Effective CISSP Questions

Attribute-Based Access Control (ABAC) is a logical access control model that is distinguishable because it controls access to objects by evaluating rules against the attributes of the entity’s actions relevant to a request. Which of the following is not a source of attributes used in ABAC? (Wentz QOTD)
A. Security kernel
B. Environment
C. The active party of the request
D. The resource accessed by the subject

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is A. Security kernel.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

XACML is an ideal candidate to support the implementation of attribute-Based Access Control (ABAC). The Policy Decision Point (PDP) of XACML typically makes authorization decisions based on attributes of subjects, objects, and the environment. In a trusted computer system, the security kernel can be treated as the implementation of PDP.

Entity, Attribute, and Identity
Entity, Attribute, and Identity
Sample XACML Implementation
Sample XACML Implementation
TCB Access Control
TCB Access Control


基於屬性的訪問控制 (ABAC) 是一種可區分的邏輯訪問控制模型,因為它通過針對與請求相關的實體操作的屬性評估規則來控制對對象的訪問。 以下哪一項不是 ABAC 中使用的屬性的來源? (Wentz QOTD)
A. 安全內核
B. 環境
C. 請求的主動方
D. 主體訪問的資源

Leave a Reply