SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?
B3
The Tranqulity principle (The Bell-LaPadula Model)
Examples of Layered Operating Systems
A security domain
2. Using TPs (Transformation Procedures) to modify CDIs (Constrained Data) items is refered to as Well-Formed transaction
Clark-Wilson Model
Execution Domain
In C2 - Controlled Access Protection environment
Subject to Object Model
3. Should always trace to individuals responsible for observing and recording the data
Certification
Sensitivity labels
Files - directories and devices
Attributable data
4. What does the Clark-Wilson security model focus on
B3
Integrity
Continuous protection - O/B
The Evaluated Products List (EPL) with their corresponding rating
5. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs
C1 - Discrection Security Protection is a type of environment
Direct addressing
Secondary Storage
An abstract machine
6. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.
A single classification and a Compartment Set
The security perimeter
Controlling unauthorized downgrading of information
Subject to Object Model
7. Audit data must be captured and protected to enforce accountability
System High Security Mode
Accountability - Orange Book
C2
Fail safe
8. Discretionary protection
Clark-Wilson Model
Division B - Mandatory Protection
Dedicated Security Mode
Orange Book C
9. Succesfully Evaluated products are placed on?
B3
Examples of Layered Operating Systems
Trusted Distribution
The Evaluated Products List (EPL) with their corresponding rating
10. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
Programmable Read-Only Memory (PROM)
Trusted Products Evaluation Program (TPEP)
A and B
Prohibits
11. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
Division B - Mandatory Protection
B3
Attributable - original - accurate - contemporaneous and legible
Be protected from modification
12. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
B1 - Labeled Security rating
Certification
Discretionary Security Property (ds-property)
A Limit Register (Memory Management)
13. The Bell-LaPadula Model is a _______________.
attributability
Administrative declaration
Subject to Object Model
Compare the security labels
14. Which Orange Book evaluation level is described as "Discretionary Security Protection"?
A single classification and a Compartment Set
attributability
The security perimeter
C1
15. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
In C2 - Controlled Access Protection environment
The rule is talking about "Reading"
C2 - Controlled Access Protection
Accountability - Orange Book
16. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
A and B
Swap Space
Security Policy
Prevent secret information from being accessed
17. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
Complex Instruction Set Computers (CISC)
Documentation - Orange Book
Security rating B
An abstract machine
18. The combination of RAM - Cache and the Processor Registers
Controlling unauthorized downgrading of information
B1 - Labeled Security
Examples of Layered Operating Systems
Primary storage
19. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Virtual storage
State machine model
Orange Book A
20. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m
C2 - Controlled Access Protection
C1 - Discrection Security Protection is a type of environment
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
The *-Property rule (Star property)
21. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
Overt channel
Erasable and Programmable Read-Only Memory (EPROM)
B1 - Labeled Security
The Clark Wilson integrity model
22. Mandatory access control is enfored by the use of security labels.
Division B - Mandatory Protection
Security Policy is clearly defined and documented
Prevent secret information from being accessed
Scalar processors
23. A set of objects that a subject is able to access
Higher or equal to access class
A Domain
Orange Book A
Government and military applications
24. The assignment of a specific individual to administer the security-related functions of a system.
Trusted facility management
Protection Rings Support
Storage and timing
Security Policy - Orange Book
25. The *-Property rule is refered to as ____________.
The Tranqulity principle (The Bell-LaPadula Model)
Division C - Discretionary Protection
Identification - Orange Book
The "No write Down" Rule
26. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.
A1
Storage and timing
Discretionary Security Property (ds-property)
C2 - Controlled Access Protection
27. Operating System Kernel
Ring 0
All Mandatory Access Control (MAC) systems
Division B - Mandatory Protection
No read up
28. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
Ring 1
Orange Book C
C1 - Discrection Security Protection is a type of environment
Life-cycle assurance - O/B
29. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
Orange Book B
Bell-LaPadula Model
TCB (Trusted Computing Base)
Overt channel
30. Based on a known address with an offset value applied.
A single classification and a Compartment Set
Evaluated separately
Relative Addresses
Programmable Read-Only Memory (PROM)
31. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
TCB (Trusted Computing Base)
Scalar processors
Invocation Property
No read down
32. Security Labels are not required until __________; thus C2 does not require security labels but B1 does
Orange Book A
Security rating B
A Domain
Dedicated Security Mode
33. The Orange book does NOT Cover ________________ - And Database management systems
Access control to the objects by the subjects
Access Matrix model
Multilevel Security Policies
Networks and Communications
34. Each data object must contain a classification label and each subject must have a clearance label.
Higher or equal to access class
B1 - Labeled Security
Trusted facility management
Clark-Wilson
35. Happen because input data is not checked for appropriate length at time of input
Most commonly used approach
Mandatory Access Control (MAC)
Buffer overflows
Operational assurance requirements
36. Contains the beginning address
Security rating B
Primary storage
A Base Register (Memory Management)
Multilevel Security Policies
37. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.
Operational assurance requirements
Security Policy
Life Cycle Assurance Requirement
Ring 1
38. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
All Mandatory Access Control (MAC) systems
Clark-Wilson Model
B2 rating
Trusted hardware - Software and Firmware
39. What access control technique is also known as multilevel security?
Dedicated Security Mode
Mandatory access control
C2 - Controlled Access Protection
Reduced Instruction Set Computers (RISC)
40. A system uses the Reference Monitor to ___________________ of a subject and an object?
Multiprocessing
Scalar processors
Compare the security labels
Ring 3
41. Execute one instruction at a time.
Continuous protection - O/B
Prohibits
Fail safe
Scalar processors
42. Verification Protection
Need-to-know
C1
C2
Orange Book A
43. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.
Scalar processors
A Domain
Totality of protection mechanisms
Execution Domain
44. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
Most commonly used approach
Thrashing
First evaluation class
Secondary Storage
45. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)
The Security Kernel
Firmware
D
B3 - Rating
46. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.
Orange Book ratings
Orange Book - B2
Need-to-know
Continuous protection - O/B
47. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
Storage and timing
A security kernel
C1
Multitasking
48. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.
Examples of Layered Operating Systems
Sensitivity labels
Orange Book - B2
B3 - Rating
49. TCSEC provides a means to evaluate ______________________.
Its classification label (Top Secret - Secret or confidential)
The "No write Down" Rule
A1 - Rating
The trustworthiness of an information system
50. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
Trusted Distribution
Covert channels
attributability
Buffer overflows
