Explanation/Reference:
Explanation:
Public Key describes a system that uses certificates or the underlying public key cryptography on which the system is based.
In the traditional public key model, clients are issued credentials or "certificates" by a Certificate Authority (CA). The CA is a trusted third party. Public key certificates contain the user's name, the expiration date of the certificate etc. The most common certificate format is X.509. Public key credentials in the form of certificates and public-private key pairs can provide a strong distributed authentication system.
The Kerberos and public key trust models are very similar. A Kerberos ticket is analogous to a public key certificate (a Kerberos ticket is supplied to provide access to resources). However, Kerberos tickets usually have lifetimes measured in days or hours rather than months or years.
Incorrect Answers:
A: Kerberos tickets do not actually contain public keys. They use symmetric cryptography which uses one shared key instead of asymmetric cryptography which uses public-private key pairs.
B: Kerberos tickets do not contain private keys. They use symmetric cryptography which uses one shared key instead of asymmetric cryptography which uses public-private key pairs.
D: Private-key certificates are always kept by the authentication provider; they are never distributed to subjects that require access to resources. The public key is given to the subject to provide access to a resource in a similar way to a Kerberos ticket.
References:
Tipton, Harold F. and Micki Krause, Information Security Management Handbook, 5th Edition, Auerbach Publications, Boca Raton, 2006, p. 1438

RC5 is a symmetric encryption algorithm. It is a block cipher of variable block length,
encrypts through integer addition, the application of a bitwise Exclusive OR (XOR), and variable
rotations.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten
Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 153).

Host-based IDSs normally utilize information sources of two types, operating system audit trails, and system logs. Operating system audit trails are usually generated at the innermost (kernel) level of the operating system, and are therefore more detailed and better protected than system logs. However, system logs are much less obtuse and much smaller than audit trails, and are furthermore far easier to comprehend. Some host-based IDSs are designed to support a centralized IDS management and reporting infrastructure that can allow a single management console to track many hosts. Others generate messages in formats that are compatible with network management systems.

Explanation/Reference:
Explanation:
The Brewer and Nash model, also called the Chinese Wall model, was created to provide access controls that can change dynamically depending upon a user's previous actions. The main goal of the model is to protect against conflicts of interest by users' access attempts.
Under the Brewer and Nash model, company sensitive information is categorized into mutually disjointed conflict-of-interest categories. If you have access to one set of data, you cannot access the other sets of data.
Incorrect Answers:
A: The Biba model deals with integrity. It does not use dynamically changing permissions.
C: The Graham-Denning model shows how subjects and objects should be securely created and deleted.
It also addresses how to assign specific access rights. It does not use dynamically changing permissions.
D: The Clark-Wilson model deals with integrity. It does not use dynamically changing permissions.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 383