Effective CISSP Questions

Which of the following is the most crucial element used in the mandatory access control? (Wentz QOTD)
A. Access control matrix
B. Capability table
C. Access control list
D. Security clearance

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Security clearance.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

Security Kernel
Security Kernel

A picture is worth a thousand words. The Access Control Matrix can be treated as the logical “repository” of authorization data (rights and permissions), composed of access control lists from the object’s perspective and capability tables from the subject’s perspective. It reflects the owner’s discretion at authorization. However, not every system implements a full construct of the access control matrix. For example, Microsoft’s Printer, Shared Folders, and NTFS permissions are ACL-based.

On the contrary, a mandatory access control mechanism typically relies on matching “labels,” aka lattice-based. After being classified, a resource or object is marked for identification and labeled for access control in a trusted computer system. A user or subject is granted a security clearance after a formal background check or investigation. The security clearance is transformed to a label in a trusted computing system so that labels of subjects and objects can be matched for authorization.

Security Clearance

Security clearance or clearance is “a formal security determination by an authorized adjudicative office that an individual is authorized access, on a need to know basis, to a specific level of classified information (TOP SECRET, SECRET, or CONFIDENTIAL).” (NIST Glossary)


以下哪個是強制訪問控制(MAC)中使用的最關鍵的元素? (Wentz QOTD)
A. 訪問控制矩陣
B. 能力表
C. 訪問控制列表
D. 安全許可

1 thought on “CISSP PRACTICE QUESTIONS – 20210713

  1. Pingback: 強制訪問控制(MAC)- 安全許可(Security clearance) – Choson資安大小事

Leave a Reply