Most Recent ISC2 CSSLP Exam Dumps

Mandatory Access Control (MAC) is a model that uses a predefined set of access privileges for an object of the system. Access to an object is

restricted on the basis of the sensitivity of the object and granted through authorization. Sensitivity of an object is defined by the label

assigned to it. For example, if a user receives a copy of an object that is marked as 'secret', he cannot grant permission to other users to see

this object unless they have the appropriate permission.

Answer B is incorrect. DAC is an access control model. In this model, the data owner has the right to decide who can access the data.

Answer A is incorrect. Role-based access control (RBAC) is an access control model. In this model, a user can access resources

according to his role in the organization. For example, a backup administrator is responsible for taking backups of important data. Therefore,

he is only authorized to access this data for backing it up. However, sometimes users with different roles need to access the same resources.

This situation can also be handled using the RBAC model.

Answer C is incorrect. There is no such access control model as Policy Access Control.

The business continuity plan development refers to the utilization of the information collected in the Business Impact Analysis (BIA) for the

creation of the recovery strategy plan to support the critical business functions. The information gathered from the BIA is mapped out to make

a strategy for creating a continuity plan. The business continuity plan development process includes the areas of plan implementation, plan

testing, and ongoing plan maintenance. This phase also consists of defining and documenting the continuity strategy.

Answer C is incorrect. The scope and plan initiation process in BCP symbolizes the beginning of the BCP process. It emphasizes on

creating the scope and the additional elements required to define the parameters of the plan.

The scope and plan initiation phase embodies a check of the company's operations and support services. The scope activities include creating

a detailed account of the work required, listing the resources to be used, and defining the management practices to be employed.

Answer B is incorrect. The business impact assessment is a method used to facilitate business units to understand the impact of a

disruptive event. This phase includes the execution of a vulnerability assessment. This process makes out the mission-critical areas and

business processes that are important for the survival of business.

It is similar to the risk assessment process. The function of a business impact assessment process is to create a document, which is used to

help and understand what impact a disruptive event would have on the business.

Answer D is incorrect. The plan approval and implementation process involves creating enterprise-wide awareness of the plan, getting

the final senior management signoff, and implementing a maintenance procedure for updating the plan as required.

The Federal Information Security Management Act of 2002 is a United States federal law enacted in 2002 as Title III of the E-Government Act

of 2002. The act recognized the importance of information security to the economic and national security interests of the United States. The

act requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the

information and information systems that support the operations and assets of the agency, including those provided or managed by another

agency, contractor, or other source.

FISMA has brought attention within the federal government to cybersecurity and explicitly emphasized a 'risk-based policy for cost-effective

security'. FISMA requires agency program officials, chief information officers, and Inspectors Generals (IGs) to conduct annual reviews of the

agency's information security program and report the results to Office of Management and Budget (OMB). OMB uses this data to assist in its

oversight responsibilities and to prepare this annual report to Congress on agency compliance with the act.

Answer B is incorrect. The Lanham Act is a piece of legislation that contains the federal statutes of trademark law in the United States.

The Act prohibits a number of activities, including trademark infringement, trademark dilution, and false advertising. It is also called Lanham

Trademark Act.

Answer A is incorrect. The Computer Misuse Act 1990 is an act of the UK Parliament which states the following statement:

Unauthorized access to the computer material is punishable by 6 months imprisonment or a fine 'not exceeding level 5 on the standard

scale' (currently 5000).

Unauthorized access with the intent to commit or facilitate commission of further offences is punishable by 6 months/maximum fine on

summary conviction or 5 years/fine on indictment.

Unauthorized modification of computer material is subject to the same sentences as section 2 offences.

Answer C is incorrect. The Computer Fraud and Abuse Act is a law passed by the United States Congress in 1984 intended to reduce

cracking of computer systems and to address federal computer-related offenses. The Computer Fraud and Abuse Act (codified as 18 U.S.C.

1030) governs cases with a compelling federal interest, where computers of the federal government or certain financial institutions are

involved, where the crime itself is interstate in nature, or computers used in interstate and foreign commerce. It was amended in 1986, 1994,

1996, in 2001 by the USA PATRIOT Act, and in 2008 by the Identity Theft Enforcement and Restitution Act. Section (b) of the act punishes

anyone who not just commits or attempts to commit an offense under the Computer Fraud and Abuse Act but also those who conspire to do

so.

The service-oriented modeling framework (SOMF) concentrates on the following principles:

Business traceability

Architectural best-practices traceability

Technological traceability

SOA value proposition

Software assets reuse

SOA integration strategies

Technological abstraction and generalization

Architectural components abstraction

Answer D is incorrect. The service-oriented modeling framework (SOMF) does not concentrate on it.

security, the code of the software application controls the security behavior, and authentication decisions are made based on the business

logic, such as the user role or the task performed by the user in a specific security context.