CSSLP Exam Guide correctly answered latest 2023

CSSLP Exam Guide correctly answered latest 2023Which access control mechanism provides the owner of an object the opportunity to determine the access control permissions for other subjects? a. Mandatory b. Role-based c. Discretionary d. Token-based Discretionary The elements UDI and CDI are associated with which access control model? a. Mandatory access control b. Clark-Wilson c. Biba integrity d. Bell-LaPadula confidentiality Clark-Wilson The concept of separating elements of a system to prevent inadvertent information sharing is? a. Leverage existing components b. separation of duties c. weakest link d. least common mechanism Least Common Mechanism Which of the following is true about the Biba Integrity Model? a. No write up, no read down b. No read up, no write down c. It is described by the simple security rule d. It uses the high-water-mark principle No write up, no read down The concept of preventing a subject from denying a previous action with an object in a system is a description of? a. Simple security rule b. Non-repudiation c. Defense in depth d. Constrained data item (CDI) Non-repudiation What was described as being essential in order to implement discretionary access controls? a. Object owner-defined security access b. Certificates c. Labels d. Security classifications Object owner-defined security access The CIA of security includes: a. Confidentiality, integrity, authentication b. Certificates, integrity, availability c. Confidentiality, inspection, authentication d. Confidentiality, integrity, availability Confidentiality, integrity, availability Complete mediation is an approach to security that includes: a. Protect systems and networks by using defense in depth b. A security design that cannot be bypassed or circumvented c. The use of interlocking rings of trust to ensure protection to data elements d. The use of access control lists to enforce security rules A security design that cannot be bypassed or circumvented (Complete Mediation) The fundamental approach to security in which an object has only the necessary rights and privilege to perform its task with no additional permissions is a description of: a. Layered security b. Least privilege c. Role-based security d. Clark-Wilson model Least Privilege Which access control technique relies on a set of rules to determine whether access to an object will be granted or not? a. role-based access control b. Object and rule instantiate access control c. Rule-based access control d. Discretionary access control Rule-based access control The security principle that ensures that no critical function can be executed by any single individual (by dividing the function into multiple tasks that can't all be executed by the same individual) is know as: a. Discretionary access control b. Security through obscurity c. Separation of duties d. Implicit deny Separation of duties The ability of a subject to interact with an object describes: a. authentication b. Access c. Confidentiality d. Mutual authentication Access Open design places the focus of security efforts on: a. Open-source software components b. Hiding key elements (security through obscurity) c. Proprietary algorithms d. Producing a security mechanism in which its strength is independent of its design Producing a security mechanism in which its strength is independent of its design The security principle of fail-safe is related to: a. Session management b. Exception management c. Least privilege d. Single point of failure Exception management Using the principle of keeping things simple is related to: a. Layered security b. simple Security Rule c. Economy of mechanism d. Implementing least privilege for access control Economy of mechanism Of the following, which is not a class of controls? a. Physical b. Informative c. Technical d. Administrative Informative Log file analysis is a form of what type of control? a. Preventive b. Detective c. Corrective d. Compensating Detective To calculate ALE, you need? a. SLE, asset value b. ARO, asset value c. SLE, ARO d. Asset value, exposure factor SLE, ARO Risk that remains after the application of control is referred to as: a. Acceptable risk b. Business risk c. Systematic risk d. Residual risk Residual risk Calculate ALE for asset value = $1000, exposure factor = .75, ARO = 2 a. $1500 b. $15,000 c. $375 d. cannot be determined with additional information $1500 Single loss expectancy (SLE) can best be defined by which of the following equations? a. SLE = asset value * exposure factor b. SLE = asset value * annualized rate of occurrence (ALE) c. SLE = annualized loss expectancy (ALE) * annualized rate of occurrence (ARO) d. SLE = annualized loss expectancy (ALE) * exposure factor SLE = asset value * exposure factpr