TCSEC Class for Discretionary Protection

D.

C1 involves discretionary protection, C2 involves controlled access protection, B1 involves labeled security protection and B2 involves structured protection.

Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

The Trusted Computer System Evaluation Criteria (TCSEC) is a set of guidelines and standards that were developed by the United States Department of Defense to evaluate the security of computer systems. The TCSEC is also known as the Orange Book.

The TCSEC defines several classes of security, ranging from D to A, with D being the lowest and A being the highest. Each class has a set of requirements that must be met in order for a system to be evaluated at that level.

Discretionary protection is a type of access control mechanism that allows the owner or administrator of a resource to determine who can access that resource. This type of protection is often used in systems where different users have different levels of clearance or access rights.

Of the four classes mentioned in the question, only two (C1 and C2) actually provide for discretionary protection.

C1 is the second-lowest class in the TCSEC, and it requires that a system provide discretionary access control (DAC). DAC allows the owner or administrator of a resource to specify who can access that resource and what actions they are allowed to perform on it.

C2 is the next highest class in the TCSEC, and it also requires that a system provide DAC. In addition, it requires that the system enforce mandatory access control (MAC) policies, which are rules that govern how information can flow between different security levels in a system.

Therefore, the correct answer to the question is C1. However, it's worth noting that C2 also provides for discretionary protection.