[CCCure CISSP] Q2April-13 Some cccure Quiz question doubts

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[CCCure CISSP] Q2April-13 Some cccure Quiz question doubts

Amlan Deb
Hi guys,
I have some doubts regarding some cccure Quiz questions and concepts mentioned below. Would really appreciate it if you could take out some time and help me with them.
Question: 1459 | Difficulty: 3/5 | Relevancy: 3/3
What is the act of obtaining information of a higher sensitivity by combining information from lower levels of sensitivity?
o   Polyinstantiation
o   Inference
o › Aggregation
o   Data mining
Details Submit a comment on this question
Aggregation is the act of obtaining information of a higher sensitivity by combining information from lower levels of sensitivity.
The incorrect answers are:
Polyinstantiation is the development of a detailed version of an object from another object using different values in the new object.
Inference is the ability of users to infer or deduce information about data at sensitivity levels for which they do not have access privilege.
Data mining refers to searching through a data warehouse for data correlations.
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 7: Applications and Systems Development (page 261).
KRUTZ, Ronald & VINES, Russel, The CISSP Prep Guide: Gold Edition, Wiley Publishing Inc., 2003, Chapter 7: Database Security Issues (page 358).
Edited by Glen Chandler
Contributor: Christian Vezina
Covered topic: Inference and Aggregation

My doubt: the concepts of aggregation and inference are so similar, how do we differentiate between them? Why isn’t inference a good answer for this question? Or do we just have to cram the definition provide by Ronald Krutz?

Quoting Shon Harris from AIO:

The other security issue is inference, which is the intended result of aggregation. The inference problem happens when a subject deduces the full story from the pieces he learned of through aggregation. This is seen when data at a lower security level indirectly portrays data at a higher level.


You can find the list archive at:

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below: