Integrity

The Clark-Wilson model addresses integrity. It incorporates mechanisms to
enforce internal and external consistency, a separation of duty, and a mandatory integrity
policy.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security
Architectures and Models (page 205).

Identity-based Access control

An identity-based access control is a type of Discretionary Access Control
(DAC) that is based on an individual's identity.
DAC is good for low level security environment. The owner of the file decides who has
access to the file.
If a user creates a file, he is the owner of that file. An identifier for this user is placed in the
file header and/or in an access control matrix within the operating system.
Ownership might also be granted to a specific individual. For example, a manager for a
certain department might be made the owner of the files and resources within her
department. A system that uses discretionary access control (DAC) enables the owner of
the resource to specify which subjects can access specific resources.
This model is called discretionary because the control of access is based on the discretion
of the owner. Many times department managers, or business unit managers , are the owners of the data within their specific department. Being the owner, they can specify who
should have access and who should not.
Reference(s) used for this question:
Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 220). McGraw-
Hill . Kindle Edition.

 Bell-LaPadula

Bell LaPadula model (Bell 1975): The granularity of objects and subjects is
not predefined, but the model prescribes simple access rights. Based on simple access
restrictions the Bell LaPadula model enforces a discretionary access control policy
enhanced with mandatory rules. Applications with rigid confidentiality requirements and
without strong integrity requirements may properly be modeled.
These simple rights combined with the mandatory rules of the policy considerably restrict
the spectrum of applications which can be appropriately modeled.
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
Also check:
Proceedings of the IFIP TC11 12th International Conference on Information Security,
Samos (Greece), May 1996, On Security Models.

 Extensible Authentication Protocol

RFC 2828 (Internet Security Glossary) defines the Extensible Authentication
Protocol as a framework that supports multiple, optional authentication mechanisms for
PPP, including cleartext passwords, challenge-response, and arbitrary dialog sequences. It
is intended for use primarily by a host or router that connects to a PPP network server via
switched circuits or dial-up lines. The Remote Authentication Dial-In User Service
(RADIUS) is defined as an Internet protocol for carrying dial-in user's authentication
information and configuration information between a shared, centralized authentication
server and a network access server that needs to authenticate the users of its network
access ports. The other option is a distracter.
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.

Bell-LaPadula model

The Bell-LAPadula model is also called a multilevel security system because
users with different clearances use the system and the system processes data with
different classifications. Developed by the US Military in the 1970s.
A security model maps the abstract goals of the policy to information system terms by specifying explicit data structures and techniques necessary to enforce the security policy.
A security model is usually represented in mathematics and analytical ideas, which are
mapped to system specifications and then developed by programmers through
programming code. So we have a policy that encompasses security goals, such as “each
subject must be authenticated and authorized before accessing an object.” The security
model takes this requirement and provides the necessary mathematical formulas,
relationships, and logic structure to be followed to accomplish this goal.
A system that employs the Bell-LaPadula model is called a multilevel security system
because users with different clearances use the system, and the system processes data at
different classification levels. The level at which information is classified determines the
handling procedures that should be used. The Bell-LaPadula model is a state machine
model that enforces the confidentiality aspects of access control. A matrix and security
levels are used to determine if subjects can access different objects. The subject’s
clearance is compared to the object’s classification and then specific rules are applied to
control how subject-to-object subject-to-object interactions can take place.Reference(s) used for this question:
Harris, Shon (2012-10-25). CISSP All-in-One Exam Guide, 6th Edition (p. 369). McGraw-
Hill. Kindle Edition.

Installing the Remote Access Server outside the firewall and forcing legitimate users to
authenticate to the firewall.

Containing the dial-up problem is conceptually easy: by installing the Remote
Access Server outside the firewall and forcing legitimate users to authenticate to the
firewall, any access to internal resources through the RAS can be filtered as would any
other connection coming from the Internet. The use of a TACACS+ Server by itself cannot eliminate hacking.
Setting a modem ring count to 5 may help in defeating war-dialing hackers who look for
modem by dialing long series of numbers.
Attaching modems only to non-networked hosts is not practical and would not prevent
these hosts from being hacked.
Source: STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000,
Chapter 2: Hackers.

Database views

The Answer: Database views; Database views are mechanisms that restrict
access to the information that a user can access in a database.Source: KRUTZ, Ronald L.
& VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer
Security, 2001, John Wiley & Sons, Page 35.
Wikipedia has a detailed explantion as well:
In database theory, a view is a virtual or logical table composed of the result set of a query.
Unlike ordinary tables (base tables) in a relational database, a view is not part of the
physical schema: it is a dynamic, virtual table computed or collated from data in the
database. Changing the data in a table alters the data shown in the view.
Views can provide advantages over tables;
They can subset the data contained in a table
They can join and simplify multiple tables into a single virtual table
Views can act as aggregated tables, where aggregated data (sum, average etc.) are
calculated and presented as part of the data
Views can hide the complexity of data, for example a view could appear as Sales2000 or
Sales2001, transparently partitioning the actual underlying table
Views do not incur any extra storage overhead
Depending on the SQL engine used, views can provide extra security.
Limit the exposure to which a table or tables are exposed to outer world
Just like functions (in programming) provide abstraction, views can be used to create
abstraction. Also, just like functions, views can be nested, thus one view can aggregate
data from other views. Without the use of views it would be much harder to normalise
databases above second normal form. Views can make it easier to create lossless join
decomposition.

 Most RADIUS servers can work with DIAMETER servers

This is the correct answer because it is FALSE.
Diameter is an AAA protocol, AAA stands for authentication, authorization and accounting
protocol for computer networks, and it is a successor to RADIUS.
The name is a pun on the RADIUS protocol, which is the predecessor (a diameter is twice
the radius).
The main differences are as follows:
Reliable transport protocols (TCP or SCTP, not UDP)
The IETF is in the process of standardizing TCP Transport for RADIUS
Network or transport layer security (IPsec or TLS)
The IETF is in the process of standardizing Transport Layer Security for RADIUS
Transition support for RADIUS, although Diameter is not fully compatible with RADIUS
Larger address space for attribute-value pairs (AVPs) and identifiers (32 bits instead of 8
bits)
Client–server protocol, with exception of supporting some server-initiated messages as well
Both stateful and stateless models can be used
Dynamic discovery of peers (using DNS SRV and NAPTR)
Capability negotiation
Supports application layer acknowledgements, defines failover methods and state
machines (RFC 3539)
Error notification
Better roaming support
More easily extended; new commands and attributes can be defined Aligned on 32-bit boundaries
Basic support for user-sessions and accounting
A Diameter Application is not a software application, but a protocol based on the Diameter
base protocol (defined in RFC 3588). Each application is defined by an application identifier
and can add new command codes and/or new mandatory AVPs. Adding a new optional
AVP does not require a new application.
Examples of Diameter applications:
Diameter Mobile IPv4 Application (MobileIP, RFC 4004)
Diameter Network Access Server Application (NASREQ, RFC 4005)
Diameter Extensible Authentication Protocol (EAP) Application (RFC 4072)
Diameter Credit-Control Application (DCCA, RFC 4006)
Diameter Session Initiation Protocol Application (RFC 4740) Various applications in the 3GPP IP Multimedia Subsystem
All of the other choices presented are true. So Diameter is backwork compatible with
Radius (to some extent) but the opposite is false.
Reference(s) used for this question:
TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th
Edition, Volume 2, 2001, CRC Press, NY, Page 38.
and
https://secure.wikimedia.org/wikipedia/en/wiki/Diameter_%28protocol%29

Passwords are more vulnerable to brute force and dictionary attacks.

Users tend to choose easier to remember passwords. System-generated
passwords can provide stronger, harder to guess passwords. Since they are based on
rules provided by the administrator, they can include combinations of uppercase/lowercase
letters, numbers and special characters, making them less vulnerable to brute force and
dictionary attacks. One danger is that they are also harder to remember for users, who will
tend to write them down, making them more vulnerable to anyone having access to the
user's desk. Another danger with system-generated passwords is that if the passwordgenerating
algorithm gets to be known, the entire system is in jeopardy.
Source: RUSSEL, Deborah & GANGEMI, G.T. Sr., Computer Security Basics, O'Reilly,
July 1992 (page 64).

Availability

Denial of service attacks obviously affect availability of targeted systems.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3:
Telecommunications and Network Security (page 61).