I was just going through these one last time, and noticed a huge mistake in the TCSEC explanation. Quoted from the transcript on Security Architecture & Design Part 2:
"So from D we go up, and what we do is we go up and we go from C2 to C1.
And we'll kind of scroll up.A nd so, as we go up the chain, right? We go from low to high, C2 is not as secure as C1.
C2 is right above D, C1 is going to be considered more secure than C2 is.
And then, we have B3, B2, B1, kind of go up that way. Right, so just being aware of this and thinking about this.
So the idea as we go up is that [COUGH] we ultimately get up to A.And so when we get to A, verified protection, this is like an A1 system.
A1 is the most secure.
So go from C2 to C1, C1 being more secure."
The protections don't flow from C3 to C2 to C1, with C1 being the highest for Discretionary Protections. The correct flow is D1, C1 > C2, B1 > B2 > B3 > A1, all inheriting protections from the previous protections within their category.
Quoting from page 17 of the DoD 5200.28-STD - http://csrc.nist.gov/publications/history/dod85.pdf
CLASS (C2): CONTROLLED ACCESS PROTECTION
**Systems in this class enforce a more finely grained discretionary access
control than (C1) systems**, making users individually accountable for their
actions through login procedures, auditing of security-relevant events, and
resource isolation. The following are minimal requirements for systems
assigned a class (C2) rating"*
This shows that C2 is a higher protection rating than C1.
I figured I would point this out as it could lead to a incorrect understanding for the exam and missed questions.