Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise






2. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?






3. Permits a database to have two records that are identical except for Their classifications






4. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.






5. Can be erased - modified and upgraded.






6. Which in the Orange Book ratings represents the highest level of trust?






7. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.






8. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.






9. The reserved hard drive space used to Extend RAM capabilities. Windows system use the pagefile.sys file to reserve this space






10. As per FDA data should be ______________________________.






11. Contains an Address of where the instruction and dara reside that need to be processed.






12. The security kernel is the mechanism that _____________ of the reference monitor concept.






13. Remaining parts of the operating system






14. The Orange book requires protection against two_____________ - which are these Timing and Storage






15. Which describe a condition when RAM and Secondary storage are used together?






16. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?






17. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?






18. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.






19. Succesfully Evaluated products are placed on?






20. Using TPs (Transformation Procedures) to modify CDIs (Constrained Data) items is refered to as Well-Formed transaction






21. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.






22. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.






23. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.






24. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.






25. Based on a known address with an offset value applied.






26. Contains the beginning address






27. Operating System Kernel






28. Individual subjects must be uniquely identified.






29. Subjects and Objects cannot change their security levels once they have been instantiated (created)






30. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities






31. Minimal Security






32. Which would be designated as objects on a MAC system?






33. When a computer uses more than one CPU in parallel to execute instructions is known as?






34. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.






35. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.






36. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?






37. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.






38. Happen because input data is not checked for appropriate length at time of input






39. When a vendor submits a product for evaluation - it submits it to the ____________.






40. The total combination of protection mechanisms within a computer system






41. What is called the formal acceptance of the adequacy of a system's overall security by management?






42. A1 is also called "Verified Design" and requires formal verification of the design and specifications.






43. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?






44. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.






45. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when






46. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.






47. Bell-LaPadula model was proposed for enforcing access control in _____________________.






48. Each data object must contain a classification label and each subject must have a clearance label.






49. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.






50. The combination of RAM - Cache and the Processor Registers