)

    Hybrid RBAC Users are mapped to multiapplication roles with only selected rights assigned to those roles.

    Full RBAC Users are mapped to enterprise roles. (Roles are used for all access being granted)

    NIST defines RBAC as:
    Security administration can be costly and prone to error because administrators usually specify access control lists for each user on the system individually. With RBAC, security is managed at a level that corresponds closely to the organization’s structure. Each user is assigned one or more roles, and each role is assigned one or more privileges that are permitted to users in that role. Security administration with RBAC consists of determining the operations that must be executed by persons in particular jobs, and assigning employees to the proper roles. Complexities introduced by mutually exclusive roles or role hierarchies are handled by the RBAC software, making security administration easier.

    Reference(s) used for this question:

    KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 32.
    and
    Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition McGraw-Hill.
    and
    http://csrc.nist.gov/groups/SNS/rbac/

19. When submitting a passphrase for authentication, the passphrase is converted into …

    • a virtual password by the system
    • a new passphrase by the system
    • a new passphrase by the encryption technology
    • a real password by the system which can be used forever
    Explanation:

    Passwords can be compromised and must be protected. In the ideal case, a password should only be used once. The changing of passwords can also fall between these two extremes.

    Passwords can be required to change monthly, quarterly, or at other intervals, depending on the criticality of the information needing protection and the password’s frequency of use.

    Obviously, the more times a password is used, the more chance there is of it being compromised.

    It is recommended to use a passphrase instead of a password. A passphrase is more resistant to attacks. The passphrase is converted into a virtual password by the system. Often time the passphrase will exceed the maximum length supported by the system and it must be trucated into a Virtual Password.

    Reference(s) used for this question:

    http://www.itl.nist.gov/fipspubs/fip112.htm
    and
    KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 36 & 37.

20. An alternative to using passwords for authentication in logical or technical access control is:

    • manage without passwords
    • biometrics
    • not there
    • use of them for physical access control
    Explanation:
    An alternative to using passwords for authentication in logical or technical access control is biometrics. Biometrics are based on the Type 3 authentication mechanism-something you are.
    Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 37.