SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
B3
Polyinstantiation
Prohibits
The "No read Up" rule
2. Mandatory Protection
Orange Book B
Logical addresses
Certification
The TCSEC - Aka Orange Book
3. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.
Absolute addresses
Complex Instruction Set Computers (CISC)
Programmable Read-Only Memory (PROM)
A lattice of Intergrity Levels
4. Simpler instructions that require fewer clock cycles to execute.
Reduced Instruction Set Computers (RISC)
Clark-Wilson Model
Real storage
Virtual Memory
5. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle
Integrity
'Dominate'
Multiprocessing
Complex Instruction Set Computers (CISC)
6. What is called the formal acceptance of the adequacy of a system's overall security by management?
The Rule is talking about writing
Accreditation
Dedicated Security Mode
Dedicated Security Mode
7. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)
Firmware
Polyinstantiation
Direct Addressing
The Rule is talking about writing
8. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma
Prohibits
Ring 0
Discretionary Security Property (ds-property)
attributability
9. Execute one instruction at a time.
Trusted hardware - Software and Firmware
Scalar processors
Erasable and Programmable Read-Only Memory (EPROM)
The National Computer Security Center (NCSC)
10. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
Mandatory Access Control (MAC)
No read up
B2 rating
State machine model
11. Which is an ISO standard product evaluation criteria that supersedes several different criteria
Examples of Layered Operating Systems
The Common Criteria
Identification - Orange Book
Thrashing
12. The Orange book requires protection against two_____________ - which are these Timing and Storage
Examples of Layered Operating Systems
Types of covert channels
Pagefile.sys file
The Rule is talking about writing
13. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.
Files - directories and devices
The rule is talking about "Reading"
Administrative declaration
Operational assurance requirements
14. Happen because input data is not checked for appropriate length at time of input
B3 - Security Domains
Multilevel Security Policies
The Common Criteria
Buffer overflows
15. The *-Property rule is refered to as ____________.
Disclosure of residual data
Division B - Mandatory Protection
The "No write Down" Rule
Models concerned with integrity
16. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
Multilevel Security Policies
Models concerned with integrity
Trusted hardware - Software and Firmware
Scalar processors
17. Permits a database to have two records that are identical except for Their classifications
Polyinstantiation
Need-to-know
The reference monitor
A1 - Rating
18. Verification Protection
Thrashing
Trusted Network Interpretation (TNI)
attributability
Orange Book A
19. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
Programmable Read-Only Memory (PROM)
An abstract machine
Files - directories and devices
Execution Domain
20. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
Life-cycle assurance - O/B
Subject to Object Model
Trusted Products Evaluation Program (TPEP)
Bell-LaPadula Model
21. Which can be used as a covert channel?
A Base Register (Memory Management)
Storage and timing
Orange Book A
System High Security Mode
22. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
The Strong star property rule
The Monolithic Operation system Architecture
A1 - Rating
C1 - Discretionary Security Protection
23. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.
Security Policy - Orange Book
Buffer overflows
Attributable - original - accurate - contemporaneous and legible
Covert channels
24. Security Labels are not required until __________; thus C2 does not require security labels but B1 does
A security kernel
Trusted hardware - Software and Firmware
Ring 0
Security rating B
25. Contains the beginning address
Files - directories and devices
Discretionary Security Property (ds-property)
Administrative declaration
A Base Register (Memory Management)
26. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu
Security Policy is clearly defined and documented
Indirect addressing
Simple Security Rule
Relative Addresses
27. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
Division D - Minimal Protection
Prevent secret information from being accessed
The security perimeter
Trusted facility management
28. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.
C1
Execution Domain
Virtual Memory
Accreditation
29. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.
International Standard 15408
Most commonly used approach
Orange Book C
Simple Security Rule
30. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
B3
Constrained
Orange Book interpretations
A and B
31. Bell-LaPadula model was proposed for enforcing access control in _____________________.
Mandatory access control
B1 - Labeled Security rating
Division B - Mandatory Protection
Government and military applications
32. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
B1
D
Multilevel Security Policies
The National Computer Security Center (NCSC)
33. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
attributability
A security kernel
Direct Addressing
The Thread (memory Management)
34. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
C2
*-Integrity Axiom
Orange Book C
B3 - Rating
35. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.
attributability
Need-to-know
Multitasking
B3
36. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs
Ring 1
Secondary Storage
Continuous protection - O/B
attributability
37. I/O drivers and utilities
Security rating B
Direct Addressing
Primary storage
Ring 2
38. A domain of trust that shares a single security policy and single management
In C2 - Controlled Access Protection environment
The Clark Wilson integrity model
A security domain
A1
39. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
Fail safe
Models concerned with integrity
Government and military applications
Controlling unauthorized downgrading of information
40. Which uses Protection Profiles and Security Targets?
The reference monitor
Orange Book - B3
Discretionary Security Property (ds-property)
International Standard 15408
41. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
Overt channel
Complex Instruction Set Computers (CISC)
Multitasking
The Simple Security Property
42. A system uses the Reference Monitor to ___________________ of a subject and an object?
Compare the security labels
Bell-LaPadula Model
Trusted Distribution
Discretionary Security Property (ds-property)
43. In the Bell-LaPadula Model the Object's Label contains ___________________.
Its classification label (Top Secret - Secret or confidential)
Attributable data
Access Matrix model
Constrained
44. TCB contains The Security Kernel and all ______________.
Division B - Mandatory Protection
Simple Integrity Axiom
security protection mechanisms
Subject to Object Model
45. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
Prevent secret information from being accessed
Reduced Instruction Set Computers (RISC)
Firmware
Real storage
46. Levels of Security and Levels of Trust Lower Letters of the alphabet represent higher levels of security. Higher numbers indicate a greater level of trust.
Orange Book ratings
A1 - Rating
Identification - Orange Book
Trusted hardware - Software and Firmware
47. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
Polyinstantiation
Indexed addressing
Certification
C1 - Discretionary Security Protection
48. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.
B3 - Rating
A security kernel
A1
First evaluation class
49. Bell-LaPadula Model -______________: A subject in a given security level can NOT WRITE information to a LOWER security level.
The "No write Down" Rule
The rule is talking about "Reading"
The *-Property rule (Star property)
Pagefile.sys file
50. Operating System Kernel
All Mandatory Access Control (MAC) systems
Ring 0
Orange Book - B2
Examples of Layered Operating Systems
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests