Exam CAS-004 topic 1 question 218 discussion

Mandatory Access Control (MAC) Mandatory Access Control (MAC) is based on the idea of security clearance levels. Rather than defining ACLs on resources, each object and each subject is granted a clearance level, referred to as a label. If the model used is a hierarchical one (that is, high clearance users are trusted to access low clearance objects), subjects are only permitted to access objects at their own clearance level or below. The labelling of objects and subjects takes place using pre-established rules. The critical point is that these rules cannot be changed by any subject account, and are therefore non-discretionary. Also, a subject is not permitted to change an objectʼs label or to change his or her own label.

I'm going to say Security Awareness Training. NDA covers the legal ramifications of disclosure of information, not relevant. MAC is a technical control based on clearance levels and preventing unauthorized users from accessing information. However, logical controls are already in place. In addition, the concern is on compromising of systems. NIPS do not apply as it is airgapped. Security Awareness Training can better educate users which may be how incidents are occurring causing compromise of air-gapped systems.

Going with B. Security awareness training relies on compliance and is less effective against determined malicious insiders or sophisticated attacks compared to MAC, simply put, It's an administrative control. Mandatory Access Control enforces system-wide security policies that cannot be easily bypassed by users or determined human adversaries with access to the air-gapped environment.

Given physical and logical access is already restricted to a select few, Awareness Training would be best option to reduce data exposure.

D. Security awareness training: Ensure that all personnel, including high-privilege users, are well-informed about the risks and best practices for handling sensitive information. Training can help mitigate risks associated with human error, insider threats or being part of a social engineering attack. Why not B (MAC): Because in environments air-gapped where administrators and approved personnel have high privileges, implementing Mandatory Access Control (MAC) may not fully address the issue if these users are granted extensive permissions.

MAC. Here is why, Mandatory access control: This is the most effective option because it enforces strict access policies based on predefined security labels and user roles. This approach ensures that only authorized personnel can access sensitive data, which is crucial in an air-gapped environment where data exposure must be minimized. D. Security awareness training: While this is important for informing employees about security policies and potential threats, it relies on human behavior and may not be sufficient alone to control access to sensitive data. Overall, implementing mandatory access control helps ensure that only authorized individuals have the necessary permissions to access sensitive systems and data, thereby significantly reducing the risk of data exposure in a highly controlled environment.

D as B and A are probably in place.

In an air-gapped environment with limited physical and logical access, implementing Mandatory Access Control (MAC) is the best strategy to reduce the risks of data exposure. MAC enforces strict access controls based on the sensitivity of the information and the clearance level of the users, ensuring that only authorized individuals can access sensitive data. This approach provides a robust technical solution to protect against data breaches and unauthorized access.

B. Mandatory access control Mandatory access control (MAC) enforces restrictions on data access based on the security level assigned to users and the sensitivity of the information they are trying to access. It ensures that only authorized individuals can access specific data, even in highly restricted environments like air-gapped locations. This strategy complements the existing restrictions on physical and logical access and provides an additional layer of protection against unauthorized data exposure.

I'm going with security awareness training. Question 211 discussion makes a good case for training to also be the answer here.

It's D. Mandatory Access Control. Just because they have good physical security doesn't stop someone without need to know from accessing the data. MAC would prevent that.

the question says "BEST" just because you have training education programs doesn't mean employees are going fail to human error. You want to primarily focus on physical devices and protocols. Training should ALWAYS be last when implementing and enhancing security

Physical and logical access is already controlled, so MAC is a useless answer. Because the systems are already so secure and air-gapped, the only way to move forward from here is to use Security Awareness Training. D.

BEST strategy! What is the largest vulnerability in security... humans. Train your humans or bad things will happen.

CompTIA CertMaster: Mandatory Access Control (MAC) is based on the idea of security clearance levels. Rather than defining ACLs on resources, each object and each subject is granted a clearance level, referred to as a label. If the model used is a hierarchical one (that is, high clearance users are trusted to access low clearance objects), subjects are only permitted to access objects at their own clearance level or below. The labelling of objects and subjects takes place using pre-established rules. The critical point is that these rules cannot be changed by any subject account, and are therefore non-discretionary. Also, a subject is not permitted to change an object's label or to change his or her own label.

After reviewing this again, it has to be Security Awareness Training. The system is limited to few staffs with specific roles. what is the need for MAC again when it is already limited to a niche? Well i will take the exam this thursday, and i al selecting "Security Awareness Training"