CompTIA Security Plus Mock Test Q984

A security administrator must implement a system that will support and enforce the following file system access control model:
FILE NAME SECURITY LABEL
Employees.doc Confidential
Salary.xls Confidential
OfficePhones.xls Unclassified
PersonalPhones.xls Restricted
Which of the following should the security administrator implement?

A. White and black listing
B. SCADA system
C. Trusted OS
D. Version control


Correct Answer: C
Section: Access Control and Identity Management

Explanation:
A trusted operating system (TOS) is any operating system that meets the government’s requirements for security. Trusted OS uses a form of Mandatory access control called MultiLevel
Security.
The Mandatory access control (MAC) is a form of access control commonly employed by government and military environments. MAC specifies that access is granted based on a set
of rules rather than at the discretion of a user. The rules that govern MAC are hierarchical in nature and are often called sensitivity labels, security domains, or classifications.
MLS is an implementation of MAC that focuses on confidentiality. A Multi-Level Security operating system is able to enforce the separation of multiple classifications of information as
well as manage multiple users with varying levels of information clearance. The military and intelligence community must handle and process various hierarchical levels of classified
information. At the high-end there is Top Secret, followed in turn by Secret, Confidential, and Unclassified:

Incorrect Answers:
A: With white and black listing, there are only two classifications; those who are allowed access and those who are disallowed access. White and black listing commonly uses email
addresses, user names or domains to determine who is allowed or who is not allowed. White and black listing does not classify documents by levels of confidentiality. Therefore, this
answer is incorrect.
B: SCADA (supervisory control and data acquisition) is a category of software application program for process control, the gathering of data in real time from remote locations in order
to control equipment and conditions. SCADA is not used for controlling access to files based on levels of confidentiality. Therefore, this answer is incorrect.
D: Version control is used to monitor changes to files and save previous versions of files if required. It is not used for controlling access to files based on levels of confidentiality.
Therefore, this answer is incorrect.

References:
http://www.sistina.com/f/pdf/sec/path_to_mlsec.pdf