SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
A1 - Rating
C2
Examples of Layered Operating Systems
Life Cycle Assurance Requirement
2. When a computer uses more than one CPU in parallel to execute instructions is known as?
Relative Addresses
Multiprocessing
Overt channel
NOT Integrity
3. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.
Orange Book - A1
Multilevel Security Policies
Secondary Storage
Documentation - Orange Book
4. TCSEC provides a means to evaluate ______________________.
The "No write Down" Rule
Ring 0
The trustworthiness of an information system
Protection Rings Support
5. Simpler instructions that require fewer clock cycles to execute.
No read down
Orange Book B
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Reduced Instruction Set Computers (RISC)
6. Execute one instruction at a time.
Scalar processors
B2
Most commonly used approach
Discretionary Security Property (ds-property)
7. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
Invocation Property
B2 - Structured Protection
State machine model
The security perimeter
8. When the address location that is specified in the program instruction contains the address of the final desired location.
*-Integrity Axiom
The trustworthiness of an information system
The TCSEC - Aka Orange Book
Indirect addressing
9. Individual subjects must be uniquely identified.
The Tranqulity principle (The Bell-LaPadula Model)
Pipelining
Attributable data
Identification - Orange Book
10. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
Orange Book - B2
Administrative declaration
Most commonly used approach
Life-cycle assurance - O/B
11. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.
State machine model
B1
C1 - Discrection Security Protection is a type of environment
Security Policy - Orange Book
12. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.
Direct Addressing
B3 - Rating
Buffer (temporary data storage area)
B1
13. Contains an Address of where the instruction and dara reside that need to be processed.
The Thread (memory Management)
C2 - Controlled Access Protection
*-Integrity Axiom
TCB (Trusted Computing Base)
14. What is called the formal acceptance of the adequacy of a system's overall security by management?
Security Policy
B3 - Security Domains
Accreditation
The Thread (memory Management)
15. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
Discretionary Security Property (ds-property)
Documentation - Orange Book
A lattice of Intergrity Levels
The Clark Wilson integrity model
16. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
Dedicated Security Mode
Controls the checks
Orange Book - B1
Its Clearance Label (Top Secret - Secret - or Confidential)
17. The combination of RAM - Cache and the Processor Registers
Types of covert channels
Primary storage
A security kernel
In C2 - Controlled Access Protection environment
18. The group that oversees the processes of evaluation within TCSEC is?
Trusted hardware - Software and Firmware
Ring 2
Life-cycle assurance - O/B
Trusted Products Evaluation Program (TPEP)
19. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.
B2 rating
The rule is talking about "Reading"
The security kernel
Multilevel Security Policies
20. I/O drivers and utilities
B2
Buffer overflows
A single classification and a Compartment Set
Ring 2
21. The *-Property rule is refered to as ____________.
Examples of Layered Operating Systems
Isolate processes
The "No write Down" Rule
Storage and timing
22. The security kernel is the mechanism that _____________ of the reference monitor concept.
Enforces the rules
Accreditation
Clark-Wilson
Virtual Memory
23. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.
Orange Book A
A Thread
Orange Book - D
First evaluation class
24. Can be erased - modified and upgraded.
Erasable and Programmable Read-Only Memory (EPROM)
Integrity
Direct Addressing
Trusted hardware - Software and Firmware
25. In the Bell-LaPadula Model the Object's Label contains ___________________.
Compare the security labels
Its classification label (Top Secret - Secret or confidential)
Division B - Mandatory Protection Architecture
Trusted Distribution
26. Each data object must contain a classification label and each subject must have a clearance label.
A1 - Rating
B1 - Labeled Security
Documentation - Orange Book
Relative Addresses
27. The Physical memory address that the CPU uses
Orange Book - B2
B1
B2
Absolute addresses
28. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Multitasking
Erasable and Programmable Read-Only Memory (EPROM)
Reduced Instruction Set Computers (RISC)
Evaluated separately
29. Subjects and Objects cannot change their security levels once they have been instantiated (created)
Multilevel Security Policies
The Tranqulity principle (The Bell-LaPadula Model)
Labels - Orange Book
No write down
30. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.
Multitasking
Prevent secret information from being accessed
Orange Book - B2
Ring 3
31. A system uses the Reference Monitor to ___________________ of a subject and an object?
Secondary Storage
Clark-Wilson
Compare the security labels
Integrity
32. Contains the ending address
Compare the security labels
Its classification label (Top Secret - Secret or confidential)
B2 - Structured Protection
A Limit Register (Memory Management)
33. The total combination of protection mechanisms within a computer system
Be protected from modification
The National Computer Security Center (NCSC)
TCB (Trusted Computing Base)
Logical addresses
34. Which describe a condition when RAM and Secondary storage are used together?
B3 - Security Domains
Virtual storage
Pagefile.sys file
Real storage
35. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object
Orange Book interpretations
Access control to the objects by the subjects
D
Orange Book A
36. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.
Ring 1
B3
Basic Security Theorem (used in computer science) definition
Orange Book - A1
37. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.
The security perimeter
A security kernel
A Base Register (Memory Management)
Clark-Wilson
38. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.
The Strong star property rule
The Integrity of data within applications
Direct Addressing
Higher or equal to access class
39. A type of memory used for High-speed writing and reading activities.
Models concerned with integrity
Evaluated separately
Cache Memory
A security kernel
40. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
Direct Addressing
Division C - Discretionary Protection
The Red Book
D
41. Discretionary protection
Process isolation
B1 - Labeled Security
The National Computer Security Center (NCSC)
Orange Book C
42. What does the simple security (ss) property mean in the Bell-LaPadula model?
Highly secure systems (B2 - B3 and A1)
The rule is talking about "Reading"
The security perimeter
No read up
43. Which addresses a portion of the primary memory by specifying the actual address of the memory location?
Direct Addressing
C2
Documentation - Orange Book
Life Cycle Assurance Requirement
44. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
Controlling unauthorized downgrading of information
Types of covert channels
Protection Rings Support
A Thread
45. The Orange book requires protection against two_____________ - which are these Timing and Storage
Evaluated separately
Types of covert channels
Prohibits
Sensitivity labels
46. In the Bell-LaPadula Model the Subject's Label contains ___________________.
Mandatory access control
Its Clearance Label (Top Secret - Secret - or Confidential)
Accountability - Orange Book
Division C - Discretionary Protection
47. Mediates all access and Functions between subjects and objects.
The Integrity of data within applications
The Security Kernel
Files - directories and devices
Ring 2
48. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system
The Monolithic Operation system Architecture
The Clark Wilson integrity model
Swap Space
Covert channels
49. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
Absolute addresses
Indexed addressing
Clark-Wilson
Certification
50. As per FDA data should be ______________________________.
International Standard 15408
Attributable - original - accurate - contemporaneous and legible
C1 - Discretionary Security Protection
Integrity
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests