exam questions

Exam SSCP All Questions

View all questions & answers for the SSCP exam

Exam SSCP topic 1 question 211 discussion

Actual exam question from ISC's SSCP
Question #: 211
Topic #: 1
[All SSCP Questions]

Which TCSEC level is labeled Controlled Access Protection?

  • A. C1
  • B. C2
  • C. C3
  • D. B1
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
C2 is labeled Controlled Access Protection.
The TCSEC defines four divisions: D, C, B and A where division A has the highest security.
Each division represents a significant difference in the trust an individual or organization can place on the evaluated system. Additionally divisions C, B and A are broken into a series of hierarchical subdivisions called classes: C1, C2, B1, B2, B3 and A1.
Each division and class expands or modifies as indicated the requirements of the immediately prior division or class.

D Minimal protection -
Reserved for those systems that have been evaluated but that fail to meet the requirements for a higher division

C Discretionary protection -
C1 Discretionary Security Protection
Identification and authentication

Separation of users and data -
Discretionary Access Control (DAC) capable of enforcing access limitations on an individual basis
Required System Documentation and user manuals
C2 Controlled Access Protection

More finely grained DAC -
Individual accountability through login procedures

Audit trails -

Object reuse -

Resource isolation -

B Mandatory protection -

B1 Labeled Security Protection -
Informal statement of the security policy model

Data sensitivity labels -
Mandatory Access Control (MAC) over selected subjects and objects

Label exportation capabilities -
All discovered flaws must be removed or otherwise mitigated
Design specifications and verification

B2 Structured Protection -
Security policy model clearly defined and formally documented
DAC and MAC enforcement extended to all subjects and objects
Covert storage channels are analyzed for occurrence and bandwidth
Carefully structured into protection-critical and non-protection-critical elements
Design and implementation enable more comprehensive testing and review
Authentication mechanisms are strengthened
Trusted facility management is provided with administrator and operator segregation
Strict configuration management controls are imposed

B3 Security Domains -
Satisfies reference monitor requirements
Structured to exclude code not essential to security policy enforcement
Significant system engineering directed toward minimizing complexity
Security administrator role defined

Audit security-relevant events -
Automated imminent intrusion detection, notification, and response
Trusted system recovery procedures
Covert timing channels are analyzed for occurrence and bandwidth
An example of such a system is the XTS-300, a precursor to the XTS-400

A Verified protection -

A1 Verified Design -

Functionally identical to B3 -
Formal design and verification techniques including a formal top-level specification
Formal management and distribution procedures
An example of such a system is Honeywell's Secure Communications Processor SCOMP, a precursor to the XTS-400

Beyond A1 -
System Architecture demonstrates that the requirements of self-protection and completeness for reference monitors have been implemented in the Trusted
Computing Base (TCB).
Security Testing automatically generates test-case from the formal top-level specification or formal lower-level specifications.
Formal Specification and Verification is where the TCB is verified down to the source code level, using formal verification methods where feasible.
Trusted Design Environment is where the TCB is designed in a trusted facility with only trusted (cleared) personnel.
The following are incorrect answers:

C1 is Discretionary security -
C3 does not exists, it is only a detractor
B1 is called Labeled Security Protection.
Reference(s) used for this question:
HARE, Chris, Security management Practices CISSP Open Study Guide, version 1.0, april 1999. and
AIOv4 Security Architecture and Design (pages 357 - 361)
AIOv5 Security Architecture and Design (pages 358 - 362)
Community vote distribution
D (100%)

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
JoseIRONMAN
6 months ago
Selected Answer: D
Is the correct answer D? B1 involves labeled security protection and B2 involves structured protection
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
PL-200
Dubai, 1 minute ago