SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which TCSEC level first addresses object reuse?
Orange Book A
The trustworthiness of an information system
C2
Security mechanisms and evalautes their effectivenes
2. Which addresses a portion of the primary memory by specifying the actual address of the memory location?
Pipelining
Direct Addressing
The Security Kernel
A and B
3. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
Highly secure systems (B2 - B3 and A1)
Stored in Reak Memory
Models concerned with integrity
Mandatory Access Control (MAC)
4. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.
Division B - Mandatory Protection
NOT Integrity
Attributable data
Orange Book - A1
5. A domain of trust that shares a single security policy and single management
*-Integrity Axiom
A security domain
Models concerned with integrity
A security kernel
6. In the Bell-LaPadula Model the Subject's Label contains ___________________.
Its Clearance Label (Top Secret - Secret - or Confidential)
The Monolithic Operation system Architecture
Multitasking
Swap Space
7. Levels of Security and Levels of Trust Lower Letters of the alphabet represent higher levels of security. Higher numbers indicate a greater level of trust.
Orange Book ratings
Division B - Mandatory Protection
Relative Addresses
Disclosure of residual data
8. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
The Clark Wilson integrity model
The TCSEC - Aka Orange Book
Life Cycle Assurance Requirement
B3
9. I/O drivers and utilities
Virtual storage
Ring 2
C1 - Discretionary Security Protection
A lattice of Intergrity Levels
10. What model use an access control triples and requires that the system maintain separation of duty ?
Physical security
Clark-Wilson
Be protected from modification
Firmware
11. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"
B3 - Security Domains
Administrative declaration
Simple Integrity Axiom
Most commonly used approach
12. What is called the formal acceptance of the adequacy of a system's overall security by management?
Accreditation
Clark-Wilson
Complex Instruction Set Computers (CISC)
Indirect addressing
13. An organization within the National Security Agency (NSA) is responsible for Evaluating computer systems and products. The Trusted Product Evaluation program (TPEP) oversees the testing by approved entities of commercial products against a specific s
The National Computer Security Center (NCSC)
Programmable Read-Only Memory (PROM)
C2 - Controlled Access Protection
Pipelining
14. The group that oversees the processes of evaluation within TCSEC is?
International Standard 15408
Security rating B
Discretionary Security Property (ds-property)
Trusted Products Evaluation Program (TPEP)
15. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.
Swap Space
State machine model
B3 - Security Domains
B1 - Labeled Security rating
16. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.
Direct addressing
A lattice of Intergrity Levels
B1
A Layered Operating System Architecure
17. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
Security Policy is clearly defined and documented
A Base Register (Memory Management)
Thrashing
Division B - Mandatory Protection
18. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle
Buffer (temporary data storage area)
Security Policy
Complex Instruction Set Computers (CISC)
Trusted hardware - Software and Firmware
19. The Policy must be explicit and well defined and enforced by the mechanisms within the system
Security Policy - Orange Book
Need-to-know
Security rating B
The Simple Security Property
20. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Secondary Storage
Evaluated separately
Isolate processes
Simple Security Rule
21. All users have a clearance for and a formal need to know about - all data processed with the system.
Types of covert channels
Prohibits
Buffer (temporary data storage area)
Dedicated Security Mode
22. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.
A security domain
Documentation - Orange Book
Covert channels
A and B
23. Permits a database to have two records that are identical except for Their classifications
Polyinstantiation
Reduced Instruction Set Computers (RISC)
Continuous protection - O/B
Examples of Layered Operating Systems
24. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
State machine model
Access Matrix model
An abstract machine
The Security Kernel
25. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
Execution Domain
Division D - Minimal Protection
Pipelining
Dedicated Security Mode
26. Verification Protection
A security kernel
C1 - Discretionary Security Protection
Orange Book A
A single classification and a Compartment Set
27. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
B1 - Labeled Security
The trustworthiness of an information system
Labels - Orange Book
The reference monitor
28. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.
C2
Execution Domain
Storage and timing
First evaluation class
29. System Architecture that separates system functionality into Hierarchical layers
B1 - Labeled Security
A Layered Operating System Architecure
Orange Book - B3
Orange Book C
30. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
B3
B3 - Security Domains
The "No read Up" rule
A security kernel
31. The Orange book requires protection against two_____________ - which are these Timing and Storage
Invocation Property
Orange Book - B2
Types of covert channels
Thrashing
32. According to the Orange Book - trusted facility management is not required for which security levels?
B1
The Integrity of data within applications
The Common Criteria
C2 - Controlled Access Protection
33. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
attributability
Simple Security Rule
State machine model
Prevent secret information from being accessed
34. What are the components of an object's sensitivity label?
Identification - Orange Book
A single classification and a Compartment Set
The Thread (memory Management)
Division D - Minimal Protection
35. For a subject to have read access to an object in a Multi-Level Security Policy - it is necessary that the subject's sensitivity label must ____________________.
36. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.
The Trusted Computing Base (TCB)
Multitasking
Process isolation
Be protected from modification
37. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
Orange Book - B3
C2
Clark-Wilson
A lattice of Intergrity Levels
38. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs
Security Policy - Orange Book
Networks and Communications
Life-cycle assurance - O/B
Secondary Storage
39. Contains the beginning address
A security domain
A Base Register (Memory Management)
Clark-Wilson
Scalar processors
40. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.
A lattice of Intergrity Levels
The security perimeter
Buffer (temporary data storage area)
Integrity
41. What does the Clark-Wilson security model focus on
Orange Book - A1
Integrity
Process isolation
Pipelining
42. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.
B1
First evaluation class
Erasable and Programmable Read-Only Memory (EPROM)
Assigned labels
43. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
Virtual storage
C1 - Discretionary Security Protection
Disclosure of residual data
Virtual Memory
44. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
C2 - Controlled Access Protection
Implement software or systems in a production environment
B3 - Rating
Division C - Discretionary Protection
45. The TCB is the ________________ within a computer system that work together to enforce a security policy.
Totality of protection mechanisms
Simple Security Rule
Controls the checks
Disclosure of residual data
46. The Reserved hard drive space used to to extend RAM capabilites.
Prevent secret information from being accessed
The Clark Wilson integrity model
The Thread (memory Management)
Swap Space
47. Audit data must be captured and protected to enforce accountability
C1 - Discretionary Security Protection
The Biba Model
Labels - Orange Book
Accountability - Orange Book
48. Bell-LaPadula Model -______________: A subject in a given security level can NOT WRITE information to a LOWER security level.
Operational assurance requirements
The security kernel
The Tranqulity principle (The Bell-LaPadula Model)
The *-Property rule (Star property)
49. Which uses Protection Profiles and Security Targets?
International Standard 15408
Pipelining
Security Policy
Security rating B
50. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.
Orange Book B
Trusted Products Evaluation Program (TPEP)
The Strong star property rule
Ring 2
