New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 CSSLP Exam - Topic 2 Question 84 Discussion

Actual exam question for ISC2's CSSLP exam
Question #: 84
Topic #: 2
[All CSSLP Questions]

Which of the following access control models uses a predefined set of access privileges for an object of a system?

Show Suggested Answer Hide Answer
Suggested Answer: B

The Chinese Wall Model is the basic security model developed by Brewer and Nash. This model prevents information flow that may cause a

conflict of interest in an organization representing competing clients. The Chinese Wall Model provides both privacy and integrity for data.

Answer D is incorrect. The Biba model is a formal state transition system of computer security policy that describes a set of access

control rules designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity. The model is designed so that

subjects may not corrupt data in a level ranked higher than the subject, or be corrupted by data from a lower level than the subject.

Answer C is incorrect. The Clark-Wilson model provides a foundation for specifying and analyzing an integrity policy for a computing

system. The model is primarily concerned with formalizing the notion of information integrity. Information integrity is maintained by preventing

corruption of data items in a system due to either error or malicious intent.

The model's enforcement and certification rules define data items and processes that provide the basis for an integrity policy. The core of the

model is based on the notion of a transaction.

Answer A is incorrect. The Bell-La Padula Model is a state machine model used for enforcing access control in government and military

applications. The model is a formal state transition model of computer security policy that describes a set of access control rules which use

security labels on objects and clearances for subjects. Security labels range from the most sensitive (e.g.,'Top Secret'), down to the least

sensitive (e.g., 'Unclassified' or 'Public').

The Bell-La Padula model focuses on data confidentiality and controlled access to classified information, in contrast to the Biba Integrity Model

which describes rules for the protection of data integrity.


by Leontine at Apr 24, 2024, 05:47 PM

Limited Time Offer

25%

Off

Get Premium CSSLP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Gilma
3 months ago
I agree with D, it makes the most sense for predefined privileges.
upvoted 0 times
...
Melina
3 months ago
Wait, is Policy Access Control even a real thing?
upvoted 0 times
...
Nickole
3 months ago
No way, it's actually B, Discretionary Access Control!
upvoted 0 times
...
Eladia
4 months ago
I thought it was A, Role-Based Access Control.
upvoted 0 times
...
Sherell
4 months ago
Definitely D, Mandatory Access Control is the one!
upvoted 0 times
...
Nieves
4 months ago
I'm confused between Role-Based and Mandatory Access Control. They both seem to involve predefined roles, but I can't recall the specifics.
upvoted 0 times
...
Jules
4 months ago
I feel like I saw a similar question about access control models in practice exams. I think it was about Mandatory Access Control having strict rules.
upvoted 0 times
...
Latrice
4 months ago
I remember studying Discretionary Access Control, but it seems more flexible than predefined. Could it be Mandatory Access Control instead?
upvoted 0 times
...
Val
5 months ago
I think Role-Based Access Control is the one that uses predefined access privileges, but I'm not entirely sure.
upvoted 0 times
...
Annamae
5 months ago
I'm a bit confused on the differences between these models. Maybe I should review my notes before answering.
upvoted 0 times
...
Roosevelt
5 months ago
I remember learning about these access control models in class. I think the key is to focus on the "predefined set of access privileges" part of the question.
upvoted 0 times
...
Melvin
5 months ago
Okay, let me break this down. I know that Mandatory Access Control uses a predefined set of access privileges, so that's probably the answer.
upvoted 0 times
...
Glen
5 months ago
Hmm, I'm not entirely sure about this one. I'll have to think it through carefully before answering.
upvoted 0 times
...
Georgiana
5 months ago
This one seems straightforward. I'm pretty confident that the answer is Role-Based Access Control.
upvoted 0 times
...
Herminia
5 months ago
This is a tricky one, but I'm going to go with Mandatory Access Control. That seems to fit the description of a predefined set of access privileges.
upvoted 0 times
...
Percy
5 months ago
I'm not totally sure, but I think Role-Based Access Control sounds like the right answer since it uses predefined roles and permissions.
upvoted 0 times
...
Royal
5 months ago
Okay, I remember learning about these in class. I think the key is to focus on the "predefined set of access privileges" part of the question.
upvoted 0 times
...
Beata
5 months ago
Hmm, I'm a bit unsure about the differences between these access control models. Let me think this through carefully.
upvoted 0 times
...
Hyman
5 months ago
This looks like a straightforward access control question. I'm pretty confident I can identify the correct model here.
upvoted 0 times
...
Felicitas
5 months ago
I'm a bit confused by the options here. Creating a service account key and adding it to the pipeline or repo doesn't sound very secure to me. I think I'll need to look into the Workload Identity and Kubernetes Engine options more to understand the differences. Gotta make sure I get this right.
upvoted 0 times
...
Tora
5 months ago
This is a good test question. Focusing on the key details about how each virus type behaves will be important to select the right answer here.
upvoted 0 times
...
Marisha
5 months ago
I wonder if the answer is just 'stdout_lines' since it might show all lines including the header?
upvoted 0 times
...
Kent
5 months ago
This seems pretty straightforward. The question is asking what setting Selena would need to change to improve network security, and the answer is clearly the SSID, or wireless network name.
upvoted 0 times
...
Reena
10 months ago
Wait, there's a difference between Role-Based and Mandatory Access Control? *scratches head* I'm just going to pick whatever option has the most words in it. Sounds legit.
upvoted 0 times
Wenona
8 months ago
Got it, thanks for the clarification!
upvoted 0 times
...
Dottie
8 months ago
Exactly, it's like having strict rules in place for access.
upvoted 0 times
...
Melita
8 months ago
Yeah, that makes sense. It's all about predefined access privileges.
upvoted 0 times
...
Iluminada
8 months ago
I think it's D) Mandatory Access Control.
upvoted 0 times
...
Joaquin
9 months ago
D) Mandatory Access Control
upvoted 0 times
...
Daniela
9 months ago
C) Policy Access Control
upvoted 0 times
...
Buddy
9 months ago
B) Discretionary Access Control
upvoted 0 times
...
Colton
10 months ago
A) Role-Based Access Control
upvoted 0 times
...
...
Kimberely
10 months ago
Jokes on you, the answer is obviously C - Policy Access Control. I mean, who even uses Discretionary Access Control these days? That's so 90s.
upvoted 0 times
Margot
10 months ago
I disagree, D) Mandatory Access Control is the most secure choice.
upvoted 0 times
...
Verda
10 months ago
I think A) Role-Based Access Control is the best option.
upvoted 0 times
...
...
Nan
10 months ago
I'm torn between B and D, but I think Mandatory Access Control (Option D) is the way to go here. Can't go wrong with that good ol' government-style security, right?
upvoted 0 times
...
Beatriz
10 months ago
That makes sense, I see your point. Thanks for clarifying!
upvoted 0 times
...
Genevieve
11 months ago
I disagree, I believe it's D) Mandatory Access Control because it enforces access control based on security labels.
upvoted 0 times
...
Mitzie
11 months ago
Hmm, this seems like a classic access control question. I'm going to go with Option A - Role-Based Access Control. It just makes the most sense in terms of predefined privileges for objects.
upvoted 0 times
Ona
9 months ago
No, I think it's Option B - Discretionary Access Control.
upvoted 0 times
...
Selma
9 months ago
I'm not sure, but I think it might be Option D - Mandatory Access Control.
upvoted 0 times
...
Keshia
9 months ago
I agree, Role-Based Access Control does use predefined access privileges.
upvoted 0 times
...
Benedict
10 months ago
I think Option A - Role-Based Access Control is the correct choice.
upvoted 0 times
...
...
Beatriz
11 months ago
I think the answer is A) Role-Based Access Control.
upvoted 0 times
...

Save Cancel