CISSP Free Practice Test

Reference: https://www.netiq.com/documentation/access-manager-43/applications-configuration-guide/data/ b1ka6lkd.html

Reference: https://owasp.org/www-project-web-security-testing-guide/assets/archive/ OWASP_Testing_Guide_v4.pdf (15)

Reference: http://www.manchester.gov.uk/info/200039/emergencies/6174/business_continuity_planning/5

Reference: https://books.google.com.pk/books?id=9gCn86CmsNQC&pg=PA478&lpg=PA478&dq=CISSP +taken+into+account+when+assessing+vulnerability&source=bl&ots=riGvVpNN7I&sig=ACfU3U1isazG0OJlZdAAy91LvAW_rbXdAQ&hl=en&sa=X&ve d=2ahUKEwj6p9vg4qnpAhUNxYUKHdODDZ4Q6AEwDHoECBMQAQ#v=onepage&q=CISSP%20taken% 20into%20account%20when%20assessing%20vulnerability&f=false

Explanation:
Mandatory Access Control (MAC) is system-enforced access control based on a subject’s clearance and an object’s labels. Subjects and Objects have clearances and labels, respectively, such as confidential, secret, and top secret. A subject may access an object only if the subject’s clearance is equal to or greater than the object’s label. Subjects cannot share objects with other subjects who lack the proper clearance, or “write down” objects to a lower classification level (such as from top secret to secret). MAC systems are usually focused on preserving the confidentiality of data.

Reference: https://www.sciencedirect.com/topics/computer-science/mandatory-access-control