SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.
Trusted Distribution
Firmware
Clark-Wilson Model
Life Cycle Assurance Requirement
2. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
Logical addresses
Networks and Communications
B1 - Labeled Security rating
C1 - Discretionary Security Protection
3. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.
Continuous protection - O/B
No write down
Logical addresses
The *-Property rule (Star property)
4. Succesfully Evaluated products are placed on?
The Trusted Computing Base (TCB)
Continuous protection - O/B
The Evaluated Products List (EPL) with their corresponding rating
Buffer (temporary data storage area)
5. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.
Multilevel Security Policies
No write down
The Monolithic Operation system Architecture
A Limit Register (Memory Management)
6. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
Trusted Distribution
Primary storage
C1 - Discretionary Security Protection
All Mandatory Access Control (MAC) systems
7. In both the Bell-LaPadula and Biba Models if the word "* or Star is used - _______________.
The Rule is talking about writing
Cache Memory
Mandatory Access Control (MAC)
Identification - Orange Book
8. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.
C2
Enforces the rules
Indexed addressing
Basic Security Theorem (used in computer science) definition
9. Mandatory access control is enfored by the use of security labels.
Implement software or systems in a production environment
Multiprocessing
Division B - Mandatory Protection
Orange Book - B2
10. When the contents of the address defined in the program's instruction is added to that of an index register.
Cache Memory
The security kernel
Indexed addressing
Enforces the rules
11. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.
Constrained
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Simple Security Rule
Direct addressing
12. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
D
Attributable data
Constrained
Swap Space
13. When a vendor submits a product for evaluation - it submits it to the ____________.
Documentation - Orange Book
Clark-Wilson Model
The Biba Model
The National Computer Security Center (NCSC)
14. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
The Common Criteria
C2
Cache Memory
Types of covert channels
15. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.
Simple Security Rule
B1 - Labeled Security rating
Invocation Property
A Base Register (Memory Management)
16. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object
Secondary Storage
Trusted hardware - Software and Firmware
Access control to the objects by the subjects
Orange Book - A1
17. The Red Book aka Trusted Network Interpretation (TNI) - provides _________________ for Trusted computer and communications network systems under the areas of assurance requirements
Overt channel
Orange Book interpretations
Trusted Distribution
Disclosure of residual data
18. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.
Orange Book - B2
No write down
Primary storage
Trusted facility management
19. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
Relative Addresses
Division D - Minimal Protection
The reference monitor
Basic Security Theorem (used in computer science) definition
20. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Reduced Instruction Set Computers (RISC)
Models concerned with integrity
A security kernel
Evaluated separately
21. Each data object must contain a classification label and each subject must have a clearance label.
attributability
Trusted Products Evaluation Program (TPEP)
A1 - Rating
B1 - Labeled Security
22. Simpler instructions that require fewer clock cycles to execute.
Multiprocessing
The Evaluated Products List (EPL) with their corresponding rating
Reduced Instruction Set Computers (RISC)
Its classification label (Top Secret - Secret or confidential)
23. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
Security Policy - Orange Book
Mandatory access control
B3 - Security Domains
Labels - Orange Book
24. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain
Evaluated separately
Constrained
Dedicated Security Mode
Dedicated Security Mode
25. What does the Clark-Wilson security model focus on
Security Policy - Orange Book
Trusted Distribution
Integrity
Polyinstantiation
26. The Physical memory address that the CPU uses
Simple Security Rule
attributability
Absolute addresses
A and B
27. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
Mandatory Access Control (MAC)
All Mandatory Access Control (MAC) systems
Government and military applications
Orange Book A
28. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
No read up
Documentation - Orange Book
Clark-Wilson Model
Prevent secret information from being accessed
29. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards
Administrative declaration
The Common Criteria
Totality of protection mechanisms
C2 - Controlled Access Protection
30. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.
The rule is talking about "Reading"
B1
Administrative declaration
C2 - Controlled Access Protection
31. The assignment of a specific individual to administer the security-related functions of a system.
Complex Instruction Set Computers (CISC)
Labels - Orange Book
C2
Trusted facility management
32. Subjects and Objects cannot change their security levels once they have been instantiated (created)
Indexed addressing
The rule is talking about "Reading"
International Standard 15408
The Tranqulity principle (The Bell-LaPadula Model)
33. The total combination of protection mechanisms within a computer system
An abstract machine
Dedicated Security Mode
Files - directories and devices
TCB (Trusted Computing Base)
34. Which is a straightforward approach that provides access rights to subjects for objects?
Orange Book C
Its classification label (Top Secret - Secret or confidential)
Access Matrix model
A and B
35. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m
C2 - Controlled Access Protection
The "No read Up" rule
Direct addressing
D
36. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.
Division C - Discretionary Protection
Certification
State machine model
Assigned labels
37. The Orange book does NOT Cover ________________ - And Database management systems
Networks and Communications
A lattice of Intergrity Levels
Simple Integrity Axiom
Overt channel
38. The *-Property rule is refered to as ____________.
The "No write Down" Rule
A1
Prohibits
Attributable - original - accurate - contemporaneous and legible
39. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?
The Trusted Computing Base (TCB)
B3
TCB (Trusted Computing Base)
The Evaluated Products List (EPL) with their corresponding rating
40. Documentation must be provided - including test - design - and specification document - user guides and manuals
Documentation - Orange Book
B3
attributability
Division B - Mandatory Protection Architecture
41. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system
Security rating B
Isolate processes
Indexed addressing
Higher or equal to access class
42. Data in Cache can be accessed much more quickly than Data
Prohibits
Stored in Reak Memory
A Layered Operating System Architecure
B3
43. The Biba Model adresses _____________________.
The Integrity of data within applications
Primary storage
C2
Programmable Read-Only Memory (PROM)
44. What does the simple integrity axiom mean in the Biba model?
Pagefile.sys file
Covert channels
No read down
Clark-Wilson Model
45. Audit data must be captured and protected to enforce accountability
Orange Book - B3
Trusted facility management
Accountability - Orange Book
Erasable and Programmable Read-Only Memory (EPROM)
46. What are the components of an object's sensitivity label?
A single classification and a Compartment Set
The security perimeter
Accreditation
Types of covert channels
47. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.
Covert channels
Multiprocessing
C2 - Controlled Access Protection
The National Computer Security Center (NCSC)
48. Which is an ISO standard product evaluation criteria that supersedes several different criteria
No read up
Operational assurance requirements
Swap Space
The Common Criteria
49. Contains an Address of where the instruction and dara reside that need to be processed.
Access control to the objects by the subjects
The Thread (memory Management)
A1 - Rating
In C2 - Controlled Access Protection environment
50. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.
The TCSEC - Aka Orange Book
Orange Book - A1
The security perimeter
Indexed addressing
