Which of the following classes is defined in the TCSEC (Orange Book) as discretionary protection?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
Source: KRUTZ, Ronald L.
& VINES, Russel.
D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 197
Also: THE source for all TCSEC "level" questions: http://csrc.nist.gov/publications/secpubs/rainbow/std001.txt.
The TCSEC (Trusted Computer System Evaluation Criteria), also known as the Orange Book, is a security evaluation standard used to assess the security features and capabilities of computer systems. It was developed by the US Department of Defense and is used to classify systems based on their security features.
In the TCSEC, the security features of computer systems are divided into four classes: A, B, C, and D. Each class represents a level of security that a system must meet in order to be classified as secure. The higher the class, the more secure the system is considered to be.
Discretionary protection is a type of access control that allows the owner of a resource to determine who has access to that resource. The owner is able to grant or deny access to the resource based on their own discretion.
In the TCSEC, discretionary protection is defined as part of Class C. Class C systems are defined as having discretionary protection and are also required to have a level of mandatory protection. Mandatory protection refers to access control that is enforced by the system, rather than by the owner of the resource.
Therefore, the correct answer to the question is A. C. Class C is defined in the TCSEC as having discretionary protection. Classes A and B do not have discretionary protection, while Class D is defined as minimal protection.