SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle
Mandatory access control
Firmware
Cache Memory
Complex Instruction Set Computers (CISC)
2. In Access Control terms it means to be higher than or equal to. In the Bell-Lapadula Model - this is refered to as the dominance relation - which is the relationship of the subject's clearance to the object's classification
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
3. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.
Invocation Property
A Domain
The Biba Model
Trusted hardware - Software and Firmware
4. The Orange book does NOT Cover ________________ - And Database management systems
Isolate processes
Higher or equal to access class
Networks and Communications
D
5. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.
Orange Book interpretations
The Trusted Computing Base (TCB)
The Security Kernel
C2 - Controlled Access Protection
6. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.
Need-to-know
Controlling unauthorized downgrading of information
Process isolation
Attributable - original - accurate - contemporaneous and legible
7. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.
Accreditation
The Trusted Computing Base (TCB)
No read up
Clark-Wilson Model
8. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
Dominate the object's sensitivity label
In C2 - Controlled Access Protection environment
Security Policy - Orange Book
B1
9. All users have a clearance for and a formal need to know about - all data processed with the system.
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Virtual storage
Dedicated Security Mode
Prevent secret information from being accessed
10. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.
Swap Space
B3
Continuous protection - O/B
No write down
11. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.
Totality of protection mechanisms
A Domain
Physical security
NOT Integrity
12. TCB contains The Security Kernel and all ______________.
security protection mechanisms
The Red Book
The Simple Security Property
Division B - Mandatory Protection
13. What does the simple security (ss) property mean in the Bell-LaPadula model?
The Monolithic Operation system Architecture
The National Computer Security Center (NCSC)
No read up
Clark-Wilson Model
14. Levels of Security and Levels of Trust Lower Letters of the alphabet represent higher levels of security. Higher numbers indicate a greater level of trust.
State machine model
Thrashing
Orange Book ratings
A Domain
15. What does the simple integrity axiom mean in the Biba model?
C2 - Controlled Access Protection
No read down
Security mechanisms and evalautes their effectivenes
C1 - Discrection Security Protection is a type of environment
16. Access control labels must be associated properly with objects.
Accountability - Orange Book
The Integrity of data within applications
Basic Security Theorem (used in computer science) definition
Labels - Orange Book
17. Certification is a Technical review that assesses the _____________ - where as Accreditation is management's Official acceptance of the information in the Certification process findings.
Direct Addressing
C2 - Controlled Access Protection
Security mechanisms and evalautes their effectivenes
Constrained
18. The Biba Model adresses _____________________.
C1
B1 - Labeled Security
The Integrity of data within applications
In C2 - Controlled Access Protection environment
19. Bell-LaPadula Model -______________: A subject in a given security level can NOT WRITE information to a LOWER security level.
The security perimeter
A single classification and a Compartment Set
The trustworthiness of an information system
The *-Property rule (Star property)
20. Data in Cache can be accessed much more quickly than Data
Labels - Orange Book
A Limit Register (Memory Management)
Trusted Products Evaluation Program (TPEP)
Stored in Reak Memory
21. Which describe a condition when RAM and Secondary storage are used together?
A1 - Rating
Erasable and Programmable Read-Only Memory (EPROM)
Virtual storage
The National Computer Security Center (NCSC)
22. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
Networks and Communications
attributability
A Thread
The Biba Model
23. The subject must have Need to Know for ONLY the information they are trying to access.
Enforces the rules
System High Security Mode
Multitasking
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
24. For a subject to have read access to an object in a Multi-Level Security Policy - it is necessary that the subject's sensitivity label must ____________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
25. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.
Relative Addresses
The security perimeter
C2 - Controlled Access Protection
Simple Security Rule
26. Contains the beginning address
Orange Book ratings
A Base Register (Memory Management)
Labels - Orange Book
The Thread (memory Management)
27. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain
Orange Book interpretations
Security Policy is clearly defined and documented
Constrained
Identification - Orange Book
28. Applications and user activity
Disclosure of residual data
Isolate processes
Ring 3
Files - directories and devices
29. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.
Trusted Products Evaluation Program (TPEP)
The Simple Security Property
Basic Security Theorem (used in computer science) definition
The Integrity of data within applications
30. Individual subjects must be uniquely identified.
B2
Types of covert channels
Cache Memory
Identification - Orange Book
31. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.
C1
The "No read Up" rule
Multilevel Security Policies
C1 - Discretionary Security Protection
32. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system
Evaluated separately
Accountability - Orange Book
Documentation - Orange Book
The Monolithic Operation system Architecture
33. Mandatory Protection
The reference monitor
Orange Book B
No read down
Security Policy is clearly defined and documented
34. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use
The National Computer Security Center (NCSC)
Examples of Layered Operating Systems
A1 - Rating
Files - directories and devices
35. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.
Examples of Layered Operating Systems
The Integrity of data within applications
Access control to the objects by the subjects
First evaluation class
36. Mandatory Access requires that _____________ be attached to all objects.
No read down
Ring 2
Sensitivity labels
A security domain
37. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Evaluated separately
Firmware
The Thread (memory Management)
Dedicated Security Mode
38. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
The Trusted Computing Base (TCB)
Controls the checks
Documentation - Orange Book
Ring 3
39. Which can be used as a covert channel?
Storage and timing
Invocation Property
Division B - Mandatory Protection Architecture
Orange Book - B2
40. Used by Windows systems to reserve the "Swap Space"
Pagefile.sys file
Pipelining
Trusted facility management
Thrashing
41. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
A and B
Swap Space
Orange Book interpretations
B1
42. Permits a database to have two records that are identical except for Their classifications
Models concerned with integrity
Polyinstantiation
Subject to Object Model
A1 - Rating
43. In both the Bell-LaPadula and Biba Models if the word "* or Star is used - _______________.
C1
C1 - Discretionary Security Protection
The Rule is talking about writing
A Limit Register (Memory Management)
44. Discretionary protection
Orange Book C
Orange Book A
International Standard 15408
State machine model
45. The combination of RAM - Cache and the Processor Registers
Identification - Orange Book
Administrative declaration
Primary storage
Accountability - Orange Book
46. Operating System Kernel
Ring 0
Trusted Distribution
Orange Book - B2
Disclosure of residual data
47. Which Orange Book evaluation level is described as "Verified Design"?
The Strong star property rule
Orange Book C
Virtual Memory
A1
48. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?
B3
State machine model
Disclosure of residual data
In C2 - Controlled Access Protection environment
49. In access control terms - the word "dominate" refers to ___________.
Higher or equal to access class
B3 - Security Domains
C2 - Controlled Access Protection
Multilevel Security Policies
50. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
B2 rating
The *-Property rule (Star property)
The TCSEC - Aka Orange Book
The Evaluated Products List (EPL) with their corresponding rating
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests