CCT 037: CISSP Exam Questions (Domain 3)
May 18, 2023CCT 037 - RCR 134 - CISSP Exam Questions (D3)
[00:00:00] Welcome to the C I S P Cyber Training Podcast, where we provide you the training and tools you need to pass the C I S P exam the first time. Hi, my name is Sean Gerber and I'm your host for this action packed informative podcast. Join me each week as I provide the information you need to pass the C I S P exam and grow your cybersecurity knowledge.
Alright, let's get started.
Hey Ellis, Sean Gerber again with C I SS P Cyber Training Podcast and we are going to be talking. The extreme C I S P exam questions. Awesome. So if you'd like to hear exam questions, you are going to love this. So one of the questions we're gonna get into is, we talked about our podcast on Monday, was around the security models.
So as we're talking security models, today is going to be the security model. Question program of the day and you're gonna be awesome. And we, as we mentioned before on Monday, one of the key PA [00:01:00] aspects as we've talked about the various models, was the Bell LA model, the Biba model, the Clark Wilson model and the Brewer Cap Theorem or yeah, framework.
And we also talked about the David Clark not the boy band, but David Clark, the folks that are actually having the. Piece of this? No, Dave, it's David Clark is the two guys. It was David and Clark. Yeah, I think that's what it was. I don't know, but anyway, we'll move on. No, the Clark Wilson. Yes. Not the both names were David.
It was David Clark and David Wilson. So it's not David Clark. It's Clark Wilson. Sorry. All right, moving on. I digress. The a d kicked in and I got a funny squirrel and just made me go down the wrong where I'm at. Hole. All right, so when we're gonna get into. These questions, and we mentioned before you you're gonna need to understand the various models and you're gonna need to understand how they're used because you're gonna get asked questions that could be very challenging in this space and you're gonna need to understand what exactly are they talking about.
Now, these questions that I'm gonna be giving you, you can get all these questions that [00:02:00] C I SS P cyber training. I keep updating these questions. Pretty much weekly. Trying to get 'em all done as much as I can between working as a CSO and a full-time gig with a very large multinational to raising all my kids.
I got a wedding coming up in June. So as the recording of this is May 12th, 23. I have a wedding coming up at about. Two weeks. And I've got graduations from high school and then my wife has a Kona ice shaved ice franchise. So I, we've gotta do that. So between that recording podcast, working the C I S P business, I'm a busy guy.
And as I'm recording this, it is five 30 in the morning central time and I get up usually about four 30. So not that you guys care, but that's when I get find time to do all this. Okay. So we're gonna get into, The security models. So question number one, again, focused on domain three. These are security models.
In domain three, which security model focuses on confidentiality and enforces the no read up, no write down principles. So like we talked [00:03:00] about last or last week, this week around the no read up and no write down principle A, Bella B the biba. C, the Clark Wilson model, the boy band, or D, the Brewer Cap Theorem.
So again, no ReadUP, no write down Bela Biba, Clark Wilson or Brewer Cap. And as we know, the no ReadUP and no writedown is the bell model. Okay? So it ensures that information flows from higher sensitivity levels to low sensitivity levels, but prevents unauthorized access to higher levels. Now it says that, and it does allow flowing of access.
Yes. You, your is a, depending upon where you deploy this at, you may allow that. If you're looking at the US government, they don't just allow it to flow from higher levels to lower levels. You just can't arbitrarily do that. You have to follow a process by which you make that happen, but it's much easier to flow the data down than it is to flow the data up.
[00:04:00] Okay, now we're gonna go on the next question. This security model that defines well-formed transactions based controls and separation of duties to maintain data integrity. We talked about this on Monday, so again, well-formed transaction based controls and separation of duties to maintain data integrity is A, the be model B, the biva model C, the Clark Wilson, model, the Boy, bam, or B, the brewer Cap Theorem.
Okay. So as we think about that separation of duties and transactional base controls is the Clark Wilson model that would be seen. It focuses on data integrity in a commercial environment and ensures integrity through the use of well-formed transactional base controls and the separation of duties.
Okay? One way you control it, you can see on this, would be digital signatures, certification authorities, and access controls. So those are various aspects you might see with the Clark Wilson model. Okay, so we've covered some of those. All right, let's [00:05:00] go here. We talked about let's go to a couple other questions.
Sorry. All right. This is one that we didn't mention in the podcast because if I did it would go on forever. Which security model emphasized the concept of confinement to prevent information leakage? Okay, so we didn't talk about this in the podcast, but you get it today here on the questions. Which security model emphasized the concept of confinement?
A, the bell lap pula, model B, the Biba model C, the Clark Wilson Boy band model, or D, the non interference model. That's a new one. And I just emphasize that. Which security model emphasizes the concept of confinement to prevent information leakage? It is D the non interference model. Now, this model focuses on preventing information leakage by confining the actions and information flow of subjects within their respective security levels.
Okay? So it basically is allowing it you, it won't allow the data. Outside of whatever security level that you have high, you have set up right. [00:06:00] It's where higher security levels do not interfere or affect actions and information on subjects lower than the security levels so that you run into the situation where you have the bell pula or you're dealing with top secret.
Secret. You may also have the non interference model in place because you know what? I don't want the two, the streams crossing. Tell me the movie, do you guys know the movie? Don't Let The Streams Cross Ray. Oh, okay. So that shows how old I am. That's the Ghostbusters. Okay. Which security model is associated with the concept of separation of duties to enforce data integrity.
Okay. We talked about that one, that was already the Clark Wilson model. So I'm scrolling through some of my other questions here that I have, that I can give you some more insight. Okay. This one here, the security model that addresses the trade-offs between consistency, availability, and partition tolerance.
We talked about this on Monday in a distributed systems is known as A, the Bella Pula, B, the Biba C, the Clark Wilson, or D, the Brewer Cap Theorem. Okay. The [00:07:00] security model that addresses the trade-offs between consistency, availability, and partition tolerance in a distributed system is known as, A Bell, B Biba, C, Clark, Wilson, or D, the Brewer Cap.
It is D. The Brewer Cap Theorem or Brewer Nash model focuses on trade-offs in distributed systems. Remember, distributed systems and the presence of network partitions. You must choose between consistency, availability, and partition. Or again, you saw up in the question, you guys didn't see it cuz you probably are listening to this, but consistency, availability, and the partition tolerance.
Those are factors. If you see cap, you'll not automatically know it's the beer, it's the Brewer Nash model and you wanna make sure that you remember that piece of this. Now I'm gonna throw one at you. This last question I have for you is one that might get you, it might cause you to make a mistake.
So we're gonna, it's a very tricky question and maybe it's for you guys, it's not, you'll probably get it. But I struggled with it a little bit at first cuz it's a little bit of.[00:08:00] Contrary to what we talked about on Monday, but it's not. So the security model that emphasizes data integrity, key term data integrity, and follows the no write up and no read down principle.
Okay. So you can't write up, you can't read down, is called the what? The a, the bell pula model. Okay. So remember the bell poodle? You can, you can't write up but you can't read, but you can read down, right? So as you, there's no write up, no read down. The Bella pool of models A. The Biva model is B. C is a Clark Wilson model, or d, the brewer cap.
Now if it's focused on integrity, which one was that? Now, we talked about earlier that last week is that integrity's a big focus of the Biba model. Now it does have confidentiality, integrity, and availability, but integrity is a key factor. The Biba model does focus on data integrity and it follows the no write up.
No read down principle, okay. Which basically means that a certain integrity level can only write to the same or lower [00:09:00] integrity levels and can read information only from the same or higher integrity levels. So it's a little bit of a confusion there. So you just need to make sure that as you go through this look for key terms before you answer the questions.
All right. That's all I have for today and I am excited to, to give you some more questions. We're next week we are going to be talking about domain four, and in domain four we're gonna be going through the various pieces as it relates to secure communication channels according to design. So that one is awesome, but really, basically we're gonna be talking about the OSI model.
That's the plan. All right. Hope you all had a wonderful, beautiful day and I hope you enjoyed these security questions and we'll catch you on the flip side. See ya.
CISSP Cyber Training Academy Program!
Are you an ambitious Cybersecurity or IT professional who wants to take your career to a whole new level by achieving the CISSP Certification?
Let CISSP Cyber Training help you pass the CISSP Test the first time!