The correct answer is: It is also concerned with situations where you want to prevent a subject from ever gaining particular privileges.
From the official guide:
"Harrison-Ruzzo-Ullman Model—This model is very similar to the Graham—Denning model, and it is composed of a set of generic rights and a finite set of commands. Where it is a little different, it is also concerned with situations where you want to prevent a subject from ever gaining particular privileges. To do so, subjects are prevented from accessing programs or subroutines that can execute a particular command (to grant read access for example) where necessary."
The following answers are incorrect: - It is also concerned with situations where you want to grant a subject unlimited privileges.
- It is composed of a set of generic rights and a finite set of commands.
- There is no such model called Harrison-Ruzzo-Ullman
The following reference(s) were/was used to create this question:
Tipton, Harold F. (2010-04-20). Official (ISC)2 Guide to the CISSP CBK, Second Edition ((ISC)2 Press), Chapter 9, Security Architecture and Design
AIOv4 Security Architecture and Design (pages 349) AIOv5 Security Architecture and Design (pages 351)
Question contributed by: Michael B. Morell Email or CCCure Nickname of question author: LordInfidel Question reviewed by: Clement Dupuis Question comment submited by:
Note from Mike:
I found this 2 days before my exam date. Who knows if it will be in the exam, but it is in the official guide so might as well be safer than sorry.
Study area: Security Architecture and Design
My doubt:I was not able to understand the explanation of how the 2 models are different. Please explain with an example if possible. Even the wording of the answer “It is also concerned with…” seems to indicate a similarity rather than a difference.