New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 ISSMP Exam - Topic 1 Question 77 Discussion

Actual exam question for ISC2's ISSMP exam
Question #: 77
Topic #: 1
[All ISSMP Questions]

Which of the following statements about the availability concept of Information security management is true?

Show Suggested Answer Hide Answer
Suggested Answer: B, D

The Biba model is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity. The model is designed so that subjects may not corrupt data in a level ranked higher than the subject, or be corrupted by data from a lower level than the subject.

The Clark-Wilson security model provides a foundation for specifying and analyzing an integrity policy for a computing system.

Answer option C is incorrect. The Bell-LaPadula access control model is mainly used in military systems.

Answer option A is incorrect. There is no such access control model as Clark-Biba.


by Virgie at Dec 22, 2023, 08:12 PM

Limited Time Offer

25%

Off

Get Premium ISSMP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Kirk
3 months ago
Wait, is D really a thing? Sounds confusing!
upvoted 0 times
...
Jamey
3 months ago
Totally agree with B, reliability is crucial!
upvoted 0 times
...
Maia
3 months ago
A is way too narrow, it’s about the whole system.
upvoted 0 times
...
Brittni
4 months ago
I’m not so sure about C, sounds off.
upvoted 0 times
...
Kimbery
4 months ago
B is definitely true, access is key!
upvoted 0 times
...
Caitlin
4 months ago
D sounds familiar, but I think it relates more to integrity rather than availability. I might go with B after all.
upvoted 0 times
...
Francisca
4 months ago
I feel like A is definitely wrong since it talks about individual actions, which doesn't really fit the concept of availability.
upvoted 0 times
...
Julio
4 months ago
I'm not entirely sure, but I remember something about availability being linked to uptime and access, which makes me lean towards B as well.
upvoted 0 times
...
Sonia
5 months ago
I think availability is about making sure we can access resources when we need them, so maybe B is the right choice?
upvoted 0 times
...
Freeman
5 months ago
Availability is all about making sure authorized users can access the resources they need when they need them. Based on that, I'm pretty confident option B is the correct answer here. I'll mark that one down.
upvoted 0 times
...
Val
5 months ago
Okay, let's see. Availability is about ensuring resources are accessible when needed, so I think option B is the best answer here. I'll go with that unless I can come up with a better understanding.
upvoted 0 times
...
Sharee
5 months ago
Hmm, I'm a bit unsure about this one. The availability concept seems to be about ensuring reliable and timely access to resources, but I'm not sure if that's the only correct statement. I'll have to think this through carefully.
upvoted 0 times
...
Tesha
5 months ago
This looks like a straightforward question on the availability concept in information security. I think I've got a good handle on this, so I'll go with option B.
upvoted 0 times
...
Leslee
5 months ago
I'm a little confused by this question. The options seem to be talking about different security concepts like confidentiality and integrity, not just availability. I'll have to review my notes to make sure I understand the nuances of each concept before answering.
upvoted 0 times
...
Kristin
5 months ago
Hmm, this is a trickier one. I'm a bit confused about why Data Loader wouldn't work for a custom object. Isn't that one of the main use cases? And the profile access thing seems like it could be a red herring. I'll need to really think through the logic here and not jump to conclusions. Gotta be careful on these exam questions.
upvoted 0 times
...
Sherrell
5 months ago
Okay, I've got this! Ad-hoc Testing is the right answer. It's the type of testing that's done spontaneously during Exploratory Testing, without any formal test cases or documentation.
upvoted 0 times
...
Laura
5 months ago
Hmm, I'm a bit unsure about this one. There are a lot of options, and I want to make sure I choose the right ones. I'll need to think it through carefully.
upvoted 0 times
...
Haley
10 months ago
I'm just going to choose C and hope the exam grader has a sense of humor. After all, unauthorized modifications by authorized personnel is just called 'Monday'.
upvoted 0 times
Elin
9 months ago
User 3: I'm just going to choose C and hope for the best.
upvoted 0 times
...
Christiane
9 months ago
User 2: I'm going with D, unauthorized modifications by unauthorized personnel sounds serious.
upvoted 0 times
...
Mammie
10 months ago
User 1: I think B is the correct answer.
upvoted 0 times
...
...
Denna
10 months ago
Easy peasy, B is the correct answer. Availability is like having the key to the castle, you gotta be able to get in when you need to!
upvoted 0 times
...
Jame
10 months ago
I'm not sure, but I think C) It ensures that unauthorized modifications are not made to data by authorized personnel or processes, could also be correct.
upvoted 0 times
...
Candida
10 months ago
I agree with Linsey, because availability is all about making sure resources are accessible when needed.
upvoted 0 times
...
Ailene
10 months ago
Hmm, I was about to choose C, but then I remembered that's more about integrity. B is the way to go, it's all about keeping the resources accessible.
upvoted 0 times
Jean
9 months ago
I agree, it's all about ensuring reliable and timely access to resources.
upvoted 0 times
...
Donette
10 months ago
I agree, it's all about ensuring reliable and timely access to resources.
upvoted 0 times
...
Polly
10 months ago
I think B is the correct option.
upvoted 0 times
...
Brett
10 months ago
I think B is the correct option.
upvoted 0 times
...
...
Linsey
10 months ago
I think the answer is B) It ensures reliable and timely access to resources.
upvoted 0 times
...
Gearldine
10 months ago
I'm torn between B and D, but I think D makes more sense. Availability is about preventing unauthorized modifications, not authorized ones.
upvoted 0 times
...
Cammy
10 months ago
I'm not sure, but I think C) It ensures that unauthorized modifications are not made to data by authorized personnel or processes could also be correct.
upvoted 0 times
...
Melvin
11 months ago
B) Ensuring reliable and timely access to resources is the essence of availability in information security. This is a no-brainer!
upvoted 0 times
Justine
9 months ago
D) It ensures that modifications are not made to data by unauthorized personnel or processes.
upvoted 0 times
...
Quentin
9 months ago
C) It ensures that unauthorized modifications are not made to data by authorized personnel or processes.
upvoted 0 times
...
Joanna
10 months ago
B) It ensures reliable and timely access to resources.
upvoted 0 times
...
Willard
10 months ago
A) It determines actions and behaviors of a single individual within a system.
upvoted 0 times
...
...
Rickie
11 months ago
I agree with Stefan, because availability is all about making sure the resources are accessible when needed.
upvoted 0 times
...
Stefan
11 months ago
I think the answer is B) It ensures reliable and timely access to resources.
upvoted 0 times
...

Save Cancel