SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?
Most commonly used approach
The TCSEC - Aka Orange Book
Orange Book A
Clark-Wilson
2. A domain of trust that shares a single security policy and single management
Models concerned with integrity
Division D - Minimal Protection
A security domain
B1 - Labeled Security
3. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma
Buffer (temporary data storage area)
Discretionary Security Property (ds-property)
Ring 1
Higher or equal to access class
4. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
*-Integrity Axiom
Documentation - Orange Book
The security perimeter
A1 - Rating
5. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
security protection mechanisms
Controlling unauthorized downgrading of information
The security perimeter
Prohibits
6. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"
The National Computer Security Center (NCSC)
Simple Integrity Axiom
Orange Book - B3
Security rating B
7. The C2 evaluation class of the _________________ offers controlled access protection.
Storage and timing
Trusted Network Interpretation (TNI)
All Mandatory Access Control (MAC) systems
C1 - Discrection Security Protection is a type of environment
8. Individual subjects must be uniquely identified.
Multitasking
B1 - Labeled Security
Identification - Orange Book
Polyinstantiation
9. What model use an access control triples and requires that the system maintain separation of duty ?
Highly secure systems (B2 - B3 and A1)
Multitasking
Orange Book B
Clark-Wilson
10. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
Attributable data
Physical security
Invocation Property
C2
11. Bell-LaPadula Model -______________: A subject in a given security level can NOT WRITE information to a LOWER security level.
The *-Property rule (Star property)
C2 - Controlled Access Protection
The security perimeter
Trusted Distribution
12. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
Stored in Reak Memory
Cache Memory
Thrashing
Ring 2
13. Contains the ending address
B3 - Rating
A Limit Register (Memory Management)
TCB (Trusted Computing Base)
Direct addressing
14. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
The security perimeter
Labels - Orange Book
B1
Prevent secret information from being accessed
15. Each data object must contain a classification label and each subject must have a clearance label.
Swap Space
Polyinstantiation
B1 - Labeled Security
A lattice of Intergrity Levels
16. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
Secondary Storage
Firmware
The trustworthiness of an information system
Overt channel
17. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
Protection Rings Support
security protection mechanisms
Trusted Distribution
Execution Domain
18. I/O drivers and utilities
The *-Property rule (Star property)
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Ring 2
Prohibits
19. Trusted facility management is an assurance requirement only for ________________.
Highly secure systems (B2 - B3 and A1)
Swap Space
The security perimeter
Dedicated Security Mode
20. When a portion of primary memory is accessed by specifying the actual address of the memory location
Direct addressing
Assigned labels
B1
Thrashing
21. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
C1 - Discrection Security Protection is a type of environment
System High Security Mode
B3
The Trusted Computing Base (TCB)
22. Which increases the performance in a computer by overlapping the steps of different instructions?
Orange Book - D
The rule is talking about "Reading"
Pipelining
Trusted Network Interpretation (TNI)
23. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
Division B - Mandatory Protection Architecture
Implement software or systems in a production environment
C2 - Controlled Access Protection
Need-to-know
24. A system uses the Reference Monitor to ___________________ of a subject and an object?
Prohibits
Compare the security labels
Security rating B
Most commonly used approach
25. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
Pipelining
The Red Book
Ring 3
Access control to the objects by the subjects
26. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.
Disclosure of residual data
Highly secure systems (B2 - B3 and A1)
The Strong star property rule
'Dominate'
27. Using TPs (Transformation Procedures) to modify CDIs (Constrained Data) items is refered to as Well-Formed transaction
Constrained
Clark-Wilson Model
Reduced Instruction Set Computers (RISC)
International Standard 15408
28. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
Swap Space
B3 - Rating
Trusted facility management
Life-cycle assurance - O/B
29. In ______________ the subject must have: Need to Know for ALL the information contained within the system.
Dedicated Security Mode
International Standard 15408
The Integrity of data within applications
Certification
30. Involves sharing the processor amoung all ready processes
NOT Integrity
Files - directories and devices
B3
Multitasking
31. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle
Complex Instruction Set Computers (CISC)
Continuous protection - O/B
Trusted facility management
Division B - Mandatory Protection
32. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.
NOT Integrity
Ring 3
C2 - Controlled Access Protection
Orange Book interpretations
33. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain
Virtual storage
Models concerned with integrity
Constrained
Ring 2
34. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
The reference monitor
Orange Book ratings
Its classification label (Top Secret - Secret or confidential)
B1 - Labeled Security
35. Levels of Security and Levels of Trust Lower Letters of the alphabet represent higher levels of security. Higher numbers indicate a greater level of trust.
Virtual storage
Constrained
Orange Book ratings
Prohibits
36. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
Certification
Trusted Products Evaluation Program (TPEP)
The TCSEC - Aka Orange Book
An abstract machine
37. In the Bell-LaPadula Model the Subject's Label contains ___________________.
Its Clearance Label (Top Secret - Secret - or Confidential)
Real storage
Indexed addressing
A Layered Operating System Architecure
38. According to the Orange Book - trusted facility management is not required for which security levels?
Dedicated Security Mode
B1
Clark-Wilson
Division B - Mandatory Protection Architecture
39. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.
The Trusted Computing Base (TCB)
Buffer overflows
C2
The Strong star property rule
40. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
Certification
Controlling unauthorized downgrading of information
Process isolation
A and B
41. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.
Life Cycle Assurance Requirement
Subject to Object Model
NOT Integrity
No read up
42. As per FDA data should be ______________________________.
Attributable - original - accurate - contemporaneous and legible
Administrative declaration
B3
State machine model
43. The reserved hard drive space used to Extend RAM capabilities. Windows system use the pagefile.sys file to reserve this space
Simple Security Rule
Swap Space
TCB (Trusted Computing Base)
Attributable data
44. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.
Isolate processes
Physical security
Secondary Storage
Bell-LaPadula Model
45. What does the Clark-Wilson security model focus on
Orange Book - D
Higher or equal to access class
A single classification and a Compartment Set
Integrity
46. Mandatory Protection
Orange Book B
Assigned labels
Most commonly used approach
Secondary Storage
47. System Architecture that separates system functionality into Hierarchical layers
No write down
A Layered Operating System Architecure
Identification - Orange Book
Access Matrix model
48. The combination of RAM - Cache and the Processor Registers
Trusted facility management
Primary storage
C2 - Controlled Access Protection
The "No read Up" rule
49. When a computer uses more than one CPU in parallel to execute instructions is known as?
Multiprocessing
Implement software or systems in a production environment
Overt channel
The Common Criteria
50. The total combination of protection mechanisms within a computer system
Basic Security Theorem (used in computer science) definition
C2 - Controlled Access Protection
C2 - Controlled Access Protection
TCB (Trusted Computing Base)
