Which of the following is NOT a common integrity goal?
A.
Prevent unauthorized users from making modifications.
C1 and above.
B.
Maintain internal and external consistency.
A goal of integrity is to maintain internal and external consistency.
C2 and above.
C.
Prevent authorized users from making improper modifications.
A goal of integrity is to prevent authorized users from making improper modifications.
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 23
QUESTION 75
At what Orange Book evaluation levels are design specification and verification FIRST required?
B1 and above.
D.
Prevent paths that could lead to inappropriate disclosure.
B2 and above.
B.
Maintain internal and external consistency.
A goal of integrity is to maintain internal and external consistency.
C2 and above.
C.
Prevent authorized users from making improper modifications.
A goal of integrity is to prevent authorized users from making improper modifications.
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 23
QUESTION 75
At what Orange Book evaluation levels are design specification and verification FIRST required?
B1 and above.
A.
Prevent unauthorized users from making modifications.
C1 and above.
B.
Maintain internal and external consistency.
A goal of integrity is to maintain internal and external consistency.
C2 and above.
C.
Prevent authorized users from making improper modifications.
A goal of integrity is to prevent authorized users from making improper modifications.
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 23
QUESTION 75
At what Orange Book evaluation levels are design specification and verification FIRST required?
B1 and above.
D.
Prevent paths that could lead to inappropriate disclosure.
B2 and above.
Explanation:
Integrity does not prevent paths that could lead to inappropriate disclosure.
Integrity is upheld when the assurance of the accuracy and reliability of information and systems is provided
and any unauthorized modification is prevented. Environments that enforce and provide this attribute of security
ensure that attackers, or mistakes by users, do not compromise the integrity of systems or data.
Users usually affect a system or its data’s integrity by mistake (although internal users may also commit
malicious deeds). For example, a user may insert incorrect values into a data processing application that ends
up charging a customer $3,000 instead of $300.
Incorrect Answers:
A: A goal of integrity is to prevent unauthorized users from making modifications.B1: Labeled Security: Each data object must contain a classification label and each subject must have aclearance label. When a subject attempts to access an object, the system must compare the subject’s and
object’s security labels to ensure the requested actions are acceptable. Data leaving the system must also
contain an accurate security label. The security policy is based on an informal statement, and the design
specifications are reviewed and verified.
This security rating is intended for environments that require systems to handle classified data.
Incorrect Answers:
A: Design specification and verification are not required at level C1.
B: Design specification and verification are not required at level C2.
D: B2 is not the lowest level that requires design specification and verification. Level B1 requires design
specification and verification.Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 395
The answer is D, “Prevent paths that could lead to inappropriate disclosure.” as this is NOT a common integrity goal.
1
0