WGU E025 SECURITY MODELS
EXAMINATION 2026 : QUESTIONS
AND RATIONALES/GRADED A+
UPDATE 100% CORRECT
SECTION A: Confidentiality Models (Questions 1-15)
Question 1
A military defense contractor implements a system where a user with "Secret"
clearance cannot read a document classified as "Top Secret." However, they can write
to a "Top Secret" file if their security level permits. Which security model property does
this scenario violate?
A) Bell-LaPadula Simple Security Property
B) Bell-LaPadula *-Property (Star Property)
C) Biba Integrity Model
D) Clark-Wilson Separation of Duty
Correct Answer: B - Bell-LaPadula *-Property (Star Property) prevents writing up to
higher classification levels. The scenario describes writing up (Secret user writing to
Top Secret), which violates the *-property that states no write up to prevent
contamination of higher-level objects.
Question 2
A hospital's electronic health record system must ensure that doctors can only access
patient records for patients under their care. The system uses sensitivity labels on data
(Public, Internal, Confidential, Restricted) and clearances on users. A doctor attempts to
,read a Restricted patient record but is denied. Which Bell-LaPadula property is being
enforced?
A) Discretionary Security Property
B) *-Property
C) Simple Security Property (No Read Up)
D) Tranquility Property
Correct Answer: C - The Simple Security Property (no read up) prevents subjects
from reading objects at a higher classification level than the subject's clearance. Since
the doctor lacks sufficient clearance for Restricted data, access is denied.
Question 3
An intelligence analyst with "Top Secret" clearance (no special access programs)
accidentally attempts to write classified intelligence into an unclassified shared drive
accessible to all agency personnel. Which model would prevent this action to protect
confidentiality?
A) Biba Integrity Model
B) Bell-LaPadula *-Property
C) Clark-Wilson Certification Rules
D) Harrison-Ruzzo-Ullman Model
Correct Answer: B - The Bell-LaPadula *-Property (Star Property) prohibits writing
down to lower classification levels (no write down) to prevent disclosure of sensitive
information to unauthorized subjects.
Question 4
A government agency implements mandatory access controls where all subjects and
objects have fixed security labels that cannot change during system operation. This
implementation follows which Bell-LaPadula principle?
A) Strong Tranquility
B) Weak Tranquility
C) Discretionary Access Control
D) Role-Based Control
,Correct Answer: A - Strong Tranquility means security labels never change during
system operation. Weak tranquility allows label changes but only in ways that do not
violate security policies.
Question 5
An organization uses a multilevel secure database where a user with "Confidential"
clearance can read Public and Internal data but cannot read Secret data. Which access
pattern describes this user's allowed reads?
A) Read up only
B) Read down only
C) Read sideways only
D) Read up and read down
Correct Answer: B - The user can only read data at or below their clearance level
(Confidential can read Public, Internal, and Confidential), which is "read down" in
security lattice terminology.
Question 6
A system designer implements a covert channel analysis tool to detect potential
information leakage pathways. This is most directly addressing a known limitation of
which security model?
A) Biba Integrity Model
B) Clark-Wilson Model
C) Bell-LaPadula Model
D) Graham-Denning Model
Correct Answer: C - Bell-LaPadula is vulnerable to covert channels (timing, storage)
that can bypass the formal access controls. Covert channel analysis is a common
countermeasure for Bell-LaPadula implementations.
Question 7
, Data at rest encryption for top-secret documents ensures that even if storage media is
stolen, confidentiality is maintained. This security control complements which Bell-
LaPadula property?
A) *-Property
B) Simple Security Property
C) Discretionary Access Control
D) Label Based Access Control
Correct Answer: B - The Simple Security Property prevents unauthorized reads.
Encryption ensures that physical theft cannot result in unauthorized read access,
supporting the no-read-up principle at the storage level.
Question 8
Which of the following scenarios would be PERMITTED under Bell-LaPadula but NOT
permitted under Biba?
A) A user reading a document at their own clearance level
B) A user writing to a document at a lower classification level
C) A user reading a document at a lower classification level
D) A user writing to a document at their own clearance level
Correct Answer: C - Bell-LaPadula permits reading down, while Biba prohibits
reading down (due to its integrity focus). This is a key distinction between the two
models.
Question 9
A defense messaging system allows a Secret-cleared user to send messages to other
Secret-cleared users and to Confidential-cleared users, but not to Top Secret users.
Which Bell-LaPadula rule makes the Top Secret restriction necessary?
A) No write up (*-property)
B) No read up (Simple Security)
C) No write down
D) Discretionary control
EXAMINATION 2026 : QUESTIONS
AND RATIONALES/GRADED A+
UPDATE 100% CORRECT
SECTION A: Confidentiality Models (Questions 1-15)
Question 1
A military defense contractor implements a system where a user with "Secret"
clearance cannot read a document classified as "Top Secret." However, they can write
to a "Top Secret" file if their security level permits. Which security model property does
this scenario violate?
A) Bell-LaPadula Simple Security Property
B) Bell-LaPadula *-Property (Star Property)
C) Biba Integrity Model
D) Clark-Wilson Separation of Duty
Correct Answer: B - Bell-LaPadula *-Property (Star Property) prevents writing up to
higher classification levels. The scenario describes writing up (Secret user writing to
Top Secret), which violates the *-property that states no write up to prevent
contamination of higher-level objects.
Question 2
A hospital's electronic health record system must ensure that doctors can only access
patient records for patients under their care. The system uses sensitivity labels on data
(Public, Internal, Confidential, Restricted) and clearances on users. A doctor attempts to
,read a Restricted patient record but is denied. Which Bell-LaPadula property is being
enforced?
A) Discretionary Security Property
B) *-Property
C) Simple Security Property (No Read Up)
D) Tranquility Property
Correct Answer: C - The Simple Security Property (no read up) prevents subjects
from reading objects at a higher classification level than the subject's clearance. Since
the doctor lacks sufficient clearance for Restricted data, access is denied.
Question 3
An intelligence analyst with "Top Secret" clearance (no special access programs)
accidentally attempts to write classified intelligence into an unclassified shared drive
accessible to all agency personnel. Which model would prevent this action to protect
confidentiality?
A) Biba Integrity Model
B) Bell-LaPadula *-Property
C) Clark-Wilson Certification Rules
D) Harrison-Ruzzo-Ullman Model
Correct Answer: B - The Bell-LaPadula *-Property (Star Property) prohibits writing
down to lower classification levels (no write down) to prevent disclosure of sensitive
information to unauthorized subjects.
Question 4
A government agency implements mandatory access controls where all subjects and
objects have fixed security labels that cannot change during system operation. This
implementation follows which Bell-LaPadula principle?
A) Strong Tranquility
B) Weak Tranquility
C) Discretionary Access Control
D) Role-Based Control
,Correct Answer: A - Strong Tranquility means security labels never change during
system operation. Weak tranquility allows label changes but only in ways that do not
violate security policies.
Question 5
An organization uses a multilevel secure database where a user with "Confidential"
clearance can read Public and Internal data but cannot read Secret data. Which access
pattern describes this user's allowed reads?
A) Read up only
B) Read down only
C) Read sideways only
D) Read up and read down
Correct Answer: B - The user can only read data at or below their clearance level
(Confidential can read Public, Internal, and Confidential), which is "read down" in
security lattice terminology.
Question 6
A system designer implements a covert channel analysis tool to detect potential
information leakage pathways. This is most directly addressing a known limitation of
which security model?
A) Biba Integrity Model
B) Clark-Wilson Model
C) Bell-LaPadula Model
D) Graham-Denning Model
Correct Answer: C - Bell-LaPadula is vulnerable to covert channels (timing, storage)
that can bypass the formal access controls. Covert channel analysis is a common
countermeasure for Bell-LaPadula implementations.
Question 7
, Data at rest encryption for top-secret documents ensures that even if storage media is
stolen, confidentiality is maintained. This security control complements which Bell-
LaPadula property?
A) *-Property
B) Simple Security Property
C) Discretionary Access Control
D) Label Based Access Control
Correct Answer: B - The Simple Security Property prevents unauthorized reads.
Encryption ensures that physical theft cannot result in unauthorized read access,
supporting the no-read-up principle at the storage level.
Question 8
Which of the following scenarios would be PERMITTED under Bell-LaPadula but NOT
permitted under Biba?
A) A user reading a document at their own clearance level
B) A user writing to a document at a lower classification level
C) A user reading a document at a lower classification level
D) A user writing to a document at their own clearance level
Correct Answer: C - Bell-LaPadula permits reading down, while Biba prohibits
reading down (due to its integrity focus). This is a key distinction between the two
models.
Question 9
A defense messaging system allows a Secret-cleared user to send messages to other
Secret-cleared users and to Confidential-cleared users, but not to Top Secret users.
Which Bell-LaPadula rule makes the Top Secret restriction necessary?
A) No write up (*-property)
B) No read up (Simple Security)
C) No write down
D) Discretionary control
