SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Happen because input data is not checked for appropriate length at time of input
Its Clearance Label (Top Secret - Secret - or Confidential)
Clark-Wilson Model
Buffer overflows
B1
2. A system uses the Reference Monitor to ___________________ of a subject and an object?
Cache Memory
Compare the security labels
Isolate processes
Real storage
3. Verification Protection
Orange Book - D
Most commonly used approach
Pipelining
Orange Book A
4. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
Identification - Orange Book
Mandatory Access Control (MAC)
Controlling unauthorized downgrading of information
B2 - Structured Protection
5. System Architecture that separates system functionality into Hierarchical layers
A Layered Operating System Architecure
Continuous protection - O/B
Swap Space
Division C - Discretionary Protection
6. Remaining parts of the operating system
Life-cycle assurance - O/B
The Biba Model
A Base Register (Memory Management)
Ring 1
7. A type of memory used for High-speed writing and reading activities.
Complex Instruction Set Computers (CISC)
A Domain
Cache Memory
Simple Integrity Axiom
8. Can be erased - modified and upgraded.
Execution Domain
Types of covert channels
Absolute addresses
Erasable and Programmable Read-Only Memory (EPROM)
9. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.
Need-to-know
A security domain
C2 - Controlled Access Protection
Security Policy is clearly defined and documented
10. Each data object must contain a classification label and each subject must have a clearance label.
Controlling unauthorized downgrading of information
Prevent secret information from being accessed
B1 - Labeled Security
International Standard 15408
11. Individual subjects must be uniquely identified.
The rule is talking about "Reading"
Identification - Orange Book
Swap Space
*-Integrity Axiom
12. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.
Attributable - original - accurate - contemporaneous and legible
B1 - Labeled Security rating
TCB (Trusted Computing Base)
Buffer (temporary data storage area)
13. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object
C2 - Controlled Access Protection
No write down
Access control to the objects by the subjects
B1 - Labeled Security rating
14. Applications and user activity
Ring 3
Compare the security labels
Division D - Minimal Protection
C1
15. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
Execution Domain
International Standard 15408
Models concerned with integrity
A Limit Register (Memory Management)
16. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.
Ring 2
The security perimeter
No write down
Direct addressing
17. A1 is also called "Verified Design" and requires formal verification of the design and specifications.
Orange Book - A1
No read up
Dedicated Security Mode
C1 - Discretionary Security Protection
18. Audit data must be captured and protected to enforce accountability
Accountability - Orange Book
B1
Operational assurance requirements
Certification
19. The Indexed memory addresses that software uses
No write down
Totality of protection mechanisms
Logical addresses
The Biba Model
20. TCSEC provides a means to evaluate ______________________.
Examples of Layered Operating Systems
The trustworthiness of an information system
B1 - Labeled Security rating
Networks and Communications
21. The group that oversees the processes of evaluation within TCSEC is?
The TCSEC - Aka Orange Book
Examples of Layered Operating Systems
Simple Security Rule
Trusted Products Evaluation Program (TPEP)
22. In ______________ the subject must have: Need to Know for ALL the information contained within the system.
Ring 0
Buffer overflows
Orange Book B
Dedicated Security Mode
23. In the Bell-LaPadula Model the Object's Label contains ___________________.
Access Matrix model
Files - directories and devices
Sensitivity labels
Its classification label (Top Secret - Secret or confidential)
24. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?
The TCSEC - Aka Orange Book
Orange Book - B1
B3 - Rating
Real storage
25. Which Orange Book evaluation level is described as "Verified Design"?
Dedicated Security Mode
Examples of Layered Operating Systems
The "No read Up" rule
A1
26. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma
Discretionary Security Property (ds-property)
C1 - Discretionary Security Protection
Accountability - Orange Book
Invocation Property
27. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.
A security domain
Operational assurance requirements
The security kernel
Orange Book - B2
28. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
Security mechanisms and evalautes their effectivenes
Ring 2
Multiprocessing
A Thread
29. In the Bell-LaPadula Model the Subject's Label contains ___________________.
Buffer overflows
Primary storage
Its Clearance Label (Top Secret - Secret - or Confidential)
Thrashing
30. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
Controls the checks
Totality of protection mechanisms
Trusted Distribution
Basic Security Theorem (used in computer science) definition
31. Operating System Kernel
Stored in Reak Memory
Direct addressing
Ring 0
A Thread
32. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
Security Policy is clearly defined and documented
Division B - Mandatory Protection
Controlling unauthorized downgrading of information
Attributable data
33. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.
Life Cycle Assurance Requirement
Models concerned with integrity
Types of covert channels
The Common Criteria
34. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.
The reference monitor
First evaluation class
NOT Integrity
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
35. The security kernel is the mechanism that _____________ of the reference monitor concept.
Types of covert channels
Administrative declaration
Enforces the rules
The Evaluated Products List (EPL) with their corresponding rating
36. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.
Dedicated Security Mode
A lattice of Intergrity Levels
The Security Kernel
security protection mechanisms
37. A subject at a given clearance may not read an object at a higher classification
A and B
Orange Book C
C2 - Controlled Access Protection
The Simple Security Property
38. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
attributability
Protection Rings Support
B3 - Security Domains
No write down
39. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.
System High Security Mode
A and B
Multilevel Security Policies
B1 - Labeled Security rating
40. The *-Property rule is refered to as ____________.
security protection mechanisms
Pagefile.sys file
Indexed addressing
The "No write Down" Rule
41. What does the Clark-Wilson security model focus on
Integrity
Dedicated Security Mode
C2
Buffer overflows
42. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
All Mandatory Access Control (MAC) systems
Overt channel
Files - directories and devices
Thrashing
43. Discretionary protection
Attributable - original - accurate - contemporaneous and legible
B3
Orange Book C
Prevent secret information from being accessed
44. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
The Tranqulity principle (The Bell-LaPadula Model)
B1
Security Policy is clearly defined and documented
A security kernel
45. The combination of RAM - Cache and the Processor Registers
Simple Security Rule
Clark-Wilson Model
A Domain
Primary storage
46. Security Labels are not required until __________; thus C2 does not require security labels but B1 does
Dedicated Security Mode
Attributable data
Security rating B
Simple Security Rule
47. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
Access control to the objects by the subjects
Certification
A1 - Rating
Evaluated separately
48. The Policy must be explicit and well defined and enforced by the mechanisms within the system
Swap Space
Stored in Reak Memory
C2
Security Policy - Orange Book
49. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
Documentation - Orange Book
A and B
Mandatory Access Control (MAC)
Orange Book - B1
50. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
'Dominate'
Overt channel
Storage and timing
A Base Register (Memory Management)
