MAC?
jpkennedy79
Member Posts: 28 ■□□□□□□□□□
in Security+
I was taking a practice exam and I cam across this question:
"Your IT Security staff is responsible for engineering an access control system for company XYZ's computer network. Your plan calls for all access to be blocked by default unless a user has specifically configured permissions to access a resource. What type of access control are you implementing?"
They stated the answer as being MAC. From all of the reading I have done, I was under the impression that users could not configure permissions in MAC, only admin's could based on the users sensitivity label. I chose DAC for my answer, as users configure access for other users and unless they have done so, the access is blocked by default. What are your thoughts?
Thanks.
"Your IT Security staff is responsible for engineering an access control system for company XYZ's computer network. Your plan calls for all access to be blocked by default unless a user has specifically configured permissions to access a resource. What type of access control are you implementing?"
They stated the answer as being MAC. From all of the reading I have done, I was under the impression that users could not configure permissions in MAC, only admin's could based on the users sensitivity label. I chose DAC for my answer, as users configure access for other users and unless they have done so, the access is blocked by default. What are your thoughts?
Thanks.
Comments
-
/usr Member Posts: 1,768 ■■■□□□□□□□That question states that "unless a user has specifically configured permissions to access a resource". It says nothing about a user configuring his own resources. In fact, it says in the beginning the IT staff is in charge of the policy.
It's definately MAC. -
/usr Member Posts: 1,768 ■■■□□□□□□□Not to sound mean, but you should definately brush up on your ability to read questions. That question lays it all out for you and it's easy to see that it's MAC, if you know what the difference between DAC & MAC is.
I only say this because the Security+ is a tough exam in how it's worded. That question is simple compared to what you're going to see on the exam.
Will this be your first certification? -
jpkennedy79 Member Posts: 28 ■□□□□□□□□□/usr wrote:Not to sound mean, but you should definately brush up on your ability to read questions. That question lays it all out for you and it's easy to see that it's MAC, if you know what the difference between DAC & MAC is.
I only say this because the Security+ is a tough exam in how it's worded. That question is simple compared to what you're going to see on the exam.
Will this be your first certification?
Thanks for the tips. Yes, it will be my first cert.
My biggest area's of weakness in regards to the Sec+ exam are RBAC, MAC, DAC, Access Models, and Cryptography. All of the other area's I am doing very well in thus far from all of the practice exams I have taken. -
/usr Member Posts: 1,768 ■■■□□□□□□□I've never heard of anyone going for Sec+ first. You generally need Network+ at least. It makes Sec+ easier to understand anyway. Best of luck to you, we'll help you out as much as we can.
What practice exams are you using, just out of curiousity? -
Webmaster Admin Posts: 10,292 Adminjpkennedy79 wrote:Yes, it will be my first cert.
-
jpkennedy79 Member Posts: 28 ■□□□□□□□□□Webmaster wrote:jpkennedy79 wrote:Yes, it will be my first cert.
Yes, I work in Network Security Operations for a major U.S. bank. I do have a few years worth of experience. I also have a degree in Networking and DB Administration.
I am going for this exam first as I feel this is the "most entry level' type security exam out there. I am currently working on on GIAC-GSEC also. -
jpkennedy79 Member Posts: 28 ■□□□□□□□□□/usr wrote:I've never heard of anyone going for Sec+ first. You generally need Network+ at least. It makes Sec+ easier to understand anyway. Best of luck to you, we'll help you out as much as we can.
What practice exams are you using, just out of curiousity?
I am using PrepLogic exams, tests from this site, tests from www.free-tests.com and also I have the ExamCram2 practice test book full of questions.
For books I have read the Sybex 2nd Edition and also the ExamCram2. I am now reading the Tcat PDF as well as my SANS Security essentials books from Track 1 at SANS. -
/usr Member Posts: 1,768 ■■■□□□□□□□I would have to look into it more, but that free-tests.com site looks a bit suspicious. Maybe someone can vouch for it.
As far as the PrepLogic's go, they are good. I used them for my exam and found them pretty similar in format and content. -
jpkennedy79 Member Posts: 28 ■□□□□□□□□□/usr wrote:I would have to look into it more, but that free-tests.com site looks a bit suspicious. Maybe someone can vouch for it.
As far as the PrepLogic's go, they are good. I used them for my exam and found them pretty similar in format and content.
Thanks for the tip on the free-tests.com site. I was pretty suspicious at first also. I have checked out their answers and they appear to be OK thus far. I have seen another member of this site posted he had used them for his prep also - and he had passed.
I like the PrepLogic exams also. I am doing well on them passing the first two and I will take the third one this weekend. I have found the ExamCram2 questions, which I believe are from MeasureUp to be a lot harder then PrepLogic's exams.
Again, thanks for all your help. I am sure you will be seeing a lot of questions out of me in the near future:) Thanks. -
Ricka182 Member Posts: 3,359/usr wrote:I would have to look into it more, but that free-tests.com site looks a bit suspicious. Maybe someone can vouch for it.
As far as the PrepLogic's go, they are good. I used them for my exam and found them pretty similar in format and content.freetests.com wrote:AcceliNetworks respects the integrity of the IT Certification process
This is NOT a brain **** site. Our test writers are instructed specifically to write test questions based on the vendor's objectives. You will not find any test questions here that appear on the vendor's actual tests. Click Here if you think that real studying sounds like too much work.i remain, he who remains to be.... -
/usr Member Posts: 1,768 ■■■□□□□□□□There you go.
As far as the PrepLogic's go, don't rely on them too much. I used them and failed the first time around.