Test your basic knowledge |

CISSP Security Architecture And Design

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The Bell-LaPadula Model is a _______________.
Orange Book A
A Limit Register (Memory Management)
Subject to Object Model
A single classification and a Compartment Set

2. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.
Attributable - original - accurate - contemporaneous and legible
The rule is talking about "Reading"
Multiprocessing
Documentation - Orange Book

3. Which is an ISO standard product evaluation criteria that supersedes several different criteria
Orange Book B
B1 - Labeled Security
Access Matrix model
The Common Criteria

4. When the contents of the address defined in the program's instruction is added to that of an index register.
Indexed addressing
Documentation - Orange Book
The security perimeter
Orange Book ratings

5. The Simple Security rule is refered to as______________.
C1
The Monolithic Operation system Architecture
First evaluation class
The "No read Up" rule

6. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.
Direct Addressing
The Monolithic Operation system Architecture
B1
Continuous protection - O/B

7. The total combination of protection mechanisms within a computer system
No read up
Continuous protection - O/B
Orange Book - A1
TCB (Trusted Computing Base)

8. Audit data must be captured and protected to enforce accountability
Be protected from modification
Accountability - Orange Book
Enforces the rules
The Tranqulity principle (The Bell-LaPadula Model)

9. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
Reduced Instruction Set Computers (RISC)
Division B - Mandatory Protection Architecture
Division C - Discretionary Protection
Orange Book - B3

10. Permits a database to have two records that are identical except for Their classifications
Buffer (temporary data storage area)
Polyinstantiation
security protection mechanisms
B1

11. The assignment of a specific individual to administer the security-related functions of a system.
Orange Book - D
B3 - Security Domains
Trusted facility management
Erasable and Programmable Read-Only Memory (EPROM)

12. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system
Security rating B
Isolate processes
Certification
Indexed addressing

13. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
Process isolation
Controls the checks
Storage and timing
Scalar processors

14. Contains an Address of where the instruction and dara reside that need to be processed.
Security Policy is clearly defined and documented
The Thread (memory Management)
Simple Security Rule
Prevent secret information from being accessed

15. When a computer uses more than one CPU in parallel to execute instructions is known as?
Swap Space
Buffer (temporary data storage area)
Multiprocessing
Labels - Orange Book

16. Which would be designated as objects on a MAC system?
Direct addressing
Pagefile.sys file
Files - directories and devices
Division B - Mandatory Protection Architecture

17. Individual subjects must be uniquely identified.
A Domain
Ring 3
Dedicated Security Mode
Identification - Orange Book

18. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
Implement software or systems in a production environment
Life Cycle Assurance Requirement
Controlling unauthorized downgrading of information
Trusted facility management

19. The Indexed memory addresses that software uses
Evaluated separately
C2
The security perimeter
Logical addresses

20. System Architecture that separates system functionality into Hierarchical layers
Secondary Storage
A Layered Operating System Architecure
B1 - Labeled Security rating
Ring 1

21. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
security protection mechanisms
A Layered Operating System Architecure
Government and military applications
Evaluated separately

22. Security Labels are not required until __________; thus C2 does not require security labels but B1 does
Security rating B
Polyinstantiation
No write down
Need-to-know

23. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle
Complex Instruction Set Computers (CISC)
Higher or equal to access class
Labels - Orange Book
The *-Property rule (Star property)

24. Users need to be Identified individually to provide more precise acces control and auditing functionality.
Logical addresses
C2 - Controlled Access Protection
Protection Rings Support
A Base Register (Memory Management)

25. Components considered as part of the Trusted Computing Base (from the Orange Book) are?
Ring 2
Access control to the objects by the subjects
Trusted hardware - Software and Firmware
Buffer overflows

26. Execute one instruction at a time.
Scalar processors
Direct Addressing
Swap Space
Orange Book - A1

27. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu
Polyinstantiation
C2 - Controlled Access Protection
Be protected from modification
Security Policy is clearly defined and documented

28. Based on a known address with an offset value applied.
B2 - Structured Protection
*-Integrity Axiom
Relative Addresses
The "No write Down" Rule

29. The Physical memory address that the CPU uses
Protection Rings Support
Absolute addresses
The security perimeter
Orange Book - B3

30. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
C2 - Controlled Access Protection
Implement software or systems in a production environment
A Domain
Orange Book - B3

31. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
Pagefile.sys file
The Clark Wilson integrity model
The Security Kernel
Covert channels

32. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.
Orange Book - B2
Discretionary Security Property (ds-property)
Certification
Prohibits

33. In ______________ the subject must have: Need to Know for ALL the information contained within the system.
The National Computer Security Center (NCSC)
Orange Book B
Dedicated Security Mode
Relative Addresses

34. The Orange book does NOT Cover ________________ - And Database management systems
The security perimeter
A security kernel
Storage and timing
Networks and Communications

35. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.
Protection Rings Support
NOT Integrity
Operational assurance requirements
Orange Book - B2

36. Contains the beginning address
C2 - Controlled Access Protection
A Base Register (Memory Management)
Networks and Communications
Accountability - Orange Book

37. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
The Thread (memory Management)
Overt channel
Invocation Property
C1 - Discrection Security Protection is a type of environment

38. The *-Property rule is refered to as ____________.
C1 - Discrection Security Protection is a type of environment
The "No write Down" Rule
Security Policy
A Limit Register (Memory Management)

39. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
Orange Book - B3
The reference monitor
A security kernel
Trusted facility management

40. What does the Clark-Wilson security model focus on
Operational assurance requirements
The "No write Down" Rule
NOT Integrity
Integrity

41. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.
Trusted Products Evaluation Program (TPEP)
Constrained
Life-cycle assurance - O/B
attributability

42. What does the simple integrity axiom mean in the Biba model?
The Thread (memory Management)
The Tranqulity principle (The Bell-LaPadula Model)
Trusted Products Evaluation Program (TPEP)
No read down

43. Used by Windows systems to reserve the "Swap Space"
B3
Invocation Property
Pagefile.sys file
The National Computer Security Center (NCSC)

44. What access control technique is also known as multilevel security?
Mandatory access control
Direct addressing
Real storage
The TCSEC - Aka Orange Book

45. Which can be used as a covert channel?
Execution Domain
Programmable Read-Only Memory (PROM)
Swap Space
Storage and timing

46. When the RAM and secondary storage are combined the result is __________.
Scalar processors
Covert channels
Virtual Memory
The Simple Security Property

47. An organization within the National Security Agency (NSA) is responsible for Evaluating computer systems and products. The Trusted Product Evaluation program (TPEP) oversees the testing by approved entities of commercial products against a specific s
Dedicated Security Mode
Discretionary Security Property (ds-property)
The National Computer Security Center (NCSC)
Models concerned with integrity

48. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
Prevent secret information from being accessed
Complex Instruction Set Computers (CISC)
A1 - Rating
Division C - Discretionary Protection

49. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.
Controlling unauthorized downgrading of information
Networks and Communications
The security perimeter
Virtual storage

50. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
Ring 0
The "No read Up" rule
A Thread
B2 - Structured Protection

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Major Subjects
Tests & Exams AP CLEP DSST GRE SAT GMAT	Certifications CISSP go to https://www.isc2.org/ PMP ITIL RHCE MCTS More...	IT Skills Android Programming Data Modeling Objective C Programming Basic Python Programming Adobe Illustrator More...	Business Skills Advertising Techniques Business Accounting Basics Business Strategy Human Resource Management Marketing Basics More...
Soft Skills Body Language People Skills Public Speaking Persuasion Job Hunting And Resumes More...	Vocabulary GRE Vocab SAT Vocab TOEFL Essential Vocab Basic English Words For All Global Words You Should Know Business English More...	Languages AP German Vocab AP Latin Vocab SAT Subject Test: French Italian Survival Norwegian Survival More...	Engineering Audio Engineering Computer Science Engineering Aerospace Engineering Chemical Engineering Structural Engineering More...
Health Sciences Basic Nursing Skills Health Science Language Fundamentals Veterinary Technology Medical Language Cardiology Clinical Surgery More...	English Grammar Fundamentals Literary And Rhetorical Vocab Elements Of Style Vocab Introduction To English Major Complete Advanced Sentences Literature Homonyms More...	Math Algebra Formulas Basic Arithmetic: Measurements Metric Conversions Geometric Properties Important Math Facts Number Sense Vocab Business Math More...	Other Major Subjects Science Economics History Law Performing-arts Cooking Logic & Reasoning Trivia

Test your basic knowledge |

CISSP Security Architecture And Design

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests

Major Subjects

Tests & Exams

Certifications

IT Skills

Business Skills

Soft Skills

Vocabulary

Languages

Engineering

Health Sciences

English

Math

Other Major Subjects

Browse all subjects

Browse all tests

Most popular tests