Question Details

An information system has multiple levels of security implemented






1. The owners of files and directories on a file server are able to control
which personnel may access those files and directories. The access control
model that most closely resembles this is:
a. Role-based access control (RBAC)
b. Mandatory access control (MAC)
c. Discretionary access control (DAC)
d. Multilevel access


2. A resource server contains an access control system. When a user
requests access to an object, the system examines the permission settings
for the object and the permission settings for the user, and then makes a
decision whether the user may access the object. The access control model
that most closely resembles this is:
a. Mandatory access control (MAC)
b. Discretionary access control (DAC)
c. Non-interference
d. Role based access control (RBAC)


3. A security manager is setting up resource permissions in an application.
The security manager has discovered that he can establish objects that
contain access permissions, and then assign individual users to those
objects. The access control model that most closely resembles this is:
a. Access matrix
b. Mandatory access control (MAC)
c. Discretionary access control (DAC)
d. Role based access control (RBAC)


4. An information system has multiple levels of security implemented, for
both resources as well as users. In this system, a user cannot access
resources below his level, and a user cannot create resources above his
level. The access control model that most closely resembles this is:
a. Access matrix
b. Clark-Wilson
c. Biba
d. Bell-LaPadula


5. A security analyst has a system evaluation criteria manual called the
“Orange Book”. This is a part of:
a. Common Criteria
b. Trusted Computer Security Evaluation Criteria (TCSEC)
c. Information Technology Security Evaluation Criteria (ITSEC)
d. ISO 15408




Computer Science Assignment Help, Computer Science Homework help, Computer Science Study Help, Computer Science Course Help