Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Minimal Security






2. When the address location that is specified in the program instruction contains the address of the final desired location.






3. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when






4. The Orange book requires protection against two_____________ - which are these Timing and Storage






5. Involves sharing the processor amoung all ready processes






6. The C2 evaluation class of the _________________ offers controlled access protection.






7. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.






8. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.






9. Contains the ending address






10. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?






11. As per FDA data should be ______________________________.






12. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.






13. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.






14. Simpler instructions that require fewer clock cycles to execute.






15. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.






16. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?






17. In the Bell-LaPadula Model the Object's Label contains ___________________.






18. In ______________ the subject must have: Need to Know for ALL the information contained within the system.






19. Which increases the performance in a computer by overlapping the steps of different instructions?






20. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity






21. Based on a known address with an offset value applied.






22. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)






23. Which addresses a portion of the primary memory by specifying the actual address of the memory location?






24. Which in the Orange Book ratings represents the highest level of trust?






25. The combination of RAM - Cache and the Processor Registers






26. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.






27. Which TCSEC level first addresses object reuse?






28. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.






29. What model use an access control triples and requires that the system maintain separation of duty ?






30. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.






31. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.






32. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.






33. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection






34. Can be erased - modified and upgraded.






35. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use






36. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.






37. In Access Control terms it means to be higher than or equal to. In the Bell-Lapadula Model - this is refered to as the dominance relation - which is the relationship of the subject's clearance to the object's classification

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


38. Should always trace to individuals responsible for observing and recording the data






39. What are the components of an object's sensitivity label?






40. Bell-LaPadula Model -______________: A subject in a given security level can NOT WRITE information to a LOWER security level.






41. The Security Model Incorporates the ____________ that should be enforced in the system.






42. The Indexed memory addresses that software uses






43. A system uses the Reference Monitor to ___________________ of a subject and an object?






44. Verification Protection






45. Users need to be Identified individually to provide more precise acces control and auditing functionality.






46. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.






47. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu






48. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?






49. In the Bell-LaPadula Model the Subject's Label contains ___________________.






50. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.