SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards
Administrative declaration
B3
A and B
Orange Book interpretations
2. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle
A lattice of Intergrity Levels
Complex Instruction Set Computers (CISC)
Execution Domain
Dedicated Security Mode
3. As per FDA data should be ______________________________.
Compare the security labels
A security domain
Trusted Distribution
Attributable - original - accurate - contemporaneous and legible
4. Discretionary protection
Need-to-know
Security rating B
Orange Book C
Firmware
5. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
Need-to-know
Documentation - Orange Book
The Simple Security Property
In C2 - Controlled Access Protection environment
6. What prevents a process from accessing another process' data?
Most commonly used approach
Ring 0
Process isolation
Basic Security Theorem (used in computer science) definition
7. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.
security protection mechanisms
The security kernel
C2
Execution Domain
8. The Bell-LaPadula Model is a _______________.
Subject to Object Model
The *-Property rule (Star property)
B2 - Structured Protection
Bell-LaPadula Model
9. Contains the ending address
The Thread (memory Management)
A Limit Register (Memory Management)
The TCSEC - Aka Orange Book
The Integrity of data within applications
10. What is called the formal acceptance of the adequacy of a system's overall security by management?
The *-Property rule (Star property)
Accreditation
Swap Space
A Base Register (Memory Management)
11. The Biba Model adresses _____________________.
Indexed addressing
Direct addressing
The Integrity of data within applications
Buffer overflows
12. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Mandatory access control
Evaluated separately
All Mandatory Access Control (MAC) systems
Reduced Instruction Set Computers (RISC)
13. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
The Common Criteria
Sensitivity labels
Ring 2
Overt channel
14. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)
The reference monitor
A Thread
*-Integrity Axiom
Mandatory access control
15. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
Complex Instruction Set Computers (CISC)
B2 - Structured Protection
A1
The Monolithic Operation system Architecture
16. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
Swap Space
C1
Trusted Network Interpretation (TNI)
Division D - Minimal Protection
17. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.
Compare the security labels
The security perimeter
Basic Security Theorem (used in computer science) definition
Covert channels
18. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.
Trusted Products Evaluation Program (TPEP)
The security perimeter
The Security Kernel
Documentation - Orange Book
19. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.
B3 - Rating
C1 - Discrection Security Protection is a type of environment
The Strong star property rule
A security domain
20. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
Ring 3
Division B - Mandatory Protection Architecture
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Higher or equal to access class
21. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
The security perimeter
A and B
Multilevel Security Policies
Thrashing
22. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu
Security Policy is clearly defined and documented
B2 - Structured Protection
B3 - Security Domains
Basic Security Theorem (used in computer science) definition
23. Which would be designated as objects on a MAC system?
Files - directories and devices
Prohibits
Clark-Wilson Model
The Trusted Computing Base (TCB)
24. The TCB is the ________________ within a computer system that work together to enforce a security policy.
Protection Rings Support
Trusted Network Interpretation (TNI)
C1
Totality of protection mechanisms
25. Another word for Primary storage and distinguishes physical memory from virtual memory.
Real storage
State machine model
'Dominate'
Trusted hardware - Software and Firmware
26. TCSEC provides a means to evaluate ______________________.
C2 - Controlled Access Protection
The trustworthiness of an information system
Firmware
Its classification label (Top Secret - Secret or confidential)
27. I/O drivers and utilities
Ring 2
Simple Security Rule
Identification - Orange Book
Evaluated separately
28. Documentation must be provided - including test - design - and specification document - user guides and manuals
Documentation - Orange Book
C1 - Discrection Security Protection is a type of environment
Primary storage
The Biba Model
29. System Architecture that separates system functionality into Hierarchical layers
A Layered Operating System Architecure
Clark-Wilson Model
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Division B - Mandatory Protection Architecture
30. Which addresses a portion of the primary memory by specifying the actual address of the memory location?
Direct Addressing
The security perimeter
The *-Property rule (Star property)
Thrashing
31. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system
Secondary Storage
Certification
Isolate processes
A security kernel
32. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
Certification
Real storage
Documentation - Orange Book
Orange Book - D
33. Which increases the performance in a computer by overlapping the steps of different instructions?
Indexed addressing
Complex Instruction Set Computers (CISC)
Pipelining
Direct Addressing
34. What access control technique is also known as multilevel security?
The rule is talking about "Reading"
The security perimeter
Mandatory access control
Certification
35. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)
Firmware
The reference monitor
Storage and timing
A Base Register (Memory Management)
36. When the contents of the address defined in the program's instruction is added to that of an index register.
Polyinstantiation
Simple Security Rule
Indexed addressing
B1
37. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
A1 - Rating
Trusted Network Interpretation (TNI)
The Clark Wilson integrity model
Swap Space
38. Mandatory Access requires that _____________ be attached to all objects.
Pagefile.sys file
B2
Sensitivity labels
B2 - Structured Protection
39. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m
C2 - Controlled Access Protection
Disclosure of residual data
No read up
Direct addressing
40. Minimal Security
A single classification and a Compartment Set
Orange Book - D
The Tranqulity principle (The Bell-LaPadula Model)
Dedicated Security Mode
41. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
Secondary Storage
Simple Security Rule
The Red Book
Direct Addressing
42. What does the Clark-Wilson security model focus on
The Monolithic Operation system Architecture
Integrity
A security domain
The Tranqulity principle (The Bell-LaPadula Model)
43. The Availability - Integrity and confidentiality requirements of multitasking operating systems
Protection Rings Support
Programmable Read-Only Memory (PROM)
Dominate the object's sensitivity label
No read down
44. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
Highly secure systems (B2 - B3 and A1)
B3
Pagefile.sys file
A single classification and a Compartment Set
45. The Indexed memory addresses that software uses
Logical addresses
Division B - Mandatory Protection
Operational assurance requirements
A Domain
46. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use
Indirect addressing
Ring 1
Security Policy - Orange Book
Examples of Layered Operating Systems
47. Which TCSEC level first addresses object reuse?
C2
The Evaluated Products List (EPL) with their corresponding rating
A1 - Rating
System High Security Mode
48. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
Trusted Distribution
A security kernel
The trustworthiness of an information system
C2 - Controlled Access Protection
49. All users have a clearance for and a formal need to know about - all data processed with the system.
C2 - Controlled Access Protection
Dedicated Security Mode
The trustworthiness of an information system
B2 - Structured Protection
50. The assignment of a specific individual to administer the security-related functions of a system.
Trusted facility management
No write down
The Integrity of data within applications
The National Computer Security Center (NCSC)
