223 the tcsec document is known as the orange book

Info icon This preview shows pages 6–10. Sign up to view the full content.

View Full Document Right Arrow Icon
223 The TCSEC document is known as the Orange Book because
Image of page 6

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
A. It’s orange in color. B. It covers the major classes of computing system security, D through A. C. Its coverage of security was likened to the defoliant Agent Orange. D. No adequate model of computing system security was available at the time. Answer: A See Chapter 12. The Orange Book was one of several books in the Rainbow Series, each describing various levels and contexts of computer security, and each with its own unique color. 224 A chart of capabilities and subjects is known as a(n) A. Protection ring B. Chart of accounts C. Access control list D. Access matrix Answer: D See Chapter 12. An access matrix is used to map subjects to capabilities. 225 The model that assigns classification levels to materials and to individuals to determine who can view materials based upon their classification is known as A. The DoD multilevel security model B. The Bell-LaPadula model C. The Clark-Wilson model D. The information flow model Answer: B See Chapter 12. The Bell-LaPadula model is used to control access to materials based on those materials' classifications and the classification of the individual who wants to view them. 226 The model that incorporates constrained data items and procedures for verifying and changing integrity states is known as A. The Bell-LaPadula integrity model B. The Clark-Wilson integrity model C. The Wilson-Phillips integrity model D. The information flow model Answer: B See Chapter 12. Clark-Wilson starts with a constrained data item (CDI), confirms integrity state by using the integrity verification
Image of page 7
procedure (IVP), and changes integrity state by using the transformation procedure (TP). 227 The Bell-LaPadula model is an example of A. An accreditation model B. A Take-Grant model C. An integrity model D. An access-control model Answer: D See Chapter 12. Some access control models are Bell-LaPadula, Take-Grant, and access matrix. 228 Information flow models are used to A. Understand where information is flowing in a system. B. Ensure that information can flow only in directions permitted by security policy. C. Ensure that information can flow only from high to low integrity levels. D. Verify that information is properly classified. Answer: B See Chapter 12. Information flow models are used to ensure that information flows in conformance to security policy. 229 The Biba integrity model is A. An extension of the Bell-LaPadula access-control model B. A modern version of the Clark-Wilson integrity model C. The private industry version of the Clark-Wilson integrity model D. The de facto standard for modeling information flow Answer: A See Chapter 12. The Biba integrity model extends the Bell-LaPadula access-control model into the integrity domain. 230 An evaluation of security features in an information system against a set of security requirements is known as a(n) A. Protection B. Certification C. Accreditation D. Verification Answer: B See Chapter 12. A certification is the evaluation of security features according to a set of security requirements.
Image of page 8

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
231 A declaration that an information system is approved for a particular function is known as a(n) A. Protection B. Certification C. Accreditation D. Verification Answer: C See Chapter 12. An accreditation is a formal declaration of approval
Image of page 9
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern