Which of the following is not a method to protect objects and the data within the objects?
A.
Layering
B.
Data mining
C.
Abstraction
D.
Data hiding
Explanation:
Data mining is used to reveal hidden relationships, patterns and trends by running queries on large data stores.
Data mining is the act of collecting and analyzing large quantities of information to determine patterns of use or
behavior and use those patterns to form conclusions about past, current, or future behavior. Data mining is
typically used by large organizations with large databases of customer or consumer behavior. Retail and credit
companies will use data mining to identify buying patterns or trends in geographies, age groups, products, or
services. Data mining is essentially the statistical analysis of general information in the absence of specific
data. The following are incorrect answers: They are incorrect as they all apply to Protecting Objects and the
data within them. Layering, abstraction and data hiding are related concepts that can work together to produce
modular software that implements an organizations security policies and is more reliable in operation. Layering
is incorrect. Layering assigns specific functions to each layer and communication between layers is only
possible through well-defined interfaces. This helps preclude tampering in violation of security policy. Incomputer programming, layering is the organization of programming into separate functional components that
interact in some sequential and hierarchical way, with each layer usually having an interface only to the layer
above it and the layer below it. Abstraction is incorrect. Abstraction “hides” the particulars of how an object
functions or stores information and requires the object to be manipulated through well-defined interfaces that
can be designed to enforce security policy. Abstraction involves the removal of characteristics from an entity in
order to easily represent its essential properties. Data hiding is incorrect. Data hiding conceals the details of
information storage and manipulation within an object by only exposing well defined interfaces to the
information rather than the information itself. For example, the details of how passwords are stored could be
hidden inside a password object with exposed interfaces such as check_password, set_password, etc. When a
password needs to be verified, the test password is passed to the check_password method and a boolean
(true/false) result is returned to indicate if the password is correct without revealing any details of how/where the
real passwords are stored. Data hiding maintains activities at different security levels to separate these levels
from each other.
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition
((ISC)2 Press) (Kindle Locations 27535-27540). Auerbach Publications. Kindle Edition.
Hernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press)
(Kindle Locations 4269-4273). Auerbach Publications. Kindle Edition.