In a multilevel security system (MLS), the Pump is:
Correct Answer: A
The Pump (M.h. Kang, I.S. Moskowitz, APump for Rapid, Reliable, Secure Communications, The 1st ACM Conference on Computer and Communications Security, Fairfax, VA, 1993) was developed at the US Naval Research Laboratory (NRL). It permits information flow in one direction only, from a lower level of security classification or sensitivity to a higher level. It is a convenient approach to multilevel security in that it can be used to put together systems with different security levels. * Answer "A two-way information flow device" is a distracter. * Answer "Compartmented Mode Workstation (CMW)", the CMW, refers to windows-based workstations that require users to work with information at different classification levels. Thus, users may work with multiple windows with different classification levels on their workstations. When data is attempted to be moved from one window to another, mandatory access control policies are enforced. This prevents information of a higher classification from being deposited to a location of lower classification. * Answer "A device that implements role-based access control", role-based access control, is an access control mechanism and is now being considered for mandatory access control based on users' roles in their organizations.
Question 102
Which choice below is an incorrect description of a control?
Correct Answer: B
Controls are the countermeasures for vulnerabilities. There are many kinds, but generally they are categorized into four types: Deterrent controls reduce the likelihood of a deliberate attack. Preventative controls protect vulnerabilities and make an attack unsuccessful or reduce its impact. Preventative controls inhibit attempts to violate security policy. Corrective controls reduce the effect of an attack. Detective controls discover attacks and trigger preventative or corrective controls. Detective controls warn of violations or attempted violations of security policy and include such controls as audit trails, intrusion detection methods, and checksums. Source: Introduction to Risk Analysis, "Corrective controls reduce the effect of an attack" & "Detective controls discover attacks and trigger preventative or corrective controls" Security Risk Analysis Group and NIST Special Publication 800-30, Risk Management Guide for Information Technology Systems.
Question 103
Which port does the Post Office Protocol Version 3 (POP3) make use of?
Correct Answer: A
The other answers are not correct because of the following protocol/port numbers matrix: Post Office Protocol (POP2) 109 Network News Transfer Protocol 119 NetBIOS 139
Question 104
The Data Encryption Standard (DES) encryption algorithm has which of the following characteristics?
Correct Answer: C
Explanation/Reference: Explanation: DES is a symmetric block encryption algorithm. When 64-bit blocks of plaintext go in, 64-bit blocks of ciphertext come out. It is also a symmetric algorithm, meaning the same key is used for encryption and decryption. It uses a 64-bit key: 56 bits make up the true key, and 8 bits are used for parity. When the DES algorithm is applied to data, it divides the message into blocks and operates on them one at a time. The blocks are put through 16 rounds of transposition and substitution functions. The order and type of transposition and substitution functions depend on the value of the key used with the algorithm. The result is 64-bit blocks of ciphertext Incorrect Answers: A: When 64-bit blocks of plaintext go in, 64-bit blocks of encrypted data come out. B: DES uses a 64-bit key (not 128-bit): 56 bits make up the true key, and 8 bits are used for parity. D: DES uses 64-bit blocks, not 56-bit. References: Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 801
Question 105
Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee's salary?