Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma






2. Which TCSEC level first addresses object reuse?






3. Which describe a condition when RAM and Secondary storage are used together?






4. For a subject to have read access to an object in a Multi-Level Security Policy - it is necessary that the subject's sensitivity label must ____________________.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


5. The Orange book requires protection against two_____________ - which are these Timing and Storage






6. The security kernel is the mechanism that _____________ of the reference monitor concept.






7. What access control technique is also known as multilevel security?






8. TCSEC provides a means to evaluate ______________________.






9. Involves sharing the processor amoung all ready processes






10. TCB contains The Security Kernel and all ______________.






11. A set of objects that a subject is able to access






12. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.






13. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)






14. Which in the Orange Book ratings represents the highest level of trust?






15. Which Orange Book evaluation level is described as "Discretionary Security Protection"?






16. Using TPs (Transformation Procedures) to modify CDIs (Constrained Data) items is refered to as Well-Formed transaction






17. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.






18. Minimal Security






19. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?






20. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise






21. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.






22. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.






23. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.






24. Remaining parts of the operating system






25. Applications and user activity






26. Levels of Security and Levels of Trust Lower Letters of the alphabet represent higher levels of security. Higher numbers indicate a greater level of trust.






27. Used by Windows systems to reserve the "Swap Space"






28. The Reserved hard drive space used to to extend RAM capabilites.






29. System Architecture that separates system functionality into Hierarchical layers






30. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.






31. Users need to be Identified individually to provide more precise acces control and auditing functionality.






32. What are the components of an object's sensitivity label?






33. The Physical memory address that the CPU uses






34. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?






35. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle






36. Based on a known address with an offset value applied.






37. When a computer uses more than one CPU in parallel to execute instructions is known as?






38. In the Bell-LaPadula Model the Object's Label contains ___________________.






39. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.






40. Happen because input data is not checked for appropriate length at time of input






41. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.






42. A1 is also called "Verified Design" and requires formal verification of the design and specifications.






43. The Bell-LaPadula model Subjects and Objects are ___________.






44. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.






45. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.






46. What model use an access control triples and requires that the system maintain separation of duty ?






47. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.






48. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.






49. The Availability - Integrity and confidentiality requirements of multitasking operating systems






50. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.