SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Data in Cache can be accessed much more quickly than Data
Prevent secret information from being accessed
Stored in Reak Memory
Buffer (temporary data storage area)
A and B
2. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards
Trusted Network Interpretation (TNI)
Administrative declaration
Programmable Read-Only Memory (PROM)
Orange Book - B1
3. The Policy must be explicit and well defined and enforced by the mechanisms within the system
Mandatory access control
Controlling unauthorized downgrading of information
Security Policy - Orange Book
In C2 - Controlled Access Protection environment
4. Contains the beginning address
A Base Register (Memory Management)
Dedicated Security Mode
B2 rating
The "No read Up" rule
5. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?
Most commonly used approach
Trusted Network Interpretation (TNI)
Fail safe
Division B - Mandatory Protection Architecture
6. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.
Bell-LaPadula Model
The security perimeter
A lattice of Intergrity Levels
Ring 1
7. Mandatory Protection
Stored in Reak Memory
A security kernel
Security mechanisms and evalautes their effectivenes
Orange Book B
8. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.
An abstract machine
The Security Kernel
The reference monitor
State machine model
9. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
Multilevel Security Policies
C2
B2 rating
No read down
10. The Orange book does NOT Cover ________________ - And Database management systems
Networks and Communications
The "No write Down" Rule
Division D - Minimal Protection
The reference monitor
11. Intended for environments that require systems to handle classified data.
A security domain
Trusted Distribution
B1 - Labeled Security rating
Accreditation
12. Each data object must contain a classification label and each subject must have a clearance label.
C1 - Discretionary Security Protection
Orange Book - B1
B1 - Labeled Security
Models concerned with integrity
13. The Biba Model adresses _____________________.
The Integrity of data within applications
C2 - Controlled Access Protection
Dedicated Security Mode
The reference monitor
14. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.
Administrative declaration
A lattice of Intergrity Levels
Process isolation
Storage and timing
15. The Availability - Integrity and confidentiality requirements of multitasking operating systems
Need-to-know
Complex Instruction Set Computers (CISC)
No read down
Protection Rings Support
16. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
Virtual Memory
A1
In C2 - Controlled Access Protection environment
Programmable Read-Only Memory (PROM)
17. Components considered as part of the Trusted Computing Base (from the Orange Book) are?
Process isolation
Trusted hardware - Software and Firmware
B3
Certification
18. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.
B1 - Labeled Security
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Prevent secret information from being accessed
Multilevel Security Policies
19. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
Trusted Network Interpretation (TNI)
Administrative declaration
Division C - Discretionary Protection
Division B - Mandatory Protection Architecture
20. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.
Orange Book - A1
The Biba Model
The "No read Up" rule
Cache Memory
21. Involves sharing the processor amoung all ready processes
The Evaluated Products List (EPL) with their corresponding rating
Multitasking
Networks and Communications
Ring 2
22. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
A security kernel
The Common Criteria
C2 - Controlled Access Protection
Division D - Minimal Protection
23. What are the components of an object's sensitivity label?
A single classification and a Compartment Set
C2 - Controlled Access Protection
A Base Register (Memory Management)
B2 rating
24. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
Examples of Layered Operating Systems
Swap Space
A security kernel
A Thread
25. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.
Controls the checks
First evaluation class
The Security Kernel
Simple Security Rule
26. Security Labels are not required until __________; thus C2 does not require security labels but B1 does
Security rating B
A lattice of Intergrity Levels
The Evaluated Products List (EPL) with their corresponding rating
C1 - Discretionary Security Protection
27. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
Access Matrix model
Invocation Property
Simple Integrity Axiom
A and B
28. In access control terms - the word "dominate" refers to ___________.
All Mandatory Access Control (MAC) systems
Pagefile.sys file
The Strong star property rule
Higher or equal to access class
29. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)
Attributable data
*-Integrity Axiom
The Biba Model
Clark-Wilson Model
30. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.
The rule is talking about "Reading"
Trusted Distribution
An abstract machine
Virtual Memory
31. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
Life-cycle assurance - O/B
Assigned labels
Swap Space
security protection mechanisms
32. Applications and user activity
Life Cycle Assurance Requirement
Ring 3
Sensitivity labels
'Dominate'
33. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
A1
The security perimeter
A and B
Mandatory access control
34. What does the simple integrity axiom mean in the Biba model?
Swap Space
Pipelining
No read down
A Layered Operating System Architecure
35. Which TCSEC level first addresses object reuse?
'Dominate'
Physical security
Dedicated Security Mode
C2
36. What does the Clark-Wilson security model focus on
Examples of Layered Operating Systems
Enforces the rules
Dedicated Security Mode
Integrity
37. TCSEC provides a means to evaluate ______________________.
Clark-Wilson
Virtual storage
The rule is talking about "Reading"
The trustworthiness of an information system
38. The group that oversees the processes of evaluation within TCSEC is?
Trusted Products Evaluation Program (TPEP)
Scalar processors
A Layered Operating System Architecure
Buffer overflows
39. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
The *-Property rule (Star property)
C2
Higher or equal to access class
TCB (Trusted Computing Base)
40. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
Integrity
Indirect addressing
The reference monitor
Swap Space
41. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs
Secondary Storage
Division D - Minimal Protection
Erasable and Programmable Read-Only Memory (EPROM)
Simple Security Rule
42. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.
The Strong star property rule
Virtual storage
The Common Criteria
International Standard 15408
43. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object
Execution Domain
B1
Trusted Products Evaluation Program (TPEP)
Access control to the objects by the subjects
44. The Indexed memory addresses that software uses
A security domain
Dedicated Security Mode
The Security Kernel
Logical addresses
45. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
In C2 - Controlled Access Protection environment
Examples of Layered Operating Systems
Be protected from modification
The Security Kernel
46. Which describe a condition when RAM and Secondary storage are used together?
Security mechanisms and evalautes their effectivenes
Reduced Instruction Set Computers (RISC)
Virtual storage
Programmable Read-Only Memory (PROM)
47. The Orange book requires protection against two_____________ - which are these Timing and Storage
Types of covert channels
Invocation Property
Integrity
Programmable Read-Only Memory (PROM)
48. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system
The Monolithic Operation system Architecture
Networks and Communications
C1
Controls the checks
49. A subject at a given clearance may not read an object at a higher classification
Models concerned with integrity
Certification
The Simple Security Property
Higher or equal to access class
50. Should always trace to individuals responsible for observing and recording the data
Ring 1
Real storage
Attributable data
Orange Book interpretations
