Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The Biba Model adresses _____________________.






2. Which TCSEC level first addresses object reuse?






3. System Architecture that separates system functionality into Hierarchical layers






4. What does the simple integrity axiom mean in the Biba model?






5. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.






6. Which uses Protection Profiles and Security Targets?






7. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.






8. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.






9. Which is an ISO standard product evaluation criteria that supersedes several different criteria






10. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.






11. The C2 evaluation class of the _________________ offers controlled access protection.






12. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.






13. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain






14. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m






15. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object






16. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked






17. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.






18. The Orange book requires protection against two_____________ - which are these Timing and Storage






19. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.






20. The subject must have Need to Know for ONLY the information they are trying to access.






21. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?






22. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.






23. Trusted facility management is an assurance requirement only for ________________.






24. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.






25. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)






26. When the address location that is specified in the program instruction contains the address of the final desired location.






27. The Red Book aka Trusted Network Interpretation (TNI) - provides _________________ for Trusted computer and communications network systems under the areas of assurance requirements






28. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.






29. A domain of trust that shares a single security policy and single management






30. Contains the beginning address






31. Minimal Security






32. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.






33. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities






34. What does the simple security (ss) property mean in the Bell-LaPadula model?






35. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data






36. Permits a database to have two records that are identical except for Their classifications






37. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.






38. Mandatory Access requires that _____________ be attached to all objects.






39. Which increases the performance in a computer by overlapping the steps of different instructions?






40. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.






41. What model use an access control triples and requires that the system maintain separation of duty ?






42. Mediates all access and Functions between subjects and objects.






43. Succesfully Evaluated products are placed on?






44. The Availability - Integrity and confidentiality requirements of multitasking operating systems






45. Intended for environments that require systems to handle classified data.






46. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.






47. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu






48. The Physical memory address that the CPU uses






49. The assignment of a specific individual to administer the security-related functions of a system.






50. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.






Can you answer 50 questions in 15 minutes?



Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests