CSSLP · Question #112
CSSLP Question #112: Real Exam Question with Answer & Explanation
The correct answer is D: Access matrix. An access matrix is a fundamental security model that precisely defines the access rights (e.g., read, write, execute) of each subject (user/process) over every object (file/resource) within a computer system. It explicitly maps permissions between subjects and objects.
Question
Which of the following security models characterizes the rights of each subject with respect to every object in the computer system?
Options
- AClark-Wilson model
- BBell-LaPadula model
- CBiba model
- DAccess matrix
Explanation
An access matrix is a fundamental security model that precisely defines the access rights (e.g., read, write, execute) of each subject (user/process) over every object (file/resource) within a computer system. It explicitly maps permissions between subjects and objects.
Common mistakes.
- A. The Clark-Wilson model is an integrity model focused on commercial applications, emphasizing well-formed transactions and separation of duties to maintain data integrity, not directly characterizing subject-object rights for all system objects.
- B. The Bell-LaPadula model is a confidentiality-focused model that prevents unauthorized information flow from higher security levels to lower ones (no read up, no write down), but it's not a general model for characterizing all subject-object rights.
- C. The Biba model is an integrity-focused model that prevents information flow from lower integrity levels to higher ones (no read down, no write up), complementing Bell-LaPadula, but it's also not a general model for all subject-object rights.
Concept tested. Access control models - Access matrix
Reference. https://csrc.nist.gov/glossary/term/access-matrix
Topics
Community Discussion
No community discussion yet for this question.