PrepAway - Latest Free Exam Questions & Answers

Which Orange book security rating is the FIRST to be co…

Which Orange book security rating is the FIRST to be concerned with covert channels?

PrepAway - Latest Free Exam Questions & Answers

A.
A1

B.
B3

C.
B2

D.
B1

Explanation:
In the Orange Book, covert channels in operating systems are not addressed until security level B2 and above
because these are the systems that would be holding data sensitive enough for others to go through all the
necessary trouble to access data in this fashion.B2: Structured Protection: The security policy is clearly defined and documented, and the system design and
implementation are subjected to more thorough review and testing procedures. This class requires more
stringent authentication mechanisms and well-defined interfaces among layers. Subjects and devices require
labels, and the system must not allow covert channels. A trusted path for logon and authentication
processes must be in place, which means the subject communicates directly with the application or operating
system, and no trapdoors exist. There is no way to circumvent or compromise this communication channel.
Operator and administration functions are separated within the system to provide more trusted and protected
operational functionality. Distinct address spaces must be provided to isolate processes, and a covert channel
analysis is conducted. This class adds assurance by adding requirements to the design of the system.
The type of environment that would require B2 systems is one that processes sensitive data that require a
higher degree of security. This type of environment would require systems that are relatively resistant to
penetration and compromise.
Incorrect Answers:
A: Level B2, not A1 is the FIRST to be concerned with covert channels.
B: Level B2, not B3 is the FIRST to be concerned with covert channels.
D: Level B2, not B1 is the FIRST to be concerned with covert channels.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 395-396


Leave a Reply