CISSP - Einde dag 3

From a safety configuration viewpoint, the separation of duty concept is not enforced in which of the following?

In the Common Criteria, a Protection Profile:

In a ring protection system, where is the security kernel usually located?

You are a security consultant tasked with reviewing a company’s security model. The current model has the following characteristics:

– It establishes confidentiality such that people cannot read access classified at a higher level than their clearance.

– It forbids users with a specific clearance from writing data to a document with a lower clearance level.

You note that the current model does not account for somebody with a low clearance level from writing data to a document classified at a higher level than their clearance. You need to implement a model to mitigate this. Which of the following security tenets should the new model focus on?

You are documenting the attempted attacks on your organization’s IT systems. The top type of attack was injection attacks. Which definition should you use to describe an injection attack?

You are designing a public key infrastructure for your organization. The organization has issued the following requirements for the PKI:

– Maximize security of the PKI architecture

– Maximize the flexibility of the PKI architecture

You need to choose a PKI design to meet the requirements. Which design should you choose?