Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The subject must have Need to Know for ONLY the information they are trying to access.






2. When the address location that is specified in the program instruction contains the address of the final desired location.






3. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.






4. The group that oversees the processes of evaluation within TCSEC is?






5. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.






6. Applications and user activity






7. In the Bell-LaPadula Model the Object's Label contains ___________________.






8. Permits a database to have two records that are identical except for Their classifications






9. Which in the Orange Book ratings represents the highest level of trust?






10. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection






11. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system






12. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?






13. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when






14. According to the Orange Book - trusted facility management is not required for which security levels?






15. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity






16. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?






17. The Red Book aka Trusted Network Interpretation (TNI) - provides _________________ for Trusted computer and communications network systems under the areas of assurance requirements






18. Discretionary protection






19. Which describe a condition when RAM and Secondary storage are used together?






20. In access control terms - the word "dominate" refers to ___________.






21. An organization within the National Security Agency (NSA) is responsible for Evaluating computer systems and products. The Trusted Product Evaluation program (TPEP) oversees the testing by approved entities of commercial products against a specific s






22. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise






23. The Biba Model adresses _____________________.






24. The assignment of a specific individual to administer the security-related functions of a system.






25. Execute one instruction at a time.






26. Mandatory Access requires that _____________ be attached to all objects.






27. What is called the formal acceptance of the adequacy of a system's overall security by management?






28. In Access Control terms it means to be higher than or equal to. In the Bell-Lapadula Model - this is refered to as the dominance relation - which is the relationship of the subject's clearance to the object's classification

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


29. System Architecture that separates system functionality into Hierarchical layers






30. A domain of trust that shares a single security policy and single management






31. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.






32. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.






33. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object






34. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)






35. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.






36. Remaining parts of the operating system






37. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.






38. What model use an access control triples and requires that the system maintain separation of duty ?






39. Mandatory Protection






40. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.






41. The C2 evaluation class of the _________________ offers controlled access protection.






42. A Policy based control. All objects and systems have a sensitivity level assigned to them






43. A1 is also called "Verified Design" and requires formal verification of the design and specifications.






44. Security Labels are not required until __________; thus C2 does not require security labels but B1 does






45. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.






46. Which addresses a portion of the primary memory by specifying the actual address of the memory location?






47. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.






48. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs






49. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.






50. Bell-LaPadula model was proposed for enforcing access control in _____________________.