The BIGGEST difference between System High Security Mode and Dedicated Security Mode is:

A.
The clearance required

B.
Object classification

C.
Subjects cannot access all objects

D.
Need-to-know

Explanation:
A system is operating in a dedicated security mode if all users have a clearance for, and a formal need-to-know
about, all data processed within the system. All users have been given formal access approval for all
information on the system and have signed nondisclosure agreements (NDAs) pertaining to this information.
The system can handle a single classification level of information.
A system is operating in system high-security mode when all users have a security clearance to access the
information but not necessarily a need-to-know for all the information processed on the system. So, unlike in
the dedicated security mode, in which all users have a need-to-know pertaining to all data on the system, in
system high-security mode, all users have a need-to-know pertaining to some of the data. This mode also
requires all users to have the highest level of clearance required by any and all data on the system. However,
even though a user has the necessary security clearance to access an object, the user may still be restricted if
he does not have a need-to-know pertaining to that specific object.
Incorrect Answers:
A: The clearance required is not the difference between the two. All users have clearance in both systems.
However, in high-security mode, access is further restricted by need-to-know.
B: Object classification is not the difference between the two. The classification of objects can be the same or it
can be different; however, high-security mode is further restricted by need-to-know.
C: Subjects cannot access all objects is not the difference between the two. All subjects CAN access all objects
providing they have the ‘need-to-know’.

Harris, Shon, All In One CISSP Exam Guide, 4th Edition, McGraw-Hill, New York, 2007, p. 387