SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. What does the * (star) property mean in the Bell-LaPadula model?
No write down
Division B - Mandatory Protection
The security kernel
Identification - Orange Book
2. Succesfully Evaluated products are placed on?
Dominate the object's sensitivity label
The Evaluated Products List (EPL) with their corresponding rating
A Thread
No read down
3. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.
Orange Book - A1
A and B
Orange Book - B2
C2
4. The security kernel is the mechanism that _____________ of the reference monitor concept.
The Monolithic Operation system Architecture
Enforces the rules
Accountability - Orange Book
Division D - Minimal Protection
5. Levels of Security and Levels of Trust Lower Letters of the alphabet represent higher levels of security. Higher numbers indicate a greater level of trust.
Orange Book ratings
The "No write Down" Rule
The trustworthiness of an information system
Assigned labels
6. Based on a known address with an offset value applied.
Pagefile.sys file
Relative Addresses
C2 - Controlled Access Protection
Orange Book - D
7. An organization within the National Security Agency (NSA) is responsible for Evaluating computer systems and products. The Trusted Product Evaluation program (TPEP) oversees the testing by approved entities of commercial products against a specific s
Process isolation
Cache Memory
Division C - Discretionary Protection
The National Computer Security Center (NCSC)
8. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.
Trusted Distribution
The Rule is talking about writing
Indexed addressing
Need-to-know
9. According to the Orange Book - trusted facility management is not required for which security levels?
Polyinstantiation
The Integrity of data within applications
B3 - Rating
B1
10. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.
Constrained
B2 rating
Primary storage
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
11. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.
Relative Addresses
A security domain
Attributable - original - accurate - contemporaneous and legible
C1 - Discrection Security Protection is a type of environment
12. The total combination of protection mechanisms within a computer system
Multitasking
TCB (Trusted Computing Base)
Labels - Orange Book
The Common Criteria
13. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
C2 - Controlled Access Protection
B2 rating
Orange Book interpretations
Evaluated separately
14. When the contents of the address defined in the program's instruction is added to that of an index register.
B2 rating
Controlling unauthorized downgrading of information
Mandatory access control
Indexed addressing
15. Contains the beginning address
A Base Register (Memory Management)
B2
Logical addresses
Its classification label (Top Secret - Secret or confidential)
16. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system
Most commonly used approach
The Monolithic Operation system Architecture
Security Policy
Trusted Products Evaluation Program (TPEP)
17. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object
Pagefile.sys file
Access control to the objects by the subjects
attributability
Secondary Storage
18. In the Bell-LaPadula Model the Object's Label contains ___________________.
Enforces the rules
The Security Kernel
Its classification label (Top Secret - Secret or confidential)
The Integrity of data within applications
19. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
Access Matrix model
D
Cache Memory
Primary storage
20. A domain of trust that shares a single security policy and single management
A security domain
The Security Kernel
Constrained
Thrashing
21. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
Controls the checks
Subject to Object Model
Ring 1
Swap Space
22. The Indexed memory addresses that software uses
C2
The "No write Down" Rule
Logical addresses
Direct addressing
23. What are the components of an object's sensitivity label?
Totality of protection mechanisms
Scalar processors
Files - directories and devices
A single classification and a Compartment Set
24. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
C2
Its classification label (Top Secret - Secret or confidential)
Division C - Discretionary Protection
Virtual Memory
25. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
Higher or equal to access class
'Dominate'
No read down
Implement software or systems in a production environment
26. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
Absolute addresses
Certification
Administrative declaration
Ring 2
27. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)
The Monolithic Operation system Architecture
*-Integrity Axiom
Dedicated Security Mode
Fail safe
28. The Orange book requires protection against two_____________ - which are these Timing and Storage
Types of covert channels
Dedicated Security Mode
Direct Addressing
C1
29. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
Access control to the objects by the subjects
All Mandatory Access Control (MAC) systems
Government and military applications
Prevent secret information from being accessed
30. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle
Swap Space
'Dominate'
Complex Instruction Set Computers (CISC)
Enforces the rules
31. Execute one instruction at a time.
Administrative declaration
Evaluated separately
Identification - Orange Book
Scalar processors
32. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.
Accreditation
Higher or equal to access class
Life Cycle Assurance Requirement
Division B - Mandatory Protection Architecture
33. When the address location that is specified in the program instruction contains the address of the final desired location.
No read down
Totality of protection mechanisms
Erasable and Programmable Read-Only Memory (EPROM)
Indirect addressing
34. The Physical memory address that the CPU uses
A Layered Operating System Architecure
Most commonly used approach
Absolute addresses
The Integrity of data within applications
35. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"
Simple Integrity Axiom
Virtual Memory
Mandatory Access Control (MAC)
Division C - Discretionary Protection
36. What does the simple integrity axiom mean in the Biba model?
C2 - Controlled Access Protection
Isolate processes
No read down
The Thread (memory Management)
37. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
An abstract machine
The security perimeter
Complex Instruction Set Computers (CISC)
Controlling unauthorized downgrading of information
38. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?
Disclosure of residual data
The Strong star property rule
Fail safe
Thrashing
39. Which describe a condition when RAM and Secondary storage are used together?
No read up
Buffer overflows
NOT Integrity
Virtual storage
40. Trusted facility management is an assurance requirement only for ________________.
Highly secure systems (B2 - B3 and A1)
B1 - Labeled Security
Indexed addressing
Orange Book - D
41. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.
Operational assurance requirements
C1
A security kernel
State machine model
42. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu
Division B - Mandatory Protection
B2 rating
Security Policy is clearly defined and documented
Orange Book - A1
43. A1 is also called "Verified Design" and requires formal verification of the design and specifications.
Orange Book - A1
Process isolation
Prevent secret information from being accessed
Highly secure systems (B2 - B3 and A1)
44. Mandatory access control is enfored by the use of security labels.
Absolute addresses
Division B - Mandatory Protection
Secondary Storage
Sensitivity labels
45. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.
Certification
Basic Security Theorem (used in computer science) definition
The Trusted Computing Base (TCB)
Highly secure systems (B2 - B3 and A1)
46. The Reserved hard drive space used to to extend RAM capabilites.
Security rating B
Certification
Swap Space
C1 - Discrection Security Protection is a type of environment
47. In the Bell-LaPadula Model the Subject's Label contains ___________________.
Protection Rings Support
Models concerned with integrity
The Thread (memory Management)
Its Clearance Label (Top Secret - Secret - or Confidential)
48. Security Labels are not required until __________; thus C2 does not require security labels but B1 does
Security rating B
Overt channel
B3 - Rating
Life-cycle assurance - O/B
49. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.
Physical security
Ring 0
The Common Criteria
Indirect addressing
50. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m
Indirect addressing
Orange Book - B2
Logical addresses
C2 - Controlled Access Protection
