Dee wants to ensure that software developers cannot test their own code. She establishes a control that checks the author of the code when assigning the person to test the code. Which security model is BEST demonstrated by this control? A. Sutherland. B. Biba. C. Clark-Wilson. D. Bell-LaPadula.

CISSP Certification 2021 practice questions.
Source: https://thorteaches.com/ Free CISSP practice exam questions for the 2021 CISSP exam version.

ANSWER

The right answer is C.

 

 The Clark-Wilson model uses the (subject, transaction, object) triple to enforce segregation of duties, which is one aspect of integrity. Dee’s control is the transaction (or program) that prevents the developers (subject) testing their own code (object). Biba enforces integrity but does not enforce segregation of duties. Sutherland model is based on the system state, initial state, and state transitions to prevent interference in support of data integrity, but again does not enforce segregation of duties. Bell-LaPadula enforces confidentiality.

show less

Complete-for-widget
Start learning today

CISSP: All videos and practice questions from ThorTeaches

What our students are saying:

Anthony Jones
Anthony JonesWCDC Site Supervisor Bunzl Safety
Read More
A friend of mine first recommended Thor’s CISSP video series on Udemy and I was glad that he did! The course content was fantastic and to the point, and the real-world examples it provides helped me synthesize and apply the information. Also, a special shout out to the essential information elephants! (You’ll know what I mean). This resource was by far my favorite video series that I utilized in my successful studying for and passing of the CISSP exam in May 2020. Thank you for the fantastic content!
Danny Tolnay
Danny TolnayInfosec Analyst  Hedge Fund
Read More
Thor’s commitment to his students really comes through in his videos. He has a talent for keeping it to the essentials, and the little jokes that are peppered in every now and again help keep it feeling light and fresh. I am so glad that I found his material for my CISSP studies, he is definitely a big reason why I passed. Thanks Thor!
Sven De Preter
Sven De PreterSenior Network & System Administrator NV Antwerps Sportpaleis
Read More
Thor’s bootcamp is a great way to recapitulate all the content provided in the CISSP CBK. It’s clear, concise, structured and affordable. Definitely a great tool that helps in preparing for the exam. Thanks Thor
Peter Peterson
Peter PetersonCyber Risk Management New York State Chief Information Security Office
Read More
I am not sure what else there is to say that has not been said about Thor. You can tell he has a passion for teaching and really does care about his students. His videos are short and to the point which is wonderful for courses like CISSP which has such a large scope it makes it frustrating at times. Thor’s material is a breath of fresh air, and I can say without them I may not have passed. Thank you, Thor!
Previous
Next