SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The Reserved hard drive space used to to extend RAM capabilites.
A and B
The Red Book
Evaluated separately
Swap Space
2. Contains an Address of where the instruction and dara reside that need to be processed.
Trusted Distribution
Life-cycle assurance - O/B
The Thread (memory Management)
Multilevel Security Policies
3. The Red Book aka Trusted Network Interpretation (TNI) - provides _________________ for Trusted computer and communications network systems under the areas of assurance requirements
C2 - Controlled Access Protection
The security perimeter
Orange Book interpretations
Accreditation
4. A Policy based control. All objects and systems have a sensitivity level assigned to them
Cache Memory
Mandatory Access Control (MAC)
Secondary Storage
Swap Space
5. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
Simple Security Rule
Invocation Property
Discretionary Security Property (ds-property)
No write down
6. When the contents of the address defined in the program's instruction is added to that of an index register.
Primary storage
B2 rating
Indexed addressing
A Layered Operating System Architecure
7. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.
Overt channel
Orange Book ratings
Indexed addressing
attributability
8. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.
Execution Domain
Trusted facility management
A and B
Certification
9. Which uses Protection Profiles and Security Targets?
B2 - Structured Protection
Disclosure of residual data
International Standard 15408
The Integrity of data within applications
10. As per FDA data should be ______________________________.
State machine model
Highly secure systems (B2 - B3 and A1)
Orange Book A
Attributable - original - accurate - contemporaneous and legible
11. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu
D
Security Policy is clearly defined and documented
Clark-Wilson
Division B - Mandatory Protection Architecture
12. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs
Multitasking
Secondary Storage
Examples of Layered Operating Systems
Division C - Discretionary Protection
13. Should always trace to individuals responsible for observing and recording the data
The security perimeter
Attributable data
Direct Addressing
A security domain
14. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
Dedicated Security Mode
Logical addresses
The reference monitor
Orange Book - B2
15. The total combination of protection mechanisms within a computer system
TCB (Trusted Computing Base)
Division D - Minimal Protection
Access Matrix model
Ring 3
16. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.
Be protected from modification
State machine model
Erasable and Programmable Read-Only Memory (EPROM)
The security perimeter
17. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
B3
C1
Life Cycle Assurance Requirement
The Clark Wilson integrity model
18. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
The Security Kernel
The TCSEC - Aka Orange Book
C2
C1 - Discretionary Security Protection
19. Audit data must be captured and protected to enforce accountability
Accountability - Orange Book
Invocation Property
Fail safe
Constrained
20. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
B3
Prohibits
The Integrity of data within applications
Swap Space
21. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
Life-cycle assurance - O/B
Mandatory access control
Multiprocessing
C2 - Controlled Access Protection
22. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
Overt channel
In C2 - Controlled Access Protection environment
Virtual storage
Controls the checks
23. Which describe a condition when RAM and Secondary storage are used together?
C1 - Discrection Security Protection is a type of environment
Fail safe
C2
Virtual storage
24. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
A Base Register (Memory Management)
Evaluated separately
Real storage
B2 rating
25. The C2 evaluation class of the _________________ offers controlled access protection.
Simple Security Rule
Trusted Network Interpretation (TNI)
B3 - Security Domains
Division B - Mandatory Protection
26. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.
NOT Integrity
Orange Book ratings
The *-Property rule (Star property)
Buffer overflows
27. Which Orange Book evaluation level is described as "Discretionary Security Protection"?
Life Cycle Assurance Requirement
Assigned labels
C1
A lattice of Intergrity Levels
28. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?
Dedicated Security Mode
security protection mechanisms
Fail safe
All Mandatory Access Control (MAC) systems
29. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
The security kernel
Its classification label (Top Secret - Secret or confidential)
Prohibits
The security perimeter
30. Applications and user activity
Division B - Mandatory Protection Architecture
Ring 3
The National Computer Security Center (NCSC)
Division D - Minimal Protection
31. Using TPs (Transformation Procedures) to modify CDIs (Constrained Data) items is refered to as Well-Formed transaction
Division D - Minimal Protection
Clark-Wilson Model
Higher or equal to access class
C2
32. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
Examples of Layered Operating Systems
A1 - Rating
Clark-Wilson
Assigned labels
33. TCB contains The Security Kernel and all ______________.
security protection mechanisms
attributability
Government and military applications
Relative Addresses
34. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
A security kernel
Overt channel
Complex Instruction Set Computers (CISC)
Orange Book - B3
35. According to the Orange Book - trusted facility management is not required for which security levels?
*-Integrity Axiom
Models concerned with integrity
B1
Programmable Read-Only Memory (PROM)
36. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.
Subject to Object Model
Security Policy is clearly defined and documented
Indirect addressing
Life Cycle Assurance Requirement
37. The Simple Security rule is refered to as______________.
The Monolithic Operation system Architecture
Its classification label (Top Secret - Secret or confidential)
The "No read Up" rule
Prohibits
38. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
Overt channel
Absolute addresses
The *-Property rule (Star property)
Polyinstantiation
39. The Biba Model adresses _____________________.
Polyinstantiation
Ring 3
The Integrity of data within applications
Security rating B
40. Mediates all access and Functions between subjects and objects.
Discretionary Security Property (ds-property)
The Security Kernel
Invocation Property
Pagefile.sys file
41. A1 is also called "Verified Design" and requires formal verification of the design and specifications.
Direct Addressing
Orange Book - A1
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Need-to-know
42. System Architecture that separates system functionality into Hierarchical layers
Orange Book - B2
Trusted hardware - Software and Firmware
A Layered Operating System Architecure
An abstract machine
43. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.
Files - directories and devices
Continuous protection - O/B
Administrative declaration
Higher or equal to access class
44. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
Orange Book - A1
Division D - Minimal Protection
Enforces the rules
Direct addressing
45. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
Division C - Discretionary Protection
An abstract machine
Virtual Memory
A and B
46. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.
Reduced Instruction Set Computers (RISC)
Attributable - original - accurate - contemporaneous and legible
B3 - Rating
The Evaluated Products List (EPL) with their corresponding rating
47. Subjects and Objects cannot change their security levels once they have been instantiated (created)
The rule is talking about "Reading"
The Tranqulity principle (The Bell-LaPadula Model)
Most commonly used approach
Controls the checks
48. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.
Clark-Wilson Model
Physical security
Ring 3
Secondary Storage
49. What does the simple security (ss) property mean in the Bell-LaPadula model?
No read up
Orange Book - B2
Attributable data
Highly secure systems (B2 - B3 and A1)
50. Trusted facility management is an assurance requirement only for ________________.
The trustworthiness of an information system
Reduced Instruction Set Computers (RISC)
D
Highly secure systems (B2 - B3 and A1)
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests