SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In ______________ the subject must have: Need to Know for ALL the information contained within the system.
Dedicated Security Mode
First evaluation class
The rule is talking about "Reading"
International Standard 15408
2. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
Isolate processes
C2
Implement software or systems in a production environment
Protection Rings Support
3. Audit data must be captured and protected to enforce accountability
Scalar processors
Accountability - Orange Book
A1
A single classification and a Compartment Set
4. When the contents of the address defined in the program's instruction is added to that of an index register.
An abstract machine
C1 - Discrection Security Protection is a type of environment
The rule is talking about "Reading"
Indexed addressing
5. Which in the Orange Book ratings represents the highest level of trust?
B2
Storage and timing
The rule is talking about "Reading"
Dedicated Security Mode
6. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"
Ring 1
Need-to-know
All Mandatory Access Control (MAC) systems
Simple Integrity Axiom
7. Which Orange Book evaluation level is described as "Verified Design"?
B1
A1
Overt channel
Process isolation
8. The security kernel is the mechanism that _____________ of the reference monitor concept.
Enforces the rules
A security kernel
Types of covert channels
A Limit Register (Memory Management)
9. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.
An abstract machine
Covert channels
Buffer overflows
D
10. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
Trusted hardware - Software and Firmware
A Layered Operating System Architecure
Overt channel
Attributable - original - accurate - contemporaneous and legible
11. Which describe a condition when RAM and Secondary storage are used together?
Virtual storage
Dedicated Security Mode
B1
Basic Security Theorem (used in computer science) definition
12. Remaining parts of the operating system
Accountability - Orange Book
Files - directories and devices
Ring 1
The Rule is talking about writing
13. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)
The reference monitor
Higher or equal to access class
B3 - Security Domains
*-Integrity Axiom
14. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
B3
Mandatory Access Control (MAC)
B1 - Labeled Security
Storage and timing
15. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
The reference monitor
The "No read Up" rule
The security kernel
Accountability - Orange Book
16. The C2 evaluation class of the _________________ offers controlled access protection.
A Limit Register (Memory Management)
Trusted Network Interpretation (TNI)
Life Cycle Assurance Requirement
Covert channels
17. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
A lattice of Intergrity Levels
Thrashing
Orange Book - D
Direct Addressing
18. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.
The Integrity of data within applications
Direct addressing
A lattice of Intergrity Levels
Implement software or systems in a production environment
19. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.
Continuous protection - O/B
Trusted facility management
NOT Integrity
Orange Book - D
20. In the Bell-LaPadula Model the Object's Label contains ___________________.
A security kernel
Orange Book - B3
Its classification label (Top Secret - Secret or confidential)
Buffer overflows
21. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.
Physical security
Continuous protection - O/B
Swap Space
Subject to Object Model
22. Security Labels are not required until __________; thus C2 does not require security labels but B1 does
Security rating B
Pipelining
Trusted Network Interpretation (TNI)
Orange Book - B1
23. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
B2 - Structured Protection
Subject to Object Model
Labels - Orange Book
In C2 - Controlled Access Protection environment
24. The Bell-LaPadula Model is a _______________.
Security Policy
Subject to Object Model
Compare the security labels
The "No read Up" rule
25. The Biba Model adresses _____________________.
A Layered Operating System Architecure
The Integrity of data within applications
Subject to Object Model
Orange Book ratings
26. Which uses Protection Profiles and Security Targets?
TCB (Trusted Computing Base)
International Standard 15408
Controls the checks
The National Computer Security Center (NCSC)
27. Data in Cache can be accessed much more quickly than Data
Relative Addresses
Storage and timing
Stored in Reak Memory
Security Policy - Orange Book
28. The Orange book requires protection against two_____________ - which are these Timing and Storage
Indexed addressing
Types of covert channels
The National Computer Security Center (NCSC)
Be protected from modification
29. What does the Clark-Wilson security model focus on
Mandatory access control
Covert channels
Integrity
Simple Integrity Axiom
30. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
Dedicated Security Mode
Totality of protection mechanisms
The security perimeter
Virtual storage
31. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
A1
A Thread
Orange Book ratings
Models concerned with integrity
32. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.
B1
Execution Domain
Enforces the rules
The Biba Model
33. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
The Thread (memory Management)
A Thread
Trusted facility management
D
34. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
C1 - Discretionary Security Protection
A security domain
Mandatory Access Control (MAC)
Security Policy
35. When a vendor submits a product for evaluation - it submits it to the ____________.
Primary storage
The security perimeter
The National Computer Security Center (NCSC)
A Limit Register (Memory Management)
36. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
Enforces the rules
Security Policy - Orange Book
C2
A lattice of Intergrity Levels
37. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.
Execution Domain
Integrity
Programmable Read-Only Memory (PROM)
In C2 - Controlled Access Protection environment
38. The reserved hard drive space used to Extend RAM capabilities. Windows system use the pagefile.sys file to reserve this space
Overt channel
Swap Space
Evaluated separately
Fail safe
39. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
A Limit Register (Memory Management)
B3 - Rating
Certification
Orange Book - A1
40. When the RAM and secondary storage are combined the result is __________.
The Monolithic Operation system Architecture
Virtual Memory
The Clark Wilson integrity model
First evaluation class
41. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.
Trusted facility management
Continuous protection - O/B
Administrative declaration
Physical security
42. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.
Orange Book - B2
Access Matrix model
Polyinstantiation
Buffer (temporary data storage area)
43. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.
D
Prevent secret information from being accessed
The security perimeter
Bell-LaPadula Model
44. What prevents a process from accessing another process' data?
Process isolation
Division B - Mandatory Protection
The Simple Security Property
Programmable Read-Only Memory (PROM)
45. Contains the beginning address
The trustworthiness of an information system
A Limit Register (Memory Management)
Clark-Wilson Model
A Base Register (Memory Management)
46. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.
Life Cycle Assurance Requirement
Division C - Discretionary Protection
Access Matrix model
Real storage
47. An organization within the National Security Agency (NSA) is responsible for Evaluating computer systems and products. The Trusted Product Evaluation program (TPEP) oversees the testing by approved entities of commercial products against a specific s
B3 - Security Domains
The National Computer Security Center (NCSC)
Overt channel
The *-Property rule (Star property)
48. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards
Trusted Distribution
Administrative declaration
Direct Addressing
C1
49. What are the components of an object's sensitivity label?
Covert channels
Basic Security Theorem (used in computer science) definition
Orange Book C
A single classification and a Compartment Set
50. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
All Mandatory Access Control (MAC) systems
In C2 - Controlled Access Protection environment
The National Computer Security Center (NCSC)
Sensitivity labels