SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Audit data must be captured and protected to enforce accountability
Accountability - Orange Book
The Simple Security Property
Need-to-know
The Integrity of data within applications
2. The Orange book requires protection against two_____________ - which are these Timing and Storage
Dedicated Security Mode
The rule is talking about "Reading"
Types of covert channels
Protection Rings Support
3. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
B2
Subject to Object Model
A Thread
Swap Space
4. What access control technique is also known as multilevel security?
Mandatory access control
Security Policy is clearly defined and documented
Multilevel Security Policies
Constrained
5. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
Division D - Minimal Protection
Sensitivity labels
The Tranqulity principle (The Bell-LaPadula Model)
Implement software or systems in a production environment
6. The combination of RAM - Cache and the Processor Registers
Prohibits
Thrashing
Primary storage
The *-Property rule (Star property)
7. Contains the beginning address
B3 - Security Domains
Simple Integrity Axiom
A Base Register (Memory Management)
Sensitivity labels
8. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
TCB (Trusted Computing Base)
Buffer overflows
Division B - Mandatory Protection
Controlling unauthorized downgrading of information
9. Which would be designated as objects on a MAC system?
Files - directories and devices
Multiprocessing
Certification
Stored in Reak Memory
10. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
Files - directories and devices
Cache Memory
Invocation Property
Trusted Network Interpretation (TNI)
11. Access control labels must be associated properly with objects.
Controlling unauthorized downgrading of information
Clark-Wilson Model
B1 - Labeled Security
Labels - Orange Book
12. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.
Orange Book - B3
Orange Book - B1
C2
Execution Domain
13. When the RAM and secondary storage are combined the result is __________.
B1 - Labeled Security
Virtual Memory
Integrity
B2 - Structured Protection
14. When the address location that is specified in the program instruction contains the address of the final desired location.
Indirect addressing
Networks and Communications
Orange Book C
Bell-LaPadula Model
15. A system uses the Reference Monitor to ___________________ of a subject and an object?
No read down
Certification
Virtual storage
Compare the security labels
16. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.
C2 - Controlled Access Protection
The security kernel
The Integrity of data within applications
Operational assurance requirements
17. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?
Integrity
The TCSEC - Aka Orange Book
Disclosure of residual data
NOT Integrity
18. What does the Clark-Wilson security model focus on
Integrity
No read up
Orange Book interpretations
Reduced Instruction Set Computers (RISC)
19. Used by Windows systems to reserve the "Swap Space"
In C2 - Controlled Access Protection environment
The Rule is talking about writing
Virtual storage
Pagefile.sys file
20. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m
Life-cycle assurance - O/B
C2 - Controlled Access Protection
Security mechanisms and evalautes their effectivenes
A Domain
21. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
The *-Property rule (Star property)
B2 - Structured Protection
Trusted Products Evaluation Program (TPEP)
Overt channel
22. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use
Mandatory access control
Examples of Layered Operating Systems
The Tranqulity principle (The Bell-LaPadula Model)
Erasable and Programmable Read-Only Memory (EPROM)
23. Mandatory Protection
Life-cycle assurance - O/B
The Strong star property rule
Examples of Layered Operating Systems
Orange Book B
24. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
Division D - Minimal Protection
The Security Kernel
International Standard 15408
The Simple Security Property
25. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.
C2 - Controlled Access Protection
Reduced Instruction Set Computers (RISC)
B2
B3 - Rating
26. Components considered as part of the Trusted Computing Base (from the Orange Book) are?
System High Security Mode
Security Policy - Orange Book
Prevent secret information from being accessed
Trusted hardware - Software and Firmware
27. Bell-LaPadula Model -______________: A subject in a given security level can NOT WRITE information to a LOWER security level.
The *-Property rule (Star property)
Need-to-know
No read up
Orange Book - B2
28. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
Isolate processes
Need-to-know
Relative Addresses
A security kernel
29. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
Life-cycle assurance - O/B
The Biba Model
Most commonly used approach
Physical security
30. Which can be used as a covert channel?
Storage and timing
The Thread (memory Management)
Security mechanisms and evalautes their effectivenes
Indexed addressing
31. Succesfully Evaluated products are placed on?
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Isolate processes
The Evaluated Products List (EPL) with their corresponding rating
Orange Book ratings
32. An organization within the National Security Agency (NSA) is responsible for Evaluating computer systems and products. The Trusted Product Evaluation program (TPEP) oversees the testing by approved entities of commercial products against a specific s
The Clark Wilson integrity model
C2 - Controlled Access Protection
The National Computer Security Center (NCSC)
B2 - Structured Protection
33. Certification is a Technical review that assesses the _____________ - where as Accreditation is management's Official acceptance of the information in the Certification process findings.
Security mechanisms and evalautes their effectivenes
A1
Constrained
Orange Book - A1
34. What model use an access control triples and requires that the system maintain separation of duty ?
Overt channel
Ring 2
Clark-Wilson
First evaluation class
35. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
The Trusted Computing Base (TCB)
Division C - Discretionary Protection
Its Clearance Label (Top Secret - Secret - or Confidential)
Prohibits
36. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
Trusted Distribution
All Mandatory Access Control (MAC) systems
Overt channel
Pagefile.sys file
37. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
C1 - Discretionary Security Protection
The security kernel
B3 - Security Domains
TCB (Trusted Computing Base)
38. When a computer uses more than one CPU in parallel to execute instructions is known as?
Multiprocessing
B2 - Structured Protection
Relative Addresses
B2 rating
39. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
Division C - Discretionary Protection
The Strong star property rule
The Evaluated Products List (EPL) with their corresponding rating
TCB (Trusted Computing Base)
40. In access control terms - the word "dominate" refers to ___________.
Pagefile.sys file
Highly secure systems (B2 - B3 and A1)
Higher or equal to access class
Certification
41. Permits a database to have two records that are identical except for Their classifications
Virtual storage
Polyinstantiation
Life Cycle Assurance Requirement
Disclosure of residual data
42. Execute one instruction at a time.
Life-cycle assurance - O/B
Scalar processors
Enforces the rules
Security mechanisms and evalautes their effectivenes
43. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"
A Limit Register (Memory Management)
*-Integrity Axiom
Simple Integrity Axiom
A Base Register (Memory Management)
44. Intended for environments that require systems to handle classified data.
Clark-Wilson
Accreditation
B1 - Labeled Security rating
The National Computer Security Center (NCSC)
45. When a vendor submits a product for evaluation - it submits it to the ____________.
The National Computer Security Center (NCSC)
Trusted Network Interpretation (TNI)
Documentation - Orange Book
No write down
46. Mediates all access and Functions between subjects and objects.
Scalar processors
Networks and Communications
Ring 1
The Security Kernel
47. The assignment of a specific individual to administer the security-related functions of a system.
Trusted facility management
TCB (Trusted Computing Base)
Attributable data
A security kernel
48. The Availability - Integrity and confidentiality requirements of multitasking operating systems
Orange Book C
The National Computer Security Center (NCSC)
Protection Rings Support
Prohibits
49. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs
Secondary Storage
Evaluated separately
Dominate the object's sensitivity label
Certification
50. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain
Constrained
The rule is talking about "Reading"
Pipelining
Orange Book - B2