PrepAway - Latest Free Exam Questions & Answers

Which division of the Orange Book deals with discretion…

Which division of the Orange Book deals with discretionary protection (need-to-know)?

PrepAway - Latest Free Exam Questions & Answers

A.
D

B.
C

C.
B

D.
A

Explanation:
The U.S. Department of Defense developed the Trusted Computer System Evaluation Criteria (TCSEC), which
was used to evaluate operating systems, applications, and different products. These evaluation criteria arepublished in a book known as the Orange Book.
TCSEC provides a classification system that is divided into hierarchical divisions of assurance levels:
A:
Verified protection
B:
Mandatory protection
C:
Discretionary protection
D:
Minimal security
C1: Discretionary Security Protection: Discretionary access control is based on individuals and/or groups. It
requires a separation of users and information, and identification and authentication of individual entities. Some
type of access control is necessary so users can ensure their data will not be accessed and corrupted by
others. The system architecture must supply a protected execution domain so privileged system processes are
not adversely affected by lower-privileged processes. There must be specific ways of validating the system’s
operational integrity. The documentation requirements include design documentation, which shows that the
system was built to include protection mechanisms, test documentation (test plan and results), a facility manual
(so companies know how to install and configure the system correctly), and user manuals.
Incorrect Answers:
A: Division C, not D deals with discretionary protection.
C: Division C, not B deals with discretionary protection.
D: Division C, not A deals with discretionary protection.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 392-394


Leave a Reply