<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]--><o:SmartTagType
namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="place"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
h3
{mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:13.5pt;
font-family:"Times New Roman";
font-weight:bold;}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:blue;
text-decoration:underline;}
p
{mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman";}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:1804426244;
mso-list-template-ids:-1701686740;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1
{mso-list-id:2008364689;
mso-list-template-ids:894238214;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=blue>
<div class=Section1>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>I am curious, is the CISSP given in
different languages besides English?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>
<hr size=2 width="100%" align=center tabindex=-1>
</span></font></div>
<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> cisspstudy-bounces@cccure.org
[mailto:cisspstudy-bounces@cccure.org] <b><span style='font-weight:bold'>On
Behalf Of </span></b>Ashraf Amin<br>
<b><span style='font-weight:bold'>Sent:</span></b> Saturday, August 29, 2009
4:32 PM<br>
<b><span style='font-weight:bold'>To:</span></b> cisspstudy@cccure.org<br>
<b><span style='font-weight:bold'>Subject:</span></b> Re: [Cisspstudy] Access
Control</span></font><o:p></o:p></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<blockquote style='margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'>
<p class=MsoNormal><font size=2 face=Verdana><span style='font-size:10.0pt;
font-family:Verdana'><a href="http://csrc.nist.gov/rbac"></a><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'>Shon Harris page 210, 217, cccure.org but
ISC2 official book page 189 says DAC<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'>For accurate information </span></font><a
href="http://csrc.nist.gov/rbac"><font color="#002bb8"><span style='color:#002BB8'>http://csrc.nist.gov/rbac</span></font></a><o:p></o:p></p>
</blockquote>
<blockquote style='margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'>
<p class=MsoNormal style='margin-bottom:12.0pt'><font size=2 face=Verdana><span
style='font-size:10.0pt;font-family:Verdana'>---<br>
Best Regards,<br>
Ashraf Amin<br>
<br>
<br>
<br>
<br>
<br>
<br>
<o:p></o:p></span></font></p>
</blockquote>
<p class=MsoNormal><font size=2 face=Verdana><span style='font-size:10.0pt;
font-family:Verdana'><br>
<br>
<br>
<o:p></o:p></span></font></p>
<div class=MsoNormal align=center style='text-align:center'><font size=2
face=Verdana><span style='font-size:10.0pt;font-family:Verdana'>
<hr size=2 width="100%" align=center id=stopSpelling>
</span></font></div>
<p class=MsoNormal style='margin-bottom:12.0pt'><font size=2 face=Verdana><span
style='font-size:10.0pt;font-family:Verdana'>From: twayde86@hotmail.com<br>
To: cisspstudy@cccure.org<br>
Date: Sat, 29 Aug 2009 16:28:04 -0400<br>
Subject: [Cisspstudy] Access Control<o:p></o:p></span></font></p>
<div>
<div>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Based on the comments for question 978 one would believe
that "rule-based access control is an example of mandatory access
control" and that it would be the correct answer for question 398. However
the answer for 398 is "Rule-based access control is a type of
non-discretionary access control" .<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Clement tries to clarify in the comments for 398 by noting
"Mandatory Access Control must make use of LABELS as well. If there
is only rules and no label, it cannot be Mandatory Access Control" however
in question 978 there is no mention ob labels either but the correct answer is
MAC.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I need some clarification as to whether I am missing
something.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Thanks<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Question: 978 | Difficulty: 4/5 | Relevancy: 3/3 <o:p></o:p></span></font></p>
<h3><b><font size=4 face=Arial><span style='font-size:13.5pt;font-family:Arial'>Which
of the following is an example of discretionary access control?<o:p></o:p></span></font></b></h3>
<ul type=disc>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l0 level1 lfo1'><font size=2 face=Arial><span style='font-size:
10.0pt;font-family:Arial'>›
<input id="EC_idA89-1" disabled type=radio value=RichText>
<label for=idA89-1>
Identity-based access control
</label>
<o:p></o:p></span></font></li>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l0 level1 lfo1'><font size=2 face=Arial><span style='font-size:
10.0pt;font-family:Arial'>
<input id="EC_idA89-2" disabled type=radio value=2>
<label for=idA89-2>
Task-based access control
</label>
<o:p></o:p></span></font></li>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l0 level1 lfo1'><font size=2 face=Arial><span style='font-size:
10.0pt;font-family:Arial'>
<input id="EC_idA89-3" disabled type=radio value=3>
<label for=idA89-3>
Role-based access control
</label>
<o:p></o:p></span></font></li>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l0 level1 lfo1'><font size=2 face=Arial><span style='font-size:
10.0pt;font-family:Arial'>
<input id="EC_idA89-4" disabled type=radio checked value=4>
<label for=idA89-4>
Rule-based access control
</label>
<o:p></o:p></span></font></li>
</ul>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Sorry - you had a wrong answer. Please review details below.<o:p></o:p></span></font></p>
</div>
<table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0>
<tr>
<td style='padding:0in 0in 0in 0in' id="EC_tliid89">
<p class=MsoNormal><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'>Details<o:p></o:p></span></font></p>
</td>
<td style='padding:0in 0in 0in 0in'>
<p class=MsoNormal><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'>Submit a comment on <a
href="http://www.freepracticetests.org/quiz/qcomment.php?q=978"
title="http://www.freepracticetests.org/quiz/qcomment.php?q=978 CTRL + Click to follow link">this
question</a><o:p></o:p></span></font></p>
</td>
</tr>
</table>
<div>
<div>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>An identity-based access control is an example of
discretionary access control that is based on an individual's identity.
Task-based and role-based access controls are examples of non-discretionary
access controls and a rule-based access control is an example of mandatory
access control.<br>
Source: KRUTZ, Ronald L. & VINES, Russel D., <a
href="http://www.amazon.com/exec/obidos/ASIN/0471413569/thecisspopens-20"
title="http://www.amazon.com/exec/obidos/ASIN/0471413569/thecisspopens-20 CTRL + Click to follow link">The
CISSP Prep Guide: Mastering the Ten Domains of Computer Security</a>, John
Wiley & Sons, 2001, Chapter 2: Access control systems (page 33).<o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> <o:p></o:p></span></font></p>
</div>
<div>
<div>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Question: 398 | Difficulty: 4/5 | Relevancy: 3/3 <o:p></o:p></span></font></p>
<h3><b><font size=4 face=Arial><span style='font-size:13.5pt;font-family:Arial'>The
rule-based access control where access is determined by rules is a type of:<o:p></o:p></span></font></b></h3>
<ul type=disc>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l1 level1 lfo2'><font size=2 face=Arial><span style='font-size:
10.0pt;font-family:Arial'>
<input id="EC_idA96-1" disabled type=radio checked value=1>
<label for=idA96-1>
Discretionary Access Control
</label>
<o:p></o:p></span></font></li>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l1 level1 lfo2'><font size=2 face=Arial><span style='font-size:
10.0pt;font-family:Arial'>
<input id="EC_idA96-2" disabled type=radio value=2>
<label for=idA96-2>
Mandatory Access control
</label>
<o:p></o:p></span></font></li>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l1 level1 lfo2'><font size=2 face=Arial><span style='font-size:
10.0pt;font-family:Arial'>›
<input id="EC_idA96-3" disabled type=radio value=3>
<label for=idA96-3>
Non-Discretionary Access Control
</label>
<o:p></o:p></span></font></li>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l1 level1 lfo2'><font size=2 face=Arial><span style='font-size:
10.0pt;font-family:Arial'>
<input id="EC_idA96-4" disabled type=radio value=4>
<label for=idA96-4>
Lattice-based Access control
</label>
<o:p></o:p></span></font></li>
</ul>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Sorry - you had a wrong answer. Please review details below.<o:p></o:p></span></font></p>
</div>
<table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0>
<tr>
<td style='padding:0in 0in 0in 0in' id="EC_tliid96">
<p class=MsoNormal><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'>Details<o:p></o:p></span></font></p>
</td>
<td style='padding:0in 0in 0in 0in'>
<p class=MsoNormal><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'>Submit a comment on <a
href="http://www.freepracticetests.org/quiz/qcomment.php?q=398">this question</a><o:p></o:p></span></font></p>
</td>
</tr>
</table>
<div>
<div>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Rule-based access control is a type of non-discretionary
access control because this access is determined by rules and the subject does
not decide what those rules will be, the rules are uniformly applied to ALL of
the users or subjects. <br>
<br>
Source: KRUTZ, Ronald L. & VINES, Russel D., <a
href="http://www.amazon.com/exec/obidos/ASIN/0471413569/thecisspopens-20">The
CISSP Prep Guide: Mastering the Ten Domains of Computer Security</a>, 2001,
John Wiley & Sons, Page 33.<o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><b><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial;font-weight:bold'>Comment:</span></font></b><font size=2
face=Arial><span style='font-size:10.0pt;font-family:Arial'> NOTE FROM CLEMENT:<br>
<st1:place w:st="on">Lot</st1:place> of people tend to confuse MAC and Rule
Based Access Control.<br>
Mandatory Access Control must make use of LABELS as well. If there is
only rules and no label, it cannot be Mandatory Access Control. This is
whey they use they call it Non Discretionary Access control. In MAC
subjects must have clearance to access sensitive objects. Objects have
labels that contain the classification to indicate the sensitivity of the
object and the label also has categories to enforce the need to know.<br>
Today the best example of rule based access control would be a
firewall. All rules are imposed globally to any user attempting to
connect through the device. This is NOT the case with MAC.<br>
<o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><b><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial;font-weight:bold'>Contributor:</span></font></b><font size=2
face=Arial><span style='font-size:10.0pt;font-family:Arial'> Rakesh Sud<o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><b><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial;font-weight:bold'>Study area:</span></font></b><font size=2
face=Arial><span style='font-size:10.0pt;font-family:Arial'> <strong><b><font
face=Arial><span style='font-family:Arial'>CISSP CBK - Access Control</span></font></b></strong><o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><b><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial;font-weight:bold'>Covered topic:</span></font></b><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'> Rule-based
access control <o:p></o:p></span></font></p>
</div>
</div>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>This question © Copyright 2003–<span class=ecthisyear>2009</span>
Rakesh Sud, cccure.org. All rights reserved. No unauthorized use or duplication
without explicit written permission of author and of cccure.org.<o:p></o:p></span></font></p>
</div>
</div>
</div>
<div>
<p class=MsoNormal><font size=2 face=Verdana><span style='font-size:10.0pt;
font-family:Verdana'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><font size=2 face=Verdana><span style='font-size:10.0pt;
font-family:Verdana'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><font size=2 face=Verdana><span style='font-size:10.0pt;
font-family:Verdana'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><font size=2 face=Verdana><span style='font-size:10.0pt;
font-family:Verdana'> <o:p></o:p></span></font></p>
</div>
<div>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Sarchasm -: The gulf between the author of sarcastic wit and
the person who doesn't get it</span></font><font size=2 face=Verdana><span
style='font-size:10.0pt;font-family:Verdana'><o:p></o:p></span></font></p>
</div>
<p class=MsoNormal><font size=2 face=Verdana><span style='font-size:10.0pt;
font-family:Verdana'><o:p> </o:p></span></font></p>
<div class=MsoNormal align=center style='text-align:center'><font size=2
face=Verdana><span style='font-size:10.0pt;font-family:Verdana'>
<hr size=2 width="100%" align=center>
</span></font></div>
<p class=MsoNormal><font size=2 face=Verdana><span style='font-size:10.0pt;
font-family:Verdana'>Windows Live Messenger: Celebrate 10 amazing years with
free winks and emoticons. <a
href="http://clk.atdmt.com/UKM/go/157562755/direct/01/" target="_new">Get Them
Now</a><o:p></o:p></span></font></p>
</div>
</body>
</html>