nerdexam
EC-Council

312-50V11 · Question #270

One way to defeat a multi-level security solution is to leak data via

The correct answer is C. a covert channel.. A covert channel allows information to leak between security levels in a multi-level security (MLS) system by exploiting shared resources in ways not intended by the security policy.

Information Security and Ethical Hacking Fundamentals

Question

One way to defeat a multi-level security solution is to leak data via

Options

  • Aa bypass regulator.
  • Bsteganography.
  • Ca covert channel.
  • Dasymmetric routing.

How the community answered

(29 responses)
  • A
    7% (2)
  • B
    3% (1)
  • C
    72% (21)
  • D
    17% (5)

Why each option

A covert channel allows information to leak between security levels in a multi-level security (MLS) system by exploiting shared resources in ways not intended by the security policy.

Aa bypass regulator.

A 'bypass regulator' is not a recognized security or networking term relevant to defeating multi-level security solutions.

Bsteganography.

Steganography hides data within another medium (e.g., images), but it does not inherently exploit the shared resource mechanisms that MLS systems control, making it a different class of technique.

Ca covert channel.Correct

A covert channel communicates information by manipulating shared system resources (such as timing, storage, or CPU usage) in ways that violate the MLS security policy, bypassing the formal access control model. Because MLS systems enforce mandatory access controls between classification levels, covert channels are specifically designed to circumvent those controls without triggering them. They are a fundamental threat recognized in the Bell-LaPadula model and the Trusted Computer System Evaluation Criteria.

Dasymmetric routing.

Asymmetric routing is a network forwarding concept where traffic takes different paths in each direction, and it does not relate to leaking data across MLS classification boundaries.

Concept tested: Covert channels in multi-level security systems

Source: https://csrc.nist.gov/glossary/term/covert_channel

Topics

#covert channel#multi-level security#data leakage#security bypass

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice