Orange Book Security Ratings | Exam SSCP: The Premier Security Administrator Certification

Reserved Security Rating for Evaluated Systems Failing Higher Criteria

Prev Question Next Question

Question

What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

B.

D or "minimal protection" is reserved for systems that were evaluated under the TCSEC but did not meet the requirements for a higher trust level.

A is incorrect.A or "Verified Protectection" is the highest trust level under the TCSEC.

E is incorrect.The trust levels are A - D so "E" is not a valid trust level.

F is incorrect.The trust levels are A - D so "F" is not a valid trust level.

CBK, pp.

329 - 330 - AIO3, pp.

302 - 306

The Orange Book is a publication of the U.S. Department of Defense that establishes a security evaluation criteria for computer systems, which is commonly referred to as the Trusted Computer System Evaluation Criteria (TCSEC). The Orange Book assigns a security rating to computer systems based on their level of security, with the highest rating being A and the lowest being F.

The Orange Book has five different security ratings, also known as divisions, that are defined as follows:

  • Division A: Systems that provide the highest level of security and are used for highly sensitive applications, such as national security systems.
  • Division B: Systems that provide mandatory protection mechanisms to enforce a security policy and are used for applications that require a high level of protection.
  • Division C: Systems that provide discretionary protection mechanisms to enforce a security policy and are used for applications that require moderate protection.
  • Division D: Systems that provide minimal security and are used for applications that require minimal protection.
  • Division E: Systems that have undergone a security evaluation but do not meet the criteria and requirements of the higher divisions.
  • Division F: Systems that have not undergone a security evaluation or have failed to meet the requirements of Division E.

Therefore, the correct answer to the question is C. Division E is the Orange Book security rating that is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.