SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.
Execution Domain
A Thread
Trusted facility management
Identification - Orange Book
2. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs
Attributable - original - accurate - contemporaneous and legible
Security Policy - Orange Book
Secondary Storage
Trusted Products Evaluation Program (TPEP)
3. The Indexed memory addresses that software uses
Clark-Wilson Model
The Tranqulity principle (The Bell-LaPadula Model)
Sensitivity labels
Logical addresses
4. Mandatory Protection
Be protected from modification
Orange Book B
Fail safe
No read down
5. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.
Orange Book B
Isolate processes
Covert channels
Models concerned with integrity
6. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
B3 - Security Domains
Invocation Property
Totality of protection mechanisms
Overt channel
7. System Architecture that separates system functionality into Hierarchical layers
A Layered Operating System Architecure
Direct addressing
Dominate the object's sensitivity label
Ring 0
8. Mediates all access and Functions between subjects and objects.
Compare the security labels
The Security Kernel
The Tranqulity principle (The Bell-LaPadula Model)
Reduced Instruction Set Computers (RISC)
9. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.
Need-to-know
Buffer overflows
Trusted facility management
Simple Security Rule
10. In Access Control terms it means to be higher than or equal to. In the Bell-Lapadula Model - this is refered to as the dominance relation - which is the relationship of the subject's clearance to the object's classification
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
11. A set of objects that a subject is able to access
Orange Book A
Sensitivity labels
Life-cycle assurance - O/B
A Domain
12. The reserved hard drive space used to Extend RAM capabilities. Windows system use the pagefile.sys file to reserve this space
Protection Rings Support
Thrashing
Swap Space
Multilevel Security Policies
13. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.
C1 - Discrection Security Protection is a type of environment
Mandatory Access Control (MAC)
The Clark Wilson integrity model
Mandatory access control
14. The Biba Model adresses _____________________.
Assigned labels
Logical addresses
The Integrity of data within applications
A Thread
15. Individual subjects must be uniquely identified.
B3
State machine model
The Tranqulity principle (The Bell-LaPadula Model)
Identification - Orange Book
16. Another word for Primary storage and distinguishes physical memory from virtual memory.
A1 - Rating
Real storage
Security Policy
Virtual Memory
17. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.
B3 - Rating
No write down
Security mechanisms and evalautes their effectivenes
The security kernel
18. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
Thrashing
Certification
Be protected from modification
Reduced Instruction Set Computers (RISC)
19. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
Orange Book - B2
Disclosure of residual data
The Monolithic Operation system Architecture
In C2 - Controlled Access Protection environment
20. A domain of trust that shares a single security policy and single management
Evaluated separately
Government and military applications
A security domain
Indirect addressing
21. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
Enforces the rules
Buffer overflows
No read up
The security kernel
22. The TCB is the ________________ within a computer system that work together to enforce a security policy.
Isolate processes
TCB (Trusted Computing Base)
Totality of protection mechanisms
Storage and timing
23. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.
A lattice of Intergrity Levels
Division C - Discretionary Protection
The "No read Up" rule
TCB (Trusted Computing Base)
24. The *-Property rule is refered to as ____________.
Orange Book - B2
The "No write Down" Rule
Thrashing
The National Computer Security Center (NCSC)
25. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
Thrashing
Certification
Physical security
Higher or equal to access class
26. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object
B3 - Security Domains
Access control to the objects by the subjects
C2 - Controlled Access Protection
C2
27. Which uses Protection Profiles and Security Targets?
C1 - Discretionary Security Protection
Dedicated Security Mode
International Standard 15408
Its classification label (Top Secret - Secret or confidential)
28. Which TCSEC level first addresses object reuse?
All Mandatory Access Control (MAC) systems
C2
Dominate the object's sensitivity label
Division B - Mandatory Protection Architecture
29. Should always trace to individuals responsible for observing and recording the data
Polyinstantiation
Attributable data
The Thread (memory Management)
B2 rating
30. Which increases the performance in a computer by overlapping the steps of different instructions?
Ring 2
B3
Pipelining
Examples of Layered Operating Systems
31. Documentation must be provided - including test - design - and specification document - user guides and manuals
Documentation - Orange Book
Swap Space
Certification
The trustworthiness of an information system
32. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.
Swap Space
Types of covert channels
Physical security
Buffer overflows
33. The C2 evaluation class of the _________________ offers controlled access protection.
Trusted Network Interpretation (TNI)
Accountability - Orange Book
Ring 3
Assigned labels
34. Which in the Orange Book ratings represents the highest level of trust?
B1
C1 - Discrection Security Protection is a type of environment
B2
Ring 1
35. Mandatory access control is enfored by the use of security labels.
Division B - Mandatory Protection
Erasable and Programmable Read-Only Memory (EPROM)
Ring 1
Multitasking
36. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?
System High Security Mode
Disclosure of residual data
Multitasking
Certification
37. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
C1 - Discretionary Security Protection
Implement software or systems in a production environment
Dedicated Security Mode
Controlling unauthorized downgrading of information
38. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.
Operational assurance requirements
Need-to-know
State machine model
Trusted Distribution
39. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.
Prevent secret information from being accessed
Accountability - Orange Book
Orange Book - B2
Trusted Network Interpretation (TNI)
40. For a subject to have read access to an object in a Multi-Level Security Policy - it is necessary that the subject's sensitivity label must ____________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
41. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.
Programmable Read-Only Memory (PROM)
Process isolation
Secondary Storage
Orange Book interpretations
42. The Simple Security rule is refered to as______________.
Direct Addressing
Operational assurance requirements
The "No read Up" rule
Protection Rings Support
43. Security Labels are not required until __________; thus C2 does not require security labels but B1 does
No read up
System High Security Mode
B3
Security rating B
44. Components considered as part of the Trusted Computing Base (from the Orange Book) are?
Trusted hardware - Software and Firmware
Certification
All Mandatory Access Control (MAC) systems
*-Integrity Axiom
45. When the address location that is specified in the program instruction contains the address of the final desired location.
Accreditation
Primary storage
Thrashing
Indirect addressing
46. What access control technique is also known as multilevel security?
Documentation - Orange Book
Mandatory access control
Enforces the rules
The "No read Up" rule
47. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Orange Book - B1
Security Policy is clearly defined and documented
B2
48. Users need to be Identified individually to provide more precise acces control and auditing functionality.
C2 - Controlled Access Protection
Isolate processes
The Security Kernel
B1 - Labeled Security rating
49. Contains an Address of where the instruction and dara reside that need to be processed.
A security kernel
The Thread (memory Management)
Erasable and Programmable Read-Only Memory (EPROM)
A Thread
50. When a vendor submits a product for evaluation - it submits it to the ____________.
The National Computer Security Center (NCSC)
Highly secure systems (B2 - B3 and A1)
Primary storage
Dominate the object's sensitivity label