Free Access to ISC.CSSLP.v2024-03-08.q123 with Valid Practice Test (Page 22)

Question 101

You work as a Security Manager for Tech Perfect Inc. You want to save all the data from the SQL injection attack, which can read sensitive data from the database and modify database data using some commands, such as Insert, Update, and Delete. Which of the following tasks will you perform? Each correct answer represents a complete solution. Choose three.

A.Apply maximum number of database permissions.
B.Use an encapsulated library for accessing databases.
C.Create parameterized stored procedures.
D.Create parameterized queries by using bound and typed parameters.

Question 102

Which of the following security models focuses on data confidentiality and controlled access to classified information?

A.Clark-Wilson model
B.Biba model
C.Take-Grant model
D.Bell-La Padula model

Correct Answer: D

The Bell-La Padula Model is a state machine model used for enforcing access control in government and military applications. The model is a formal state transition model of computer security policy that describes a set of access control rules which use security labels on objects and clearances for subjects. Security labels range from the most sensitive (e.g.,"Top Secret"), down to the least sensitive (e.g., "Unclassified" or "Public"). The Bell-La Padula model focuses on data confidentiality and controlled access to classified information, in contrast to the Biba Integrity Model which describes rules for the protection of data integrity. Answer B is incorrect. The Biba model is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity. The model is designed so that subjects may not corrupt data in a level ranked higher than the subject, or be corrupted by data from a lower level than the subject. Answer A is incorrect. The Clark-Wilson model provides a foundation for specifying and analyzing an integrity policy for a computing system. The model is primarily concerned with formalizing the notion of information integrity. Information integrity is maintained by preventing corruption of data items in a system due to either error or malicious intent. The model's enforcement and certification rules define data items and processes that provide the basis for an integrity policy. The core of the model is based on the notion of a transaction. Answer C is incorrect. The take-grant protection model is a formal model used in the field of computer security to establish or disprove the safety of a given computer system that follows specific rules. It shows that for specific systems the question of safety is decidable in linear time, which is in general undecidable. The model represents a system as directed graph, where vertices are either subjects or objects. The edges between them are labeled and the label indicates the rights that the source of the edge has over the destination. Two rights occur in every instance of the model: take and grant. They play a special role in the graph rewriting rules describing admissible changes of the graph.

Question 103

Stella works as a system engineer for BlueWell Inc. She wants to identify the performance thresholds of each build. Which of the following tests will help Stella to achieve her task?

A.Reliability test
B.Performance test
C.Regression test
D.Functional test

Question 104

Which of the following is an example of over-the-air (OTA) provisioning in digital rights management?

A.Use of shared secrets to initiate or rebuild trust.
B.Use of software to meet the deployment goals.
C.Use of concealment to avoid tampering attacks.
D.Use of device properties for unique identification.

Question 105

In which of the following processes are experienced personnel and software tools used to investigate, resolve, and handle process deviation, malformed data, infrastructure, or connectivity issues?

A.Risk Management
B.Exception management
C.Configuration Management
D.Change Management
E.Explanation:
Exception management is a process in which experienced personnel and software tools are used to investigate, resolve, and handle process deviation, malformed data, infrastructure or connectivity issues. It increases the efficiency of business processes and contributes in the progress of business.

Question 101

Question 102

Question 103

Question 104

Question 105

Download PDF File