SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In ______________ the subject must have: Need to Know for ALL the information contained within the system.
In C2 - Controlled Access Protection environment
Security Policy - Orange Book
Dedicated Security Mode
B2
2. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
No read down
Networks and Communications
Covert channels
The security perimeter
3. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
Indexed addressing
The Rule is talking about writing
B2 - Structured Protection
Storage and timing
4. Each data object must contain a classification label and each subject must have a clearance label.
B1 - Labeled Security
A Limit Register (Memory Management)
B2 rating
The reference monitor
5. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)
Trusted hardware - Software and Firmware
The Integrity of data within applications
The Clark Wilson integrity model
*-Integrity Axiom
6. Bell-LaPadula model was proposed for enforcing access control in _____________________.
Implement software or systems in a production environment
Ring 0
Government and military applications
Execution Domain
7. What model use an access control triples and requires that the system maintain separation of duty ?
No read down
Clark-Wilson
Programmable Read-Only Memory (PROM)
B2 rating
8. The group that oversees the processes of evaluation within TCSEC is?
The Simple Security Property
Trusted Products Evaluation Program (TPEP)
Discretionary Security Property (ds-property)
Pagefile.sys file
9. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.
The security perimeter
Security Policy - Orange Book
Basic Security Theorem (used in computer science) definition
The security perimeter
10. The reserved hard drive space used to Extend RAM capabilities. Windows system use the pagefile.sys file to reserve this space
Thrashing
Its classification label (Top Secret - Secret or confidential)
Swap Space
The Tranqulity principle (The Bell-LaPadula Model)
11. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?
B3
An abstract machine
Buffer overflows
Labels - Orange Book
12. A system uses the Reference Monitor to ___________________ of a subject and an object?
C1
Compare the security labels
The Simple Security Property
Dominate the object's sensitivity label
13. The C2 evaluation class of the _________________ offers controlled access protection.
Trusted Network Interpretation (TNI)
The Evaluated Products List (EPL) with their corresponding rating
Pipelining
Dedicated Security Mode
14. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
Trusted Products Evaluation Program (TPEP)
Virtual Memory
Dedicated Security Mode
Overt channel
15. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system
Basic Security Theorem (used in computer science) definition
Simple Integrity Axiom
The Monolithic Operation system Architecture
B1
16. The Simple Security rule is refered to as______________.
The "No read Up" rule
Access control to the objects by the subjects
The reference monitor
B2 - Structured Protection
17. The Orange book does NOT Cover ________________ - And Database management systems
Administrative declaration
Multitasking
Networks and Communications
Constrained
18. Bell-LaPadula Model -______________: A subject in a given security level can NOT WRITE information to a LOWER security level.
No read down
The *-Property rule (Star property)
Division B - Mandatory Protection
Security Policy is clearly defined and documented
19. Mandatory Access requires that _____________ be attached to all objects.
Mandatory Access Control (MAC)
Sensitivity labels
Orange Book - B2
C2
20. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.
Indexed addressing
Process isolation
State machine model
Absolute addresses
21. Operating System Kernel
Ring 0
Isolate processes
Ring 3
Trusted facility management
22. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
Absolute addresses
Government and military applications
Security Policy is clearly defined and documented
Controls the checks
23. What does the simple security (ss) property mean in the Bell-LaPadula model?
Dominate the object's sensitivity label
Examples of Layered Operating Systems
Prevent secret information from being accessed
No read up
24. The Availability - Integrity and confidentiality requirements of multitasking operating systems
'Dominate'
C1 - Discretionary Security Protection
No read up
Protection Rings Support
25. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
Administrative declaration
C2 - Controlled Access Protection
Attributable data
In C2 - Controlled Access Protection environment
26. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu
Security Policy is clearly defined and documented
A lattice of Intergrity Levels
Invocation Property
Accountability - Orange Book
27. What prevents a process from accessing another process' data?
Security mechanisms and evalautes their effectivenes
Ring 1
Implement software or systems in a production environment
Process isolation
28. Trusted facility management is an assurance requirement only for ________________.
Isolate processes
Highly secure systems (B2 - B3 and A1)
Logical addresses
A single classification and a Compartment Set
29. Applications and user activity
Files - directories and devices
Implement software or systems in a production environment
B1 - Labeled Security rating
Ring 3
30. All users have a clearance for and a formal need to know about - all data processed with the system.
The Thread (memory Management)
security protection mechanisms
In C2 - Controlled Access Protection environment
Dedicated Security Mode
31. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.
Orange Book - B1
Networks and Communications
Secondary Storage
In C2 - Controlled Access Protection environment
32. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
C1 - Discretionary Security Protection
security protection mechanisms
The Red Book
Need-to-know
33. The Biba Model adresses _____________________.
Enforces the rules
Orange Book ratings
Complex Instruction Set Computers (CISC)
The Integrity of data within applications
34. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.
Stored in Reak Memory
Assigned labels
The National Computer Security Center (NCSC)
Need-to-know
35. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
A and B
Security rating B
The security kernel
B2 rating
36. Should always trace to individuals responsible for observing and recording the data
Orange Book - B3
Its Clearance Label (Top Secret - Secret - or Confidential)
The Strong star property rule
Attributable data
37. Remaining parts of the operating system
Multitasking
Ring 1
The security perimeter
Pipelining
38. Simpler instructions that require fewer clock cycles to execute.
The Simple Security Property
B3
A security domain
Reduced Instruction Set Computers (RISC)
39. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.
Firmware
Discretionary Security Property (ds-property)
Multilevel Security Policies
Reduced Instruction Set Computers (RISC)
40. Security Labels are not required until __________; thus C2 does not require security labels but B1 does
Real storage
Access control to the objects by the subjects
Security Policy
Security rating B
41. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
Isolate processes
Dominate the object's sensitivity label
In C2 - Controlled Access Protection environment
Orange Book - B3
42. Discretionary protection
Virtual Memory
First evaluation class
Orange Book C
Totality of protection mechanisms
43. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
Invocation Property
First evaluation class
Types of covert channels
Documentation - Orange Book
44. Based on a known address with an offset value applied.
Virtual storage
Relative Addresses
Process isolation
Need-to-know
45. When a computer uses more than one CPU in parallel to execute instructions is known as?
The Tranqulity principle (The Bell-LaPadula Model)
Orange Book B
B1
Multiprocessing
46. A set of objects that a subject is able to access
Pagefile.sys file
Orange Book - A1
B1
A Domain
47. Verification Protection
Ring 1
Disclosure of residual data
The Simple Security Property
Orange Book A
48. Users need to be Identified individually to provide more precise acces control and auditing functionality.
C2 - Controlled Access Protection
Process isolation
D
Controlling unauthorized downgrading of information
49. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
Dedicated Security Mode
*-Integrity Axiom
Multiprocessing
The Clark Wilson integrity model
50. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain
Orange Book - B2
B3 - Security Domains
Constrained
Attributable data
