No read up

The ss (simple security) property of the Bell-LaPadula access control model
states that reading of information by a subject at a lower sensitivity level from an object at a
higher sensitivity level is not permitted (no read up).
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security
Architectures and Models (page 202).

No write up

The (star) integrity axiom of the Biba access control model states that an
object at one level of integrity is not permitted to modify an object of a higher level of
integrity (no write up).
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security
Architectures and Models (page 205).

No read down

The simple integrity axiom of the Biba access control model states that a
subject at one level of integrity is not permitted to observe an object of a lower integrity (no
read down).
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security
Architectures and Models (page 205).

Confidentiality, integrity, and availability.

Controlling access to information systems and associated networks is
necessary for the preservation of their confidentiality, integrity and availability.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 31.

It relies on two independent proofs of identity.

The Answer: It relies on two independent proofs of identity. Two-factor
authentication refers to using two independent proofs of identity, such as something the
user has (e.g. a token card) and something the user knows (a password). Two-factor
authentication may be used with single sign-on.
The following answers are incorrect: It requires two measurements of hand geometry.
Measuring hand geometry twice does not yield two independent proofs.
It uses the RSA public-key signature based on integers with large prime factors. RSA
encryption uses integers with exactly two prime factors, but the term "two-factor
authentication" is not used in that context.
It does not use single sign-on technology. This is a detractor. The following reference(s) were/was used to create this question:
Shon Harris AIO v.3 p.129
ISC2 OIG, 2007 p. 126

Kerberos uses a database to keep a copy of all users' public keys.

Kerberos is a trusted, credential-based, third-party authentication protocol
that uses symmetric (secret) key cryptography to provide robust authentication to clients
accessing services on a network.
One weakness of Kerberos is its Key Distribution Center (KDC), which represents a single
point of failure.
The KDC contains a database that holds a copy of all of the symmetric/secret keys for the
principals.
Reference(s) used for this question:
KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control
systems (page40).

Photoelectric sensor

A photoelectric sensor does not "directly" sense motion there is a narrow
beam that won't set off the sensor unless the beam is broken. Photoelectric sensors, along
with dry contact switches, are a type of perimeter intrusion detector.
All of the other answers are valid types of motion detectors types.
The content below on the different types of sensors is from Wikepedia:
Indoor Sensors
These types of sensors are designed for indoor use. Outdoor use would not be advised
due to false alarm vulnerability and weather durability.Passive infrared detectors                                                                                                                                              

C:\Users\MCS\Desktop\1.jpg
Passive Infrared Sensor
The passive infrared detector (PIR) is one of the most common detectors found in
household and small business environments because it offers affordable and reliable
functionality. The term passive means the detector is able to function without the need to
generate and radiate its own energy (unlike ultrasonic and microwave volumetric intrusion
detectors that are “active” in operation). PIRs are able to distinguish if an infrared emitting
object is present by first learning the ambient temperature of the monitored space and then
detecting a change in the temperature caused by the presence of an object. Using the
principle of differentiation, which is a check of presence or nonpresence, PIRs verify if an
intruder or object is actually there. Creating individual zones of detection where each zone
comprises one or more layers can achieve differentiation. Between the zones there are
areas of no sensitivity (dead zones) that are used by the sensor for comparisonUltrasonic detectors
Using frequencies between 15 kHz and 75 kHz, these active detectors transmit ultrasonic
sound waves that are inaudible to humans. The Doppler shift principle is the underlying
method of operation, in which a change in frequency is detected due to object motion. This
is caused when a moving object changes the frequency of sound waves around it. Two
conditions must occur to successfully detect a Doppler shift event:
There must be motion of an object either towards or away from the receiver.
The motion of the object must cause a change in the ultrasonic frequency to the receiver
relative to the transmitting frequency.
The ultrasonic detector operates by the transmitter emitting an ultrasonic signal into the
area to be protected. The sound waves are reflected by solid objects (such as the
surrounding floor, walls and ceiling) and then detected by the receiver. Because ultrasonic
waves are transmitted through air, then hard-surfaced objects tend to reflect most of the
ultrasonic energy, while soft surfaces tend to absorb most energy. When the surfaces are stationary, the frequency of the waves detected by the receiver will
be equal to the transmitted frequency. However, a change in frequency will occur as a
result of the Doppler principle, when a person or object is moving towards or away from the
detector. Such an event initiates an alarm signal. This technology is considered obsolete by
many alarm professionals, and is not actively installed.
Microwave detectors
This device emits microwaves from a transmitter and detects any reflected microwaves or
reduction in beam intensity using a receiver. The transmitter and receiver are usually
combined inside a single housing (monostatic) for indoor applications, and separate
housings (bistatic) for outdoor applications. To reduce false alarms this type of detector is
usually combined with a passive infrared detector or "Dualtec" alarm.
Microwave detectors respond to a Doppler shift in the frequency of the reflected energy, by
a phase shift, or by a sudden reduction of the level of received energy. Any of these effects
may indicate motion of an intruder. Photo-electric beams
Photoelectric beam systems detect the presence of an intruder by transmitting visible or
infrared light beams across an area, where these beams may be obstructed. To improve
the detection surface area, the beams are often employed in stacks of two or more.
However, if an intruder is aware of the technology's presence, it can be avoided. The
technology can be an effective long-range detection system, if installed in stacks of three or
more where the transmitters and receivers are staggered to create a fence-like barrier. Systems are available for both internal and external applications. To prevent a clandestine
attack using a secondary light source being used to hold the detector in a 'sealed' condition
whilst an intruder passes through, most systems use and detect a modulated light source.
Glass break detectors
The glass break detector may be used for internal perimeter building protection. When
glass breaks it generates sound in a wide band of frequencies. These can range from
infrasonic, which is below 20 hertz (Hz) and can not be heard by the human ear, through
the audio band from 20 Hz to 20 kHz which humans can hear, right up to ultrasonic, which
is above 20 kHz and again cannot be heard. Glass break acoustic detectors are mounted
in close proximity to the glass panes and listen for sound frequencies associated with glass
breaking. Seismic glass break detectors are different in that they are installed on the glass
pane. When glass breaks it produces specific shock frequencies which travel through the
glass and often through the window frame and the surrounding walls and ceiling. Typically,
the most intense frequencies generated are between 3 and 5 kHz, depending on the type
of glass and the presence of a plastic interlayer. Seismic glass break detectors “feel” these
shock frequencies and in turn generate an alarm condition.
The more primitive detection method involves gluing a thin strip of conducting foil on the
inside of the glass and putting low-power electrical current through it. Breaking the glass is
practically guaranteed to tear the foil and break the circuit.
Smoke, heat, and carbon monoxide detectors
                                                                                                                

C:\Users\MCS\Desktop\1.jpg
Heat Detection System
Most systems may also be equipped with smoke, heat, and/or carbon monoxide detectors.
These are also known as 24 hour zones (which are on at all times). Smoke detectors and
heat detectors protect from the risk of fire and carbon monoxide detectors protect from the
risk of carbon monoxide. Although an intruder alarm panel may also have these detectors
connected, it may not meet all the local fire code requirements of a fire alarm system. Other types of volumetric sensors could be:
Active Infrared
Passive Infrared/Microware combined
Radar
Accoustical Sensor/Audio
Vibration Sensor (seismic)
Air Turbulence

 Preventive/Administrative Pairing

Soft Control is another way of referring to Administrative control.
Technical and Physical controls are NOT soft control, so any choice listing them was not
the best answer.
Preventative/Technical is incorrect because although access control can be technical
control, it is commonly not referred to as a "soft" control
Preventative/Administrative is correct because access controls are preventative in nature. it
is always best to prevent a negative event, however there are times where controls might
fail and you cannot prevent everything. Administrative controls are roles, responsibilities,
policies, etc which are usually paper based. In the administrative category you would find
audit, monitoring, and security awareness as well.
Preventative/Physical pairing is incorrect because Access controls with an emphasis on
"soft" mechanisms conflict with the basic concept of physical controls, physical controls are
usually tangible objects such as fences, gates, door locks, sensors, etc...Detective/Administrative Pairing is incorrect because access control is a preventative
control used to control access, not to detect violations to access.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34.

Role-based access control

The underlying problem for a company with a lot of turnover is assuring that
new employees are assigned the correct access permissions and that those permissions
are removed when they leave the company.
Selecting the best answer requires one to think about the access control options in the
context of a company with a lot of flux in the employee population. RBAC simplifies the task
of assigning permissions because the permissions are assigned to roles which do not
change based on who belongs to them. As employees join the company, it is simply a
matter of assigning them to the appropriate roles and their permissions derive from their
assigned role. They will implicitely inherit the permissions of the role or roles they have
been assigned to. When they leave the company or change jobs, their role assignment is
revoked/changed appropriately.
Mandatory access control is incorrect. While controlling access based on the clearence
level of employees and the sensitivity of obects is a better choice than some of the other
incorrect answers, it is not the best choice when RBAC is an option and you are looking for
the best solution for a high number of employees constantly leaving or joining the
company.
Lattice-based access control is incorrect. The lattice is really a mathematical conceptthat is
used in formally modeling information flow (Bell-Lapadula, Biba, etc). In the context of the question, an abstract model of information flow is not an appropriate choice. CBK, pp. 324-
325.
Discretionary access control is incorrect. When an employee joins or leaves the company,
the object owner must grant or revoke access for that employee on all the objects they
own. Problems would also arise when the owner of an object leaves the company. The
complexity of assuring that the permissions are added and removed correctly makes this
the least desirable solution in this situation.
References
Alll in One, third edition page 165
RBAC is discussed on pp. 189 through 191 of the ISC(2) guide.

authentication

The Answer: authentication. Kerberos is an authentication service. It can use
single-factor or multi-factor authentication methods.
The following answers are incorrect:
non-repudiation. Since Kerberos deals primarily with symmetric cryptography, it does not
help with non-repudiation.
confidentiality. Once the client is authenticated by Kerberos and obtains its session key and
ticket, it may use them to assure confidentiality of its communication with a server;
however, that is not a Kerberos service as such.
authorization. Although Kerberos tickets may include some authorization information, the
meaning of the authorization fields is not standardized in the Kerberos specifications, and
authorization is not a primary Kerberos service.The following reference(s) were/was used to create this question:
ISC2 OIG,2007 p. 179-184
Shon Harris AIO v.3 152-155