Divergence between guide and CCCure
Hey,
I am working on the first chapter of the CISSP, and I am training thanks to the quizz from cccure.org.
However, regarding one point, I had a divergence between my book "The CISSP prep guide" and answers provided to the quizz.
The question was about Rule-based access control.
According to "The CISSP prep guide", "rule-based access control is a type of mandatory access control".
However, after answering MAC to the question, I was said to be wrong.
According to the quizz, rule-based access control is a type of NDAC (non disccretionary access control)...
In such a case, which source of info should be considered as the most trusted?
Thanks
I am working on the first chapter of the CISSP, and I am training thanks to the quizz from cccure.org.
However, regarding one point, I had a divergence between my book "The CISSP prep guide" and answers provided to the quizz.
The question was about Rule-based access control.
According to "The CISSP prep guide", "rule-based access control is a type of mandatory access control".
However, after answering MAC to the question, I was said to be wrong.
According to the quizz, rule-based access control is a type of NDAC (non disccretionary access control)...
In such a case, which source of info should be considered as the most trusted?
Thanks
Comments
-
JDMurray
Admin Posts: 13,092 Admin
Realize that the questions at www.freepracticetests.org can be submitted by anyone and are not necessarily in alignment with every CISSP study resource available. There will be ambiguities and contradictions even between the practice items themselves, so take them with you-get-what-you-pay-for in mind.
Oh, and in answer to your question, rule-based access control means the use of security labels for subjects and objects. Just because an access control methodology uses labels I wouldn't say that it's a form of rule-based access control. Both DAC and NDAC methodologies use labels.