CSSLP Exam Guide | 2024 Questions & Answers
| 100% Correct | Verified
Which access control mechanism provides the owner of an object the opportunity to determine the
access control permissions for other subjects?
a. Mandatory
b. Role-based
c. Discretionary
d. Token-based - ✔✔Discretionary
The elements UDI and CDI are associated with which access control model?
a. Mandatory access control
b. Clark-Wilson
c. Biba integrity
d. Bell-LaPadula confidentiality - ✔✔Clark-Wilson
The concept of separating elements of a system to prevent inadvertent information sharing is?
a. Leverage existing components
b. separation of duties
c. weakest link
d. least common mechanism - ✔✔Least Common Mechanism
Which of the following is true about the Biba Integrity Model?
a. No write up, no read down
b. No read up, no write down
c. It is described by the simple security rule
d. It uses the high-water-mark principle - ✔✔No write up, no read down
,The concept of preventing a subject from denying a previous action with an object in a system is a
description of?
a. Simple security rule
b. Non-repudiation
c. Defense in depth
d. Constrained data item (CDI) - ✔✔Non-repudiation
What was described as being essential in order to implement discretionary access controls?
a. Object owner-defined security access
b. Certificates
c. Labels
d. Security classifications - ✔✔Object owner-defined security access
The CIA of security includes:
a. Confidentiality, integrity, authentication
b. Certificates, integrity, availability
c. Confidentiality, inspection, authentication
d. Confidentiality, integrity, availability - ✔✔Confidentiality, integrity, availability
Complete mediation is an approach to security that includes:
a. Protect systems and networks by using defense in depth
b. A security design that cannot be bypassed or circumvented
c. The use of interlocking rings of trust to ensure protection to data elements
d. The use of access control lists to enforce security rules - ✔✔A security design that cannot be bypassed
or circumvented (Complete Mediation)
The fundamental approach to security in which an object has only the necessary rights and privilege to
perform its task with no additional permissions is a description of:
a. Layered security
b. Least privilege
,c. Role-based security
d. Clark-Wilson model - ✔✔Least Privilege
Which access control technique relies on a set of rules to determine whether access to an object will be
granted or not?
a. role-based access control
b. Object and rule instantiate access control
c. Rule-based access control
d. Discretionary access control - ✔✔Rule-based access control
The security principle that ensures that no critical function can be executed by any single individual (by
dividing the function into multiple tasks that can't all be executed by the same individual) is know as:
a. Discretionary access control
b. Security through obscurity
c. Separation of duties
d. Implicit deny - ✔✔Separation of duties
The ability of a subject to interact with an object describes:
a. authentication
b. Access
c. Confidentiality
d. Mutual authentication - ✔✔Access
Open design places the focus of security efforts on:
a. Open-source software components
b. Hiding key elements (security through obscurity)
c. Proprietary algorithms
d. Producing a security mechanism in which its strength is independent of its design - ✔✔Producing a
security mechanism in which its strength is independent of its design
, The security principle of fail-safe is related to:
a. Session management
b. Exception management
c. Least privilege
d. Single point of failure - ✔✔Exception management
Using the principle of keeping things simple is related to:
a. Layered security
b. simple Security Rule
c. Economy of mechanism
d. Implementing least privilege for access control - ✔✔Economy of mechanism
Of the following, which is not a class of controls?
a. Physical
b. Informative
c. Technical
d. Administrative - ✔✔Informative
Log file analysis is a form of what type of control?
a. Preventive
b. Detective
c. Corrective
d. Compensating - ✔✔Detective
To calculate ALE, you need?
a. SLE, asset value
b. ARO, asset value
| 100% Correct | Verified
Which access control mechanism provides the owner of an object the opportunity to determine the
access control permissions for other subjects?
a. Mandatory
b. Role-based
c. Discretionary
d. Token-based - ✔✔Discretionary
The elements UDI and CDI are associated with which access control model?
a. Mandatory access control
b. Clark-Wilson
c. Biba integrity
d. Bell-LaPadula confidentiality - ✔✔Clark-Wilson
The concept of separating elements of a system to prevent inadvertent information sharing is?
a. Leverage existing components
b. separation of duties
c. weakest link
d. least common mechanism - ✔✔Least Common Mechanism
Which of the following is true about the Biba Integrity Model?
a. No write up, no read down
b. No read up, no write down
c. It is described by the simple security rule
d. It uses the high-water-mark principle - ✔✔No write up, no read down
,The concept of preventing a subject from denying a previous action with an object in a system is a
description of?
a. Simple security rule
b. Non-repudiation
c. Defense in depth
d. Constrained data item (CDI) - ✔✔Non-repudiation
What was described as being essential in order to implement discretionary access controls?
a. Object owner-defined security access
b. Certificates
c. Labels
d. Security classifications - ✔✔Object owner-defined security access
The CIA of security includes:
a. Confidentiality, integrity, authentication
b. Certificates, integrity, availability
c. Confidentiality, inspection, authentication
d. Confidentiality, integrity, availability - ✔✔Confidentiality, integrity, availability
Complete mediation is an approach to security that includes:
a. Protect systems and networks by using defense in depth
b. A security design that cannot be bypassed or circumvented
c. The use of interlocking rings of trust to ensure protection to data elements
d. The use of access control lists to enforce security rules - ✔✔A security design that cannot be bypassed
or circumvented (Complete Mediation)
The fundamental approach to security in which an object has only the necessary rights and privilege to
perform its task with no additional permissions is a description of:
a. Layered security
b. Least privilege
,c. Role-based security
d. Clark-Wilson model - ✔✔Least Privilege
Which access control technique relies on a set of rules to determine whether access to an object will be
granted or not?
a. role-based access control
b. Object and rule instantiate access control
c. Rule-based access control
d. Discretionary access control - ✔✔Rule-based access control
The security principle that ensures that no critical function can be executed by any single individual (by
dividing the function into multiple tasks that can't all be executed by the same individual) is know as:
a. Discretionary access control
b. Security through obscurity
c. Separation of duties
d. Implicit deny - ✔✔Separation of duties
The ability of a subject to interact with an object describes:
a. authentication
b. Access
c. Confidentiality
d. Mutual authentication - ✔✔Access
Open design places the focus of security efforts on:
a. Open-source software components
b. Hiding key elements (security through obscurity)
c. Proprietary algorithms
d. Producing a security mechanism in which its strength is independent of its design - ✔✔Producing a
security mechanism in which its strength is independent of its design
, The security principle of fail-safe is related to:
a. Session management
b. Exception management
c. Least privilege
d. Single point of failure - ✔✔Exception management
Using the principle of keeping things simple is related to:
a. Layered security
b. simple Security Rule
c. Economy of mechanism
d. Implementing least privilege for access control - ✔✔Economy of mechanism
Of the following, which is not a class of controls?
a. Physical
b. Informative
c. Technical
d. Administrative - ✔✔Informative
Log file analysis is a form of what type of control?
a. Preventive
b. Detective
c. Corrective
d. Compensating - ✔✔Detective
To calculate ALE, you need?
a. SLE, asset value
b. ARO, asset value
