SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Users need to be Identified individually to provide more precise acces control and auditing functionality.
Dedicated Security Mode
C2 - Controlled Access Protection
Prohibits
Constrained
2. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
A Thread
B1 - Labeled Security
Integrity
The security kernel
3. According to the Orange Book - trusted facility management is not required for which security levels?
B1
Multilevel Security Policies
Trusted facility management
Identification - Orange Book
4. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
A1 - Rating
Accountability - Orange Book
Security mechanisms and evalautes their effectivenes
The TCSEC - Aka Orange Book
5. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
A Limit Register (Memory Management)
Division D - Minimal Protection
Storage and timing
Enforces the rules
6. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.
The Biba Model
Direct addressing
Clark-Wilson Model
Access Matrix model
7. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
Dominate the object's sensitivity label
Overt channel
Attributable - original - accurate - contemporaneous and legible
Models concerned with integrity
8. Bell-LaPadula model was proposed for enforcing access control in _____________________.
Security Policy - Orange Book
The National Computer Security Center (NCSC)
Logical addresses
Government and military applications
9. All users have a clearance for and a formal need to know about - all data processed with the system.
Dedicated Security Mode
Accreditation
Trusted facility management
Process isolation
10. Access control labels must be associated properly with objects.
Labels - Orange Book
Ring 3
A lattice of Intergrity Levels
Thrashing
11. The combination of RAM - Cache and the Processor Registers
Accreditation
The reference monitor
The Trusted Computing Base (TCB)
Primary storage
12. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
B3 - Rating
Security mechanisms and evalautes their effectivenes
The National Computer Security Center (NCSC)
The Red Book
13. What access control technique is also known as multilevel security?
Attributable data
Mandatory access control
Invocation Property
The Clark Wilson integrity model
14. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
C2
Sensitivity labels
Protection Rings Support
Orange Book - B2
15. A domain of trust that shares a single security policy and single management
Administrative declaration
The Integrity of data within applications
A security domain
Mandatory Access Control (MAC)
16. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
B2 rating
Administrative declaration
The trustworthiness of an information system
The Evaluated Products List (EPL) with their corresponding rating
17. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
Constrained
Prevent secret information from being accessed
Prohibits
Swap Space
18. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.
Accreditation
Orange Book C
C2 - Controlled Access Protection
Multilevel Security Policies
19. Which can be used as a covert channel?
Storage and timing
Swap Space
Attributable - original - accurate - contemporaneous and legible
B3
20. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
Prevent secret information from being accessed
attributability
Multilevel Security Policies
The *-Property rule (Star property)
21. Mediates all access and Functions between subjects and objects.
The Security Kernel
Evaluated separately
Examples of Layered Operating Systems
Orange Book B
22. Permits a database to have two records that are identical except for Their classifications
Polyinstantiation
Complex Instruction Set Computers (CISC)
D
B1 - Labeled Security
23. I/O drivers and utilities
C1 - Discretionary Security Protection
Implement software or systems in a production environment
Access control to the objects by the subjects
Ring 2
24. The *-Property rule is refered to as ____________.
The Rule is talking about writing
The "No write Down" Rule
Documentation - Orange Book
Simple Integrity Axiom
25. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
The "No write Down" Rule
Life-cycle assurance - O/B
The Evaluated Products List (EPL) with their corresponding rating
International Standard 15408
26. Data in Cache can be accessed much more quickly than Data
Sensitivity labels
Stored in Reak Memory
Division C - Discretionary Protection
A Limit Register (Memory Management)
27. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.
Integrity
Access Matrix model
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Virtual storage
28. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.
Pagefile.sys file
Orange Book - B1
Controlling unauthorized downgrading of information
In C2 - Controlled Access Protection environment
29. What does the simple security (ss) property mean in the Bell-LaPadula model?
No read up
Orange Book - B1
Higher or equal to access class
Division D - Minimal Protection
30. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.
A1
Programmable Read-Only Memory (PROM)
Orange Book ratings
Overt channel
31. Succesfully Evaluated products are placed on?
Primary storage
The Evaluated Products List (EPL) with their corresponding rating
B1 - Labeled Security
Integrity
32. The Policy must be explicit and well defined and enforced by the mechanisms within the system
Security Policy - Orange Book
The Evaluated Products List (EPL) with their corresponding rating
A security kernel
Totality of protection mechanisms
33. When a computer uses more than one CPU in parallel to execute instructions is known as?
Prohibits
Multiprocessing
Subject to Object Model
B2
34. When the contents of the address defined in the program's instruction is added to that of an index register.
B1 - Labeled Security
No read up
Indexed addressing
Types of covert channels
35. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.
Direct Addressing
Operational assurance requirements
Most commonly used approach
D
36. The Security Model Incorporates the ____________ that should be enforced in the system.
Security Policy
The TCSEC - Aka Orange Book
The Evaluated Products List (EPL) with their corresponding rating
Cache Memory
37. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"
Orange Book B
Orange Book - B2
Simple Integrity Axiom
Be protected from modification
38. A set of objects that a subject is able to access
Polyinstantiation
Primary storage
Isolate processes
A Domain
39. The security kernel is the mechanism that _____________ of the reference monitor concept.
Enforces the rules
The Rule is talking about writing
The Common Criteria
Documentation - Orange Book
40. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.
Examples of Layered Operating Systems
A Domain
Covert channels
Division B - Mandatory Protection
41. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
Trusted hardware - Software and Firmware
Overt channel
Fail safe
Files - directories and devices
42. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?
The Integrity of data within applications
The Evaluated Products List (EPL) with their corresponding rating
The TCSEC - Aka Orange Book
Logical addresses
43. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
Cache Memory
The reference monitor
Primary storage
Mandatory Access Control (MAC)
44. Mandatory access control is enfored by the use of security labels.
Swap Space
TCB (Trusted Computing Base)
All Mandatory Access Control (MAC) systems
Division B - Mandatory Protection
45. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.
Need-to-know
Protection Rings Support
The Red Book
Clark-Wilson
46. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.
Most commonly used approach
C1
Process isolation
B1
47. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
Overt channel
The Security Kernel
Be protected from modification
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
48. For a subject to have read access to an object in a Multi-Level Security Policy - it is necessary that the subject's sensitivity label must ____________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
49. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.
Compare the security labels
Simple Security Rule
The Rule is talking about writing
Orange Book - A1
50. Which describe a condition when RAM and Secondary storage are used together?
Discretionary Security Property (ds-property)
Orange Book ratings
Programmable Read-Only Memory (PROM)
Virtual storage