[CCCure CISSP] Q6April-13 Some cccure Quiz question doubts

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[CCCure CISSP] Q6April-13 Some cccure Quiz question doubts

Amlan Deb
 
Hi guys,
 
I have some doubts regarding some cccure Quiz questions and concepts mentioned below. Would really appreciate it if you could take out some time and help me with them.
 
Thanks,
Amlan
 

Doubt#6
========
 

1.     Question: 2715 | Difficulty: 5/5 | Relevancy: 3/3

How does the Harrison-Ruzzo-Ullman model differ from the Graham-Denning model?

o    

It is also concerned with situations where you want to prevent a subject from ever gaining particular privileges.

o      

It is also concerned with situations where you want to grant a subject unlimited privileges.

o      

It is composed of a set of generic rights and a finite set of commands.

o      

There is no such model called Harrison-Ruzzo-Ullman

You did not provide any answer to this question. Please review details below.

The correct answer is:  It is also concerned with situations where you want to prevent a subject from ever gaining particular privileges.

From the official guide:

"Harrison-Ruzzo-Ullman Model—This model is very similar to the Graham—Denning model, and it is composed of a set of generic rights and a finite set of commands. Where it is a little different, it is also concerned with situations where you want to prevent a subject from ever gaining particular privileges. To do so, subjects are prevented from accessing programs or subroutines that can execute a particular command (to grant read access for example) where necessary."


The following answers are incorrect:

- It is also concerned with situations where you want to grant a subject unlimited privileges.

- It is composed of a set of generic rights and a finite set of commands.

- There is no such model called Harrison-Ruzzo-Ullman


The following reference(s) were/was used to create this question:

Tipton, Harold F. (2010-04-20). Official (ISC)2 Guide to the CISSP CBK, Second Edition ((ISC)2 Press), Chapter 9, Security Architecture and Design

AIOv4 Security Architecture and Design (pages 349)
AIOv5 Security Architecture and Design (pages 351)

Question contributed by: Michael B. Morell
Email or CCCure Nickname of question author: LordInfidel
Question reviewed by: Clement Dupuis
Question comment submited by:

Comment:

Note from Mike:  

I found this 2 days before my exam date.  Who knows if it will be in the exam, but it is in the official guide so might as well be safer than sorry.

Study area: Security Architecture and Design

 

My doubt:  I was not able to understand the explanation of how the 2 models are different. Please explain with an example if possible. Even the wording of the answer “It is also concerned with…” seems to indicate a similarity rather than a difference.

 

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org