SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In access control terms - the word "dominate" refers to ___________.
Trusted Distribution
Direct addressing
The trustworthiness of an information system
Higher or equal to access class
2. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"
Division C - Discretionary Protection
No write down
B3 - Rating
Simple Integrity Axiom
3. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.
No write down
The Trusted Computing Base (TCB)
Security Policy is clearly defined and documented
Fail safe
4. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
C2
Complex Instruction Set Computers (CISC)
Disclosure of residual data
An abstract machine
5. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
Implement software or systems in a production environment
Primary storage
The rule is talking about "Reading"
C2 - Controlled Access Protection
6. Contains the ending address
The Security Kernel
Models concerned with integrity
B2
A Limit Register (Memory Management)
7. Simpler instructions that require fewer clock cycles to execute.
Virtual storage
TCB (Trusted Computing Base)
Reduced Instruction Set Computers (RISC)
A1 - Rating
8. The total combination of protection mechanisms within a computer system
Be protected from modification
Life-cycle assurance - O/B
B1
TCB (Trusted Computing Base)
9. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
Programmable Read-Only Memory (PROM)
Discretionary Security Property (ds-property)
B2 - Structured Protection
D
10. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.
System High Security Mode
Accountability - Orange Book
A single classification and a Compartment Set
Execution Domain
11. Which uses Protection Profiles and Security Targets?
Certification
*-Integrity Axiom
International Standard 15408
Attributable - original - accurate - contemporaneous and legible
12. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.
Certification
Division B - Mandatory Protection
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Orange Book - B1
13. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.
A and B
Simple Security Rule
Division C - Discretionary Protection
Protection Rings Support
14. Operating System Kernel
Trusted Products Evaluation Program (TPEP)
Models concerned with integrity
B1
Ring 0
15. Which would be designated as objects on a MAC system?
C2 - Controlled Access Protection
The trustworthiness of an information system
Multilevel Security Policies
Files - directories and devices
16. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Trusted hardware - Software and Firmware
Evaluated separately
Invocation Property
Physical security
17. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.
Trusted Network Interpretation (TNI)
The Strong star property rule
Certification
B2 - Structured Protection
18. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?
A and B
The security perimeter
Controls the checks
B3
19. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.
Highly secure systems (B2 - B3 and A1)
No read down
C1 - Discrection Security Protection is a type of environment
Ring 3
20. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
Security Policy is clearly defined and documented
Scalar processors
A security domain
Division C - Discretionary Protection
21. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
C2
Simple Integrity Axiom
Types of covert channels
Multilevel Security Policies
22. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma
Dedicated Security Mode
Discretionary Security Property (ds-property)
Compare the security labels
B2 rating
23. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)
Sensitivity labels
The Strong star property rule
*-Integrity Axiom
Simple Integrity Axiom
24. TCSEC provides a means to evaluate ______________________.
B1 - Labeled Security
Discretionary Security Property (ds-property)
The trustworthiness of an information system
Physical security
25. The Physical memory address that the CPU uses
Absolute addresses
Secondary Storage
Orange Book - B2
Administrative declaration
26. What does the Clark-Wilson security model focus on
Division D - Minimal Protection
Integrity
Dedicated Security Mode
Pagefile.sys file
27. Which is an ISO standard product evaluation criteria that supersedes several different criteria
The *-Property rule (Star property)
The Common Criteria
Attributable data
Orange Book ratings
28. Involves sharing the processor amoung all ready processes
Operational assurance requirements
Multitasking
Physical security
Prohibits
29. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
security protection mechanisms
A security kernel
The Clark Wilson integrity model
Division C - Discretionary Protection
30. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Multitasking
Division B - Mandatory Protection Architecture
Mandatory access control
31. Another word for Primary storage and distinguishes physical memory from virtual memory.
Higher or equal to access class
The Simple Security Property
Polyinstantiation
Real storage
32. The Availability - Integrity and confidentiality requirements of multitasking operating systems
Protection Rings Support
Ring 0
Sensitivity labels
Cache Memory
33. Based on a known address with an offset value applied.
Scalar processors
Relative Addresses
A Layered Operating System Architecure
Buffer overflows
34. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
Networks and Communications
Need-to-know
Government and military applications
The security kernel
35. When the address location that is specified in the program instruction contains the address of the final desired location.
Swap Space
Clark-Wilson
Access control to the objects by the subjects
Indirect addressing
36. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.
A lattice of Intergrity Levels
C2 - Controlled Access Protection
Models concerned with integrity
Cache Memory
37. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m
Orange Book - D
C2 - Controlled Access Protection
Controlling unauthorized downgrading of information
A Domain
38. What are the components of an object's sensitivity label?
The Clark Wilson integrity model
Division D - Minimal Protection
A single classification and a Compartment Set
Real storage
39. Access control labels must be associated properly with objects.
Covert channels
Logical addresses
Integrity
Labels - Orange Book
40. Each data object must contain a classification label and each subject must have a clearance label.
No read down
Thrashing
A Limit Register (Memory Management)
B1 - Labeled Security
41. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.
Multiprocessing
Orange Book - B2
In C2 - Controlled Access Protection environment
The Strong star property rule
42. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?
The TCSEC - Aka Orange Book
B3
Access control to the objects by the subjects
A and B
43. What does the * (star) property mean in the Bell-LaPadula model?
TCB (Trusted Computing Base)
Direct Addressing
No write down
The "No write Down" Rule
44. Which Orange Book evaluation level is described as "Verified Design"?
Trusted Network Interpretation (TNI)
Thrashing
The National Computer Security Center (NCSC)
A1
45. When a vendor submits a product for evaluation - it submits it to the ____________.
Models concerned with integrity
The National Computer Security Center (NCSC)
The security perimeter
No read down
46. The Security Model Incorporates the ____________ that should be enforced in the system.
B3
Cache Memory
Attributable data
Security Policy
47. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
Orange Book - D
The Trusted Computing Base (TCB)
Buffer (temporary data storage area)
Thrashing
48. In ______________ the subject must have: Need to Know for ALL the information contained within the system.
Accountability - Orange Book
Security Policy - Orange Book
B3
Dedicated Security Mode
49. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.
A Layered Operating System Architecure
Accreditation
Virtual storage
Operational assurance requirements
50. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
The Clark Wilson integrity model
Relative Addresses
Evaluated separately
B3 - Security Domains
