A shipping company that is trying to eliminate entire classes of threats is developing an SELinux policy to ensure its custom Android devices are used exclusively for package tracking.
After compiling and implementing the policy, in which of the following modes must the company ensure the devices are configured to run?
B
Reference:
https://source.android.com/security/selinux/customize
Had my second thoughts with this one, but it's enforcing for sure guys. The same question appears in Mark Birch's CAS-004 certification guide book: A distribution company is attempting to harden its security posture regarding mobile devices. To secure the dedicated Android devices that are used in the warehouse, the company has developed SELinux policies. Security engineers have compiled and implemented the policy. Before deploying the Android devices to the warehouse staff, which mode should the devices be configured for? A.Disabled B.Permissive C.Enforcing D. Preventing C. Enforcing. To run an SElinux policy and make Mandatory Access Control (MAC) effective, the systems must be powered up in enforced mode. See Chapter 9, Enterprise Mobility and Endpoint Security Controls.
I think that it is Enforcing mode
I think we are missing the point that the policy is still developing and is not a final production. you want to run in Permissive to create logs and data to adjust the policy. If you set to enforcing with a bad policy it could cause issues with the shipping company. Security measures say to run enforcing but only when a good policy is set in place in this case it is not an approved policy
Their own explanation contradicts the default answer. Line 9 says remove permissive. I will select C. Enforcing.
Enforcing turns on MAC. Otherwise, it is either logging or disabled Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)
C. Enforcing When configuring SELinux, the two main modes are Enforcing and Permissive. In Enforcing mode, SELinux strictly enforces the defined policies and denies any actions that violate those policies. This mode provides the highest level of security. In contrast, Permissive mode still logs violations but does not enforce the policies. It allows actions that would normally be denied, which can be useful for troubleshooting or testing without disrupting the system. In this scenario, the shipping company wants to eliminate entire classes of threats and ensure that their custom Android devices are used exclusively for package tracking. To achieve this, the company should configure the devices to run in Enforcing mode, where SELinux will actively enforce the policies defined in the custom SELinux policy, providing the highest level of protection against unauthorized actions and potential threats.
Enforcing: in this setting the SELinux security policy is enforced Permissive: in this setting, SE linux prints warding messages of enforcing hte security policy disabled: in this setting, no se linux policy is loaded Got that from the Cert Guide. I believe it is enforcing
The company should ensure that the devices are configured to run in "Enforcing" mode after compiling and implementing the SELinux policy. In "Enforcing" mode, SELinux enforces the policy rules and denies any actions that violate the policy. This mode helps ensure that the devices are used exclusively for package tracking, as specified in the policy, and provides a high level of security.
I want to agree with the "developing" argument. I am dissuaded by the final line in the question. "After compiling and IMPLEMENTING..." I agree that it is enforcing.
Protecting: This is not a standard mode in SELinux terminology. SELinux operates in either Enforcing or Permissive mode, so "Protecting" is not a valid option for configuring SELinux. Permissive: In Permissive mode, SELinux policies are not enforced. Instead, SELinux logs the actions that would have been denied if the system were in Enforcing mode. This mode is typically used for debugging or policy development, not for production environments where security is a concern. Running in Permissive mode does not provide the necessary protection to ensure that the custom Android devices are used exclusively for package tracking because it does not actively block unauthorized actions. Mandatory: While SELinux itself is a form of mandatory access control (MAC), "Mandatory" is not a configuration mode for SELinux. The standard modes are Enforcing and Permissive. "Mandatory" might be a concept within the broader scope of access control policies, but it is not specific to SELinux mode settings
Protecting: This is not a standard SELinux mode. Permissive: SELinux policies are not enforced. Instead, violations are logged, allowing administrators to review what actions would have been blocked without actually blocking them. Enforcing: SELinux policies are enforced, meaning unauthorized actions are denied according to the defined policies. Mandatory: This is not a standard SELinux mode, although SELinux itself is a form of mandatory access control (MAC).
Answer: C. Enforcing Explanation: SELinux (Security-Enhanced Linux) is a Linux kernel security module that provides a mechanism for supporting access control security policies. It operates in three modes: Enforcing, Permissive, and Disabled. In the Enforcing mode, the policy is actively enforced and any actions not explicitly allowed by the policy are blocked and logged. This is the mode the shipping company should use if they want to ensure their custom Android devices are used exclusively for package tracking, as it will prevent any actions not permitted by the policy. The Permissive mode is used for troubleshooting and logs violations of the policy but does not enforce it, allowing actions even if they are not permitted by the policy. The Disabled mode turns off SELinux functionality altogether. Therefore, to eliminate entire classes of threats and ensure the devices are used exclusively for package tracking, the company should configure the devices to run in the Enforcing mode.
C is the right one in my opinion touch me at <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="284547444451064f495a5c4d4668475d5c44474743064b4745">[email protected]</a> to get all questions
In SELinux (Security-Enhanced Linux), after compiling and implementing a policy, the company must ensure that the devices are configured to run in: C. Enforcing mode
Enforcing - denies violations Permissive - Logs violations No need to really dig deeper into these two different modes for SELinux.
Enforcing is the default, and recommended, mode of operation; in enforcing mode SELinux operates normally, enforcing the loaded security policy on the entire system. In Permissive , the system acts as if SELinux is enforcing the loaded security policy, including labeling objects and emitting access denial entries in the logs, but it does not actually deny any operations. While not recommended for production systems, permissive mode can be helpful for SELinux policy development. According to the definitions above, Permissive can be helpful for SELinux policy development but is not recommended for production systems. IMO, the key to the question is "After compiling and implementing the policy, in which of the following modes must the company ensure the devices are configured to run?" While I am not 100% positive, I would assume the answer is C. Enforcing as Permissive is not recommended for production systems.
Going with B. - Permissive. SELinux policy is created and implemented and then read number 7. in the explanation. Permissive setting allows for results to be analyzed without taking down the world. Make adjustments, where necessary, then enforce (production).