Non-Discretionary Access Control

Non Discretionary Access Control include Role Based Access Control
(RBAC) and Rule Based Access Control (RBAC or RuBAC). RABC being a subset of
NDAC, it was easy to eliminate RBAC as it was covered under NDAC already.
Some people think that RBAC is synonymous with NDAC but RuBAC would also fall into
this category.
Discretionary Access control is for environment with very low level of security. There is no
control on the dissemination of the information. A user who has access to a file can copy
the file or further share it with other users.
Rule Based Access Control is when you have ONE set of rules applied uniformly to all
users. A good example would be a firewall at the edge of your network. A single rule based
is applied against any packets received from the internet.
Mandatory Access Control is a very rigid type of access control. The subject must dominate
the object and the subject must have a Need To Know to access the information. Objects have labels that indicate the sensitivity (classification) and there is also categories to
enforce the Need To Know (NTK).
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33.

Bell-LaPadula

The Computer Security Policy Model Orange Book is based is the Bell-
LaPadula Model. Orange Book Glossary.
The Data Encryption Standard (DES) is a cryptographic algorithm. National Information
Security Glossary.
TEMPEST is related to limiting the electromagnetic emanations from electronic equipment.
Reference: U.S. Department of Defense, Trusted Computer System Evaluation Criteria
(Orange Book), DOD 5200.28-STD. December 1985 (also available here).

Reliability and utility

Availability assures that a system's authorized users have timely and
uninterrupted access to the information in the system. The additional access control
objectives are reliability and utility. These and other related objectives flow from the
organizational security policy. This policy is a high-level statement of management intent
regarding the control of access to information and the personnel who are authorized to
receive that information. Three things that must be considered for the planning and
implementation of access control mechanisms are the threats to the system, the system's
vulnerability to these threats, and the risk that the threat may materialize
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 32.

 Confidentiality

The Bell-LaPadula model is a formal model dealing with confidentiality.
The Bell–LaPadula Model (abbreviated BLP) is a state machine model used for enforcing
access control in government and military applications. It was developed by David Elliott
Bell and Leonard J. LaPadula, subsequent to strong guidance from Roger R. Schell to
formalize the U.S. Department of Defense (DoD) multilevel security (MLS) policy. The
model is a formal state transition model of computer security policy that describes a set of
access control rules which use security labels on objects and clearances for subjects.
Security labels range from the most sensitive (e.g."Top Secret"), down to the least sensitive
(e.g., "Unclassified" or "Public").
The Bell–LaPadula model focuses on data confidentiality and controlled access to
classified information, in contrast to the Biba Integrity Model which describes rules for the
protection of data integrity. In this formal model, the entities in an information system are
divided into subjects and objects.
The notion of a "secure state" is defined, and it is proven that each state transition
preserves security by moving from secure state to secure state, thereby inductively proving
that the system satisfies the security objectives of the model. The Bell–LaPadula model is built on the concept of a state machine with a set of allowable states in a computer network
system. The transition from one state to another state is defined by transition functions.
A system state is defined to be "secure" if the only permitted access modes of subjects to
objects are in accordance with a security policy. To determine whether a specific access
mode is allowed, the clearance of a subject is compared to the classification of the object
(more precisely, to the combination of classification and set of compartments, making up
the security level) to determine if the subject is authorized for the specific access mode.The clearance/classification scheme is expressed in terms of a lattice. The model defines
two mandatory access control (MAC) rules and one discretionary access control (DAC) rule
with three security properties:
The Simple Security Property - a subject at a given security level may not read an object at
a higher security level (no read-up).
The -property (read "star"-property) - a subject at a given security level must not write to
any object at a lower security level (no write-down). The -property is also known as the
Confinement property.
The Discretionary Security Property - use of an access matrix to specify the discretionary
access control.
The following are incorrect answers:
Accountability is incorrect. Accountability requires that actions be traceable to the user thatperformed them and is not addressed by the Bell-LaPadula model.
Integrity is incorrect. Integrity is addressed in the Biba model rather than Bell-Lapadula.
Availability is incorrect. Availability is concerned with assuring that data/services are
available to authorized users as specified in service level objectives and is not addressed
by the Bell-Lapadula model.
References:
CBK, pp. 325-326
AIO3, pp. 279 - 284
AIOv4 Security Architecture and Design (pages 333 - 336)
AIOv5 Security Architecture and Design (pages 336 - 338)
Wikipedia at https://en.wikipedia.org/wiki/Bell-La_Padula_model

A. Kerberos does not address availability

The question was asking for a TRUE statement and the only correct
statement is "Kerberos does not address availability".
Kerberos addresses the confidentiality and integrity of information. It does not directly
address availability.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control
systems (page 42).

a user ID and static password for network access

For networked applications, the Terminal Access Controller Access Control
System (TACACS) employs a user ID and a static password for network access.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 44.

Preventative Controls

In the Operations Security domain, Preventative Controls are designed to
prevent unauthorized intruders from internally or externally accessing the system, and to
lower the amount and impact of unintentional errors that are entering the system.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 217.

you are.

Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation

 David Bell and Leonard LaPadula

It was David Bell and Leonard LaPadula who, in 1973, first described the
DoD multilevel military security policy in abstract, formal terms. The Bell-LaPadula is a
Mandatory Access Control (MAC) model concerned with confidentiality. Rivest, Shamir and
Adleman (RSA) developed the RSA encryption algorithm. Whitfield Diffie and Martin
Hellman published the Diffie-Hellman key agreement algorithm in 1976. David Clark and
David Wilson developed the Clark-Wilson integrity model, more appropriate for security in
commercial activities.
Source: RUSSEL, Deborah & GANGEMI, G.T. Sr., Computer Security Basics, O'Reilly,
July 1992 (pages 78,109).

SESAME

Secure European System for Applications in a Multi-vendor Environment
(SESAME) was developed to address some of the weaknesses in Kerberos and uses
public key cryptography for the distribution of secret keys and provides additional access
control support.
Reference:
TIPTON, Harold, Official (ISC)2 Guide to the CISSP CBK (2007), page 184.
ISC OIG Second Edition, Access Controls, Page 111

passphrase

A passphrase is a sequence of characters that is usually longer than the
allotted number for a password.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, page 37.

 Continuous authentication

Continuous authentication is a type of authentication that provides protection
against impostors who can see, alter, and insert information passed between the claimant
and verifier even after the claimant/verifier authentication is complete. These are typically
referred to as active attacks, since they assume that the imposter can actively influence the
connection between claimant and verifier. One way to provide this form of authentication is
to apply a digital signature algorithm to every bit of data that is sent from the claimant to the
verifier. There are other combinations of cryptography that can provide this form of
authentication but current strategies rely on applying some type of cryptography to every bit
of data sent. Otherwise, any unprotected bit would be suspect. Robust authentication relies
on dynamic authentication data that changes with each authenticated session between a
claimant and a verifier, but does not provide protection against active attacks. Encrypted authentication is a distracter.
Source: GUTTMAN, Barbara & BAGWILL, Robert, NIST Special Publication 800-xx,
Internet Security Policy: A Technical Guide, Draft Version, May 25, 2000 (page 34).