SANS GICSP Exam 2026 Questions and
Answers
Access Control Models - Correct answer-Information Flow
Non Interference
Confidentiality of Stored Information
- Bell-LaPadula (Mandatory Access Control)
- Access Matrix (Read, Write or Execute or R/W/X)
- Take-Grant (Rights = Create, Revoke, Take and Grant
Integrity of Stored Information
- Biba Integrity Model (Bell-LaPadula upside down)
- Clark-Wilson
©COPYRIGHT 2025, ALL RIGHTS RESERVED 1
,Mandatory Access Control (MAC) - Correct answer-Permissions to objects are
managed centrally by an administrator. Is an access policy determined by the
system, rather than by the owner. Organizations use this in multilevel systems that
process highly sensitive data such as classified govt or military.
Examples: 1) Rule-based, 2) Lattice Model
Discretionary Access Control (DAC) - Correct answer-Is an access policy
determined by the owner of a file (or other resource). The owner decides who's
allowed access to a file and what privileges they have.
Role Based Access Control (RBAC) - Correct answer-A method of implementing
discretionary access controls in which access decisions are based on group
membership, according to organization or functional roles.
LDAP - Lightweight Directory Access Protocol - Correct answer-An Internet
Protocol (IP) and data storage model that supports authentication and directory
functions. It is a remote access authentication protocol. Vendors = Microsoft Active
Directory, CA eTrust Directory, Apache Directory Server, Novell eDirectory, IBM
SecureWay and Tivoli Directory Server, Sun Directlry Server. OpenLDAP and
tinyldap open source versions.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 2
,User Account - Correct answer-Allows a user to authenticate to system services
and be granted authorization to access them; however, authentication does not
imply authorization.
Service Account - Correct answer-Is an account that a service on your computer
uses to run under and access resources. This should not be a user's personal
account. Can also be an account that is used for a scheduled task (e.g., batch job
account) or an account that is used in a script that is run outside of a specific user's
context. (Ref GIAC White Paper)
Default Account - Correct answer-System login account predefined in a
manufactured system to permit initial access when system is first put into service.
(pciscanner)
Guest Account - Correct answer-For users who don't have a permanent account on
your computer or domain. It allows people to use your computer without having
access to personal files. Per MSFT cannot install software or hardware, change
settings, or create a password. (MSFT)
Account expiration - Correct answer-A time limit that is applied to the life of an
account, so that it can be used only for a predetermined period of time. (MSFT)
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3
, Access Control List (ACL) - Correct answer-List of subjects (including groups,
machines, processes*) that are authorized to access a particular object. Typically,
the types of access are read, write, execute, append, modify, delete and create.
(Harris) (*NIST)
Access Reconciliation - Correct answer-The action of making accounts consistent.
A process used to compare two sets of records to ensure the data are in agreement
and are accurate.
Configuration Control - Correct answer-Process of controlling modifications to
hardware, firmware, software and documentation to protect the information system
against improper modification prior to, during, and after system implementation.
(NIST)
Baseline Configuration - Correct answer-A set of specifications for a system that
has been formally reviewed and agreed on at a given point in time, and which can
be changed only through change control procedures. Used as a basis for future
builds, releases, and/or changes. (NIST)
Baseline - Correct answer-A process that identifies a consistent basis for an
organization's security architecture, taking into account system-specific
parameters, such as different operating systems. (Dummies)
©COPYRIGHT 2025, ALL RIGHTS RESERVED 4
Answers
Access Control Models - Correct answer-Information Flow
Non Interference
Confidentiality of Stored Information
- Bell-LaPadula (Mandatory Access Control)
- Access Matrix (Read, Write or Execute or R/W/X)
- Take-Grant (Rights = Create, Revoke, Take and Grant
Integrity of Stored Information
- Biba Integrity Model (Bell-LaPadula upside down)
- Clark-Wilson
©COPYRIGHT 2025, ALL RIGHTS RESERVED 1
,Mandatory Access Control (MAC) - Correct answer-Permissions to objects are
managed centrally by an administrator. Is an access policy determined by the
system, rather than by the owner. Organizations use this in multilevel systems that
process highly sensitive data such as classified govt or military.
Examples: 1) Rule-based, 2) Lattice Model
Discretionary Access Control (DAC) - Correct answer-Is an access policy
determined by the owner of a file (or other resource). The owner decides who's
allowed access to a file and what privileges they have.
Role Based Access Control (RBAC) - Correct answer-A method of implementing
discretionary access controls in which access decisions are based on group
membership, according to organization or functional roles.
LDAP - Lightweight Directory Access Protocol - Correct answer-An Internet
Protocol (IP) and data storage model that supports authentication and directory
functions. It is a remote access authentication protocol. Vendors = Microsoft Active
Directory, CA eTrust Directory, Apache Directory Server, Novell eDirectory, IBM
SecureWay and Tivoli Directory Server, Sun Directlry Server. OpenLDAP and
tinyldap open source versions.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 2
,User Account - Correct answer-Allows a user to authenticate to system services
and be granted authorization to access them; however, authentication does not
imply authorization.
Service Account - Correct answer-Is an account that a service on your computer
uses to run under and access resources. This should not be a user's personal
account. Can also be an account that is used for a scheduled task (e.g., batch job
account) or an account that is used in a script that is run outside of a specific user's
context. (Ref GIAC White Paper)
Default Account - Correct answer-System login account predefined in a
manufactured system to permit initial access when system is first put into service.
(pciscanner)
Guest Account - Correct answer-For users who don't have a permanent account on
your computer or domain. It allows people to use your computer without having
access to personal files. Per MSFT cannot install software or hardware, change
settings, or create a password. (MSFT)
Account expiration - Correct answer-A time limit that is applied to the life of an
account, so that it can be used only for a predetermined period of time. (MSFT)
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3
, Access Control List (ACL) - Correct answer-List of subjects (including groups,
machines, processes*) that are authorized to access a particular object. Typically,
the types of access are read, write, execute, append, modify, delete and create.
(Harris) (*NIST)
Access Reconciliation - Correct answer-The action of making accounts consistent.
A process used to compare two sets of records to ensure the data are in agreement
and are accurate.
Configuration Control - Correct answer-Process of controlling modifications to
hardware, firmware, software and documentation to protect the information system
against improper modification prior to, during, and after system implementation.
(NIST)
Baseline Configuration - Correct answer-A set of specifications for a system that
has been formally reviewed and agreed on at a given point in time, and which can
be changed only through change control procedures. Used as a basis for future
builds, releases, and/or changes. (NIST)
Baseline - Correct answer-A process that identifies a consistent basis for an
organization's security architecture, taking into account system-specific
parameters, such as different operating systems. (Dummies)
©COPYRIGHT 2025, ALL RIGHTS RESERVED 4
