Page 1529 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1529
Chapter 8: Principles of Security Models,
Design, and Capabilities
1. B. A system certification is a technical evaluation. Option A
describes system accreditation. Options C and D refer to
manufacturer standards, not implementation standards.
2. A. Accreditation is the formal acceptance process. Option B is not
an appropriate answer because it addresses manufacturer
standards. Options C and D are incorrect because there is no way
to prove that a configuration enforces a security policy, and
accreditation does not entail secure communication specification.
3. C. A closed system is one that uses largely proprietary or
unpublished protocols and standards. Options A and D do not
describe any particular systems, and Option B describes an open
system.
4. C. A constrained process is one that can access only certain
memory locations. Options A, B, and D do not describe a
constrained process.
5. A. An object is a resource a user or process wants to access. Option
A describes an access object.
6. D. A control limits access to an object to protect it from misuse by
unauthorized users.
7. B. The applications and systems at a specific, self-contained
location are evaluated for DITSCAP and NIACAP site accreditation.
8. C. TCSEC defines four major categories: Category A is verified
protection, Category B is mandatory protection, Category C is
discretionary protection, and Category D is minimal protection.
9. C. The TCB is the combination of hardware, software, and controls
that work together to enforce a security policy.
10. A, B. Although the most correct answer in the context of this
