SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The security kernel is the mechanism that _____________ of the reference monitor concept.
Logical addresses
Buffer (temporary data storage area)
Enforces the rules
Indirect addressing
2. Subjects and Objects cannot change their security levels once they have been instantiated (created)
Clark-Wilson Model
Dedicated Security Mode
Higher or equal to access class
The Tranqulity principle (The Bell-LaPadula Model)
3. Minimal Security
The Simple Security Property
Ring 3
Orange Book - D
Isolate processes
4. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.
The Integrity of data within applications
Ring 1
Buffer (temporary data storage area)
C2
5. Simpler instructions that require fewer clock cycles to execute.
Labels - Orange Book
Reduced Instruction Set Computers (RISC)
C1 - Discrection Security Protection is a type of environment
A security kernel
6. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
The "No write Down" Rule
Absolute addresses
Models concerned with integrity
Attributable data
7. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
Overt channel
Evaluated separately
Primary storage
First evaluation class
8. The *-Property rule is refered to as ____________.
Erasable and Programmable Read-Only Memory (EPROM)
C1
International Standard 15408
The "No write Down" Rule
9. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.
The Biba Model
Its classification label (Top Secret - Secret or confidential)
B3 - Security Domains
The Thread (memory Management)
10. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system
The Monolithic Operation system Architecture
Orange Book - B3
Buffer overflows
Erasable and Programmable Read-Only Memory (EPROM)
11. For a subject to have read access to an object in a Multi-Level Security Policy - it is necessary that the subject's sensitivity label must ____________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
12. Certification is a Technical review that assesses the _____________ - where as Accreditation is management's Official acceptance of the information in the Certification process findings.
attributability
Security mechanisms and evalautes their effectivenes
B3 - Rating
The Strong star property rule
13. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
Attributable - original - accurate - contemporaneous and legible
An abstract machine
Division C - Discretionary Protection
Subject to Object Model
14. An organization within the National Security Agency (NSA) is responsible for Evaluating computer systems and products. The Trusted Product Evaluation program (TPEP) oversees the testing by approved entities of commercial products against a specific s
B3 - Security Domains
The Security Kernel
Multiprocessing
The National Computer Security Center (NCSC)
15. In the Bell-LaPadula Model the Subject's Label contains ___________________.
Security Policy
Subject to Object Model
Its Clearance Label (Top Secret - Secret - or Confidential)
Division D - Minimal Protection
16. When the contents of the address defined in the program's instruction is added to that of an index register.
Dedicated Security Mode
Ring 2
Operational assurance requirements
Indexed addressing
17. What does the * (star) property mean in the Bell-LaPadula model?
Highly secure systems (B2 - B3 and A1)
Execution Domain
B1 - Labeled Security
No write down
18. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
Relative Addresses
State machine model
Life Cycle Assurance Requirement
Orange Book - B3
19. Applications and user activity
security protection mechanisms
Mandatory access control
Ring 3
C1
20. Which can be used as a covert channel?
Types of covert channels
Real storage
First evaluation class
Storage and timing
21. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.
Labels - Orange Book
NOT Integrity
Scalar processors
Clark-Wilson
22. A system uses the Reference Monitor to ___________________ of a subject and an object?
Orange Book - B1
Compare the security labels
Access Matrix model
Attributable - original - accurate - contemporaneous and legible
23. Which would be designated as objects on a MAC system?
Access control to the objects by the subjects
C2 - Controlled Access Protection
Prevent secret information from being accessed
Files - directories and devices
24. The combination of RAM - Cache and the Processor Registers
Compare the security labels
Continuous protection - O/B
D
Primary storage
25. The assignment of a specific individual to administer the security-related functions of a system.
Certification
Trusted facility management
Orange Book - B2
Mandatory access control
26. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
Invocation Property
The Simple Security Property
Assigned labels
Division B - Mandatory Protection Architecture
27. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.
Pagefile.sys file
Orange Book - B1
Mandatory Access Control (MAC)
Orange Book - A1
28. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use
Examples of Layered Operating Systems
C1
Trusted facility management
The Trusted Computing Base (TCB)
29. What does the Clark-Wilson security model focus on
The National Computer Security Center (NCSC)
Integrity
No read down
Accountability - Orange Book
30. A subject at a given clearance may not read an object at a higher classification
The Simple Security Property
Clark-Wilson Model
Pagefile.sys file
The *-Property rule (Star property)
31. I/O drivers and utilities
Ring 2
Sensitivity labels
The security kernel
Overt channel
32. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
Multitasking
C2
Direct Addressing
Dedicated Security Mode
33. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
Protection Rings Support
The security perimeter
Subject to Object Model
No read up
34. The Reserved hard drive space used to to extend RAM capabilites.
Discretionary Security Property (ds-property)
Swap Space
B2 - Structured Protection
Identification - Orange Book
35. What model use an access control triples and requires that the system maintain separation of duty ?
Clark-Wilson
Reduced Instruction Set Computers (RISC)
Division B - Mandatory Protection Architecture
Ring 0
36. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
Thrashing
A security kernel
'Dominate'
B2 rating
37. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
System High Security Mode
Prohibits
Trusted facility management
B3
38. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?
Disclosure of residual data
Access Matrix model
International Standard 15408
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
39. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
Fail safe
Orange Book C
B3 - Security Domains
NOT Integrity
40. When the RAM and secondary storage are combined the result is __________.
NOT Integrity
Evaluated separately
Direct addressing
Virtual Memory
41. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.
Orange Book - B3
Covert channels
Orange Book - B2
Ring 0
42. The Biba Model adresses _____________________.
Be protected from modification
Orange Book - B2
Covert channels
The Integrity of data within applications
43. A Policy based control. All objects and systems have a sensitivity level assigned to them
Simple Security Rule
Mandatory Access Control (MAC)
Multiprocessing
Prohibits
44. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.
Continuous protection - O/B
Protection Rings Support
A lattice of Intergrity Levels
Basic Security Theorem (used in computer science) definition
45. What are the components of an object's sensitivity label?
A single classification and a Compartment Set
A Limit Register (Memory Management)
A Layered Operating System Architecure
Orange Book B
46. Happen because input data is not checked for appropriate length at time of input
Orange Book A
The Red Book
Buffer overflows
A Layered Operating System Architecure
47. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"
Simple Integrity Axiom
State machine model
The security perimeter
Orange Book - A1
48. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.
Orange Book B
B2 rating
A security domain
Multilevel Security Policies
49. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system
The Evaluated Products List (EPL) with their corresponding rating
Isolate processes
Dominate the object's sensitivity label
Multiprocessing
50. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m
Division B - Mandatory Protection Architecture
Programmable Read-Only Memory (PROM)
C2 - Controlled Access Protection
An abstract machine
