MAC?

jpkennedy79

I was taking a practice exam and I cam across this question:
"Your IT Security staff is responsible for engineering an access control system for company XYZ's computer network. Your plan calls for all access to be blocked by default unless a user has specifically configured permissions to access a resource. What type of access control are you implementing?"

They stated the answer as being MAC. From all of the reading I have done, I was under the impression that users could not configure permissions in MAC, only admin's could based on the users sensitivity label. I chose DAC for my answer, as users configure access for other users and unless they have done so, the access is blocked by default. What are your thoughts?

Thanks.

/usr

That question states that "unless a user has specifically configured permissions to access a resource". It says nothing about a user configuring his own resources. In fact, it says in the beginning the IT staff is in charge of the policy.

It's definately MAC.

RussS

Bingo

/usr

Not to sound mean, but you should definately brush up on your ability to read questions. That question lays it all out for you and it's easy to see that it's MAC, if you know what the difference between DAC & MAC is.

I only say this because the Security+ is a tough exam in how it's worded. That question is simple compared to what you're going to see on the exam.

Will this be your first certification?

jpkennedy79

/usr wrote:

Not to sound mean, but you should definately brush up on your ability to read questions. That question lays it all out for you and it's easy to see that it's MAC, if you know what the difference between DAC & MAC is.

I only say this because the Security+ is a tough exam in how it's worded. That question is simple compared to what you're going to see on the exam.

Will this be your first certification?

Thanks for the tips. Yes, it will be my first cert.

My biggest area's of weakness in regards to the Sec+ exam are RBAC, MAC, DAC, Access Models, and Cryptography. All of the other area's I am doing very well in thus far from all of the practice exams I have taken.

/usr

I've never heard of anyone going for Sec+ first. You generally need Network+ at least. It makes Sec+ easier to understand anyway. Best of luck to you, we'll help you out as much as we can.

What practice exams are you using, just out of curiousity?

Webmaster

jpkennedy79 wrote:

Yes, it will be my first cert.

Then you must have experience or some relevant education right? Is there any particular reason you are going for this exam first?

jpkennedy79

Webmaster wrote:

jpkennedy79 wrote:

Yes, it will be my first cert.

Then you must have experience or some relevant education right? Is there any particular reason you are going for this exam first?

Yes, I work in Network Security Operations for a major U.S. bank. I do have a few years worth of experience. I also have a degree in Networking and DB Administration.
I am going for this exam first as I feel this is the "most entry level' type security exam out there. I am currently working on on GIAC-GSEC also.

jpkennedy79

/usr wrote:

I've never heard of anyone going for Sec+ first. You generally need Network+ at least. It makes Sec+ easier to understand anyway. Best of luck to you, we'll help you out as much as we can.

What practice exams are you using, just out of curiousity?

I am using PrepLogic exams, tests from this site, tests from www.free-tests.com and also I have the ExamCram2 practice test book full of questions.

For books I have read the Sybex 2nd Edition and also the ExamCram2. I am now reading the Tcat PDF as well as my SANS Security essentials books from Track 1 at SANS.

/usr

I would have to look into it more, but that free-tests.com site looks a bit suspicious. Maybe someone can vouch for it.

As far as the PrepLogic's go, they are good. I used them for my exam and found them pretty similar in format and content.

jpkennedy79

/usr wrote:

I would have to look into it more, but that free-tests.com site looks a bit suspicious. Maybe someone can vouch for it.

As far as the PrepLogic's go, they are good. I used them for my exam and found them pretty similar in format and content.

Thanks for the tip on the free-tests.com site. I was pretty suspicious at first also. I have checked out their answers and they appear to be OK thus far. I have seen another member of this site posted he had used them for his prep also - and he had passed.

I like the PrepLogic exams also. I am doing well on them passing the first two and I will take the third one this weekend. I have found the ExamCram2 questions, which I believe are from MeasureUp to be a lot harder then PrepLogic's exams.

Again, thanks for all your help. I am sure you will be seeing a lot of questions out of me in the near future:) Thanks.

Ricka182

/usr wrote:

I would have to look into it more, but that free-tests.com site looks a bit suspicious. Maybe someone can vouch for it.

As far as the PrepLogic's go, they are good. I used them for my exam and found them pretty similar in format and content.

freetests.com wrote:

AcceliNetworks respects the integrity of the IT Certification process
This is NOT a brain **** site. Our test writers are instructed specifically to write test questions based on the vendor's objectives. You will not find any test questions here that appear on the vendor's actual tests. Click Here if you think that real studying sounds like too much work.

/usr

There you go.

As far as the PrepLogic's go, don't rely on them too much. I used them and failed the first time around.