312-50V11 · Question #270
One way to defeat a multi-level security solution is to leak data via
The correct answer is C. a covert channel.. A covert channel allows information to leak between security levels in a multi-level security (MLS) system by exploiting shared resources in ways not intended by the security policy.
Question
One way to defeat a multi-level security solution is to leak data via
Options
- Aa bypass regulator.
- Bsteganography.
- Ca covert channel.
- Dasymmetric routing.
How the community answered
(29 responses)- A7% (2)
- B3% (1)
- C72% (21)
- D17% (5)
Why each option
A covert channel allows information to leak between security levels in a multi-level security (MLS) system by exploiting shared resources in ways not intended by the security policy.
A 'bypass regulator' is not a recognized security or networking term relevant to defeating multi-level security solutions.
Steganography hides data within another medium (e.g., images), but it does not inherently exploit the shared resource mechanisms that MLS systems control, making it a different class of technique.
A covert channel communicates information by manipulating shared system resources (such as timing, storage, or CPU usage) in ways that violate the MLS security policy, bypassing the formal access control model. Because MLS systems enforce mandatory access controls between classification levels, covert channels are specifically designed to circumvent those controls without triggering them. They are a fundamental threat recognized in the Bell-LaPadula model and the Trusted Computer System Evaluation Criteria.
Asymmetric routing is a network forwarding concept where traffic takes different paths in each direction, and it does not relate to leaking data across MLS classification boundaries.
Concept tested: Covert channels in multi-level security systems
Source: https://csrc.nist.gov/glossary/term/covert_channel
Topics
Community Discussion
No community discussion yet for this question.