Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which can be used as a covert channel?






2. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu






3. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.






4. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.






5. When a computer uses more than one CPU in parallel to execute instructions is known as?






6. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.






7. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.






8. A domain of trust that shares a single security policy and single management






9. Minimal Security






10. When the RAM and secondary storage are combined the result is __________.






11. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.






12. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m






13. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.






14. The Reserved hard drive space used to to extend RAM capabilites.






15. The security kernel is the mechanism that _____________ of the reference monitor concept.






16. Mandatory Access requires that _____________ be attached to all objects.






17. What model use an access control triples and requires that the system maintain separation of duty ?






18. Which uses Protection Profiles and Security Targets?






19. Contains the ending address






20. The Physical memory address that the CPU uses






21. Users need to be Identified individually to provide more precise acces control and auditing functionality.






22. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.






23. Can be erased - modified and upgraded.






24. The Bell-LaPadula Model is a _______________.






25. Documentation must be provided - including test - design - and specification document - user guides and manuals






26. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.






27. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.






28. The Biba Model adresses _____________________.






29. What are the components of an object's sensitivity label?






30. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data






31. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.






32. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs






33. Each data object must contain a classification label and each subject must have a clearance label.






34. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.






35. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.






36. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise






37. Used by Windows systems to reserve the "Swap Space"






38. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system






39. Which Orange Book evaluation level is described as "Verified Design"?






40. Access control labels must be associated properly with objects.






41. Security Labels are not required until __________; thus C2 does not require security labels but B1 does






42. A system uses the Reference Monitor to ___________________ of a subject and an object?






43. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.






44. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when






45. The Red Book aka Trusted Network Interpretation (TNI) - provides _________________ for Trusted computer and communications network systems under the areas of assurance requirements






46. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.






47. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)






48. Components considered as part of the Trusted Computing Base (from the Orange Book) are?






49. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use






50. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.