312-50V11 · Question #586
A covert channel is a channel that
The correct answer is A. transfers information over, within a computer system, or network that is outside of the security. A covert channel is defined by its operation outside the established security policy, allowing information to flow through unintended or unauthorized paths.
Question
A covert channel is a channel that
Options
- Atransfers information over, within a computer system, or network that is outside of the security
- Btransfers information over, within a computer system, or network that is within the security policy.
- Ctransfers information via a communication path within a computer system, or network for transfer
- Dtransfers information over, within a computer system, or network that is encrypted.
How the community answered
(40 responses)- A88% (35)
- B3% (1)
- C3% (1)
- D8% (3)
Why each option
A covert channel is defined by its operation outside the established security policy, allowing information to flow through unintended or unauthorized paths.
A covert channel is specifically defined as a communication path that transfers information in a manner not sanctioned by the security policy of the system or network. This distinguishes it from legitimate channels, which are authorized and controlled. The key attribute is the violation or circumvention of the security policy, not merely the medium or method of transfer.
This describes a legitimate, authorized channel that operates within policy boundaries, which is the opposite of a covert channel.
This describes a generic communication path and omits the defining characteristic that a covert channel operates outside the security policy.
Encryption is a property of data protection and does not define a covert channel - a covert channel can be unencrypted, and an encrypted channel can still be legitimate and policy-compliant.
Concept tested: Definition and nature of covert channels
Source: https://csrc.nist.gov/glossary/term/covert_channel
Topics
Community Discussion
No community discussion yet for this question.