Читаем CISSP Practice полностью

72. a. The Chinese Wall policy is used where company sensitive information (i.e., confidentiality) is divided into mutually disjointed conflict-of-interest categories. The Biba model focuses on integrity. Availability, assurance, and integrity are other components of security principles that are not relevant to the Chinese Wall policy.

73. From an access control point of view, which of the following maintains consistency between the internal data and users’ expectations of that data?

a. Security policy

b. Workflow policy

c. Access control policy

d. Chinese Wall policy

73. b. The goal of workflow policy is to maintain consistency between the internal data and external (users’) expectations of that data. This is because the workflow is a process, consisting of tasks, documents, and data. The Chinese Wall policy deals with dividing sensitive data into separate categories. The security policy and the access control policy are too general to be of any importance here.

74. From an access control point of view, separation of duty is not related to which of the following?

a. Safety

b. Reliability

c. Fraud

d. Security

74. b. Computer systems must be designed and developed with security and safety in mind because unsecure and unsafe systems can cause injury to people and damage to assets (e.g., military and airline systems). With separation of duty (SOD), fraud can be minimized when sensitive tasks are separated from each other (e.g., signing a check from requesting a check). Reliability is more of an engineering term in that a computer system is expected to perform with the required precision on a consistent basis. On the other hand, SOD deals with people and their work-related actions, which are not precise and consistent.

75. Which of the following statements are true about access controls, safety, trust, and separation of duty?

1. No leakage of access permissions are allowed to an unauthorized principal.

2. No access privileges can be escalated to an unauthorized principal.

3. No principals’ trust means no safety.

4. No separation of duty means no safety.

a. 1 only

b. 2 only

c. 1, 2, and 3

d. 1, 2, 3, and 4

75. d. If complete trust by a principal is not practical, there is a possibility of a safety violation. The separation of duty concept is used to enforce safety and security in some access control models. In an event where there are many users (subjects), objects, and relations between subjects and objects, safety needs to be carefully considered.

76. From a safety configuration viewpoint, the separation of duty concept is not enforced in which of the following?

a. Mandatory access control policy

b. Bell-LaPadula access control model

c. Access control matrix model

d. Domain type enforcement access control model

76. c. The separation of duty concept is not enforced by the access control matrix model because it is not safety configured and is based on an arbitrary constraint. The other three choices use restricted access control models with access constraints that describe the safety requirements of any configuration.

77. Which of the following statements are true about access controls and safety?

1. More complex safety policies need more flexible access controls.

2. Adding flexibility to restricted access control models increases safety problems.

3. A trade-off exists between the expressive power of an access control model and the ease of safety enforcement.

4. In the implicit access constraints model, safety enforcement is relatively easier than in the arbitrary constraints model.

a. 1 and 3

b. 2 and 3

c. 3 and 4

d. 1, 2, 3, and 4

77. d. In general, access control policy expression models, such as role-based and access control matrix models, operate on arbitrary constraints and safety enforcement is difficult. In implicit (restricted) access constraints models (e.g., Bell-LaPadula), the safety enforcement is attainable.

78. The purpose of static separation of duty is to address problems, such as static exclusivity and the assurance principle. Which of the following refers to the static exclusivity problem?

1. To reduce the likelihood of fraud.

2. To prevent the loss of user objectivity.