The standard of __________ states that a certain level of integrity and information protection levels will be maintained.
Correct Answer: B
Question 607
Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished:
Correct Answer: A
Section: Access Control Explanation/Reference: Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished through access control mechanisms that require identification and authentication and through the audit function. These controls must be in accordance with and accurately represent the organization's security policy. Assurance procedures ensure that the control mechanisms correctly implement the security policy for the entire life cycle of an information system. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33.
Question 608
_____________ states that users should only be given enough access to accomplish their jobs.
Correct Answer: B
Question 609
Which of the following access control models introduces user security clearance and data classification?
Correct Answer: D
Section: Access Control Explanation/Reference: The mandatory access control model is based on a security label system. Users are given a security clearance and data is classified. The classification is stored in the security labels of the resources. Classification labels specify the level of trust a user must have to access a certain file. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 4: Access Control (Page 154).
Question 610
What is the main problem of the renewal of a root CA certificate?
Correct Answer: B
Explanation/Reference: The main task here is the authentic distribution of the new root CA certificate as new trust anchor to all the PKI participants (e.g. the users). In some of the rollover-scenarios there is no automatic way, often explicit assignment of trust from each user is needed, which could be very costly. Other methods make use of the old root CA certificate for automatic trust establishment (see PKIX- reference), but these solutions works only well for scenarios with currently valid root CA certificates (and not for emergency cases e.g. compromise of the current root CA certificate). The rollover of the root CA certificate is a specific and delicate problem and therefore are often ignored during PKI deployment. Reference: Camphausen, I.; Petersen, H.; Stark, C.: Konzepte zum Root CA Zertifikatswechsel, conference Enterprise Security 2002, March 26-27, 2002, Paderborn; RFC 2459 : Internet X.509 Public Key Infrastructure Certificate and CRL Profile.
