SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)
Documentation - Orange Book
*-Integrity Axiom
B2 - Structured Protection
Ring 3
2. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.
The Evaluated Products List (EPL) with their corresponding rating
The Integrity of data within applications
C2 - Controlled Access Protection
Stored in Reak Memory
3. The Simple Security rule is refered to as______________.
The *-Property rule (Star property)
Orange Book - D
Files - directories and devices
The "No read Up" rule
4. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)
Secondary Storage
Firmware
Compare the security labels
No read down
5. Based on a known address with an offset value applied.
Orange Book - B3
Accountability - Orange Book
Be protected from modification
Relative Addresses
6. Documentation must be provided - including test - design - and specification document - user guides and manuals
Documentation - Orange Book
Indexed addressing
Enforces the rules
Integrity
7. Data in Cache can be accessed much more quickly than Data
Stored in Reak Memory
The *-Property rule (Star property)
A single classification and a Compartment Set
The National Computer Security Center (NCSC)
8. When a computer uses more than one CPU in parallel to execute instructions is known as?
Multiprocessing
Files - directories and devices
Networks and Communications
A Thread
9. A domain of trust that shares a single security policy and single management
Storage and timing
Simple Integrity Axiom
A security domain
Higher or equal to access class
10. Users need to be Identified individually to provide more precise acces control and auditing functionality.
Networks and Communications
D
Mandatory Access Control (MAC)
C2 - Controlled Access Protection
11. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use
Examples of Layered Operating Systems
No read up
Subject to Object Model
C2 - Controlled Access Protection
12. Which Orange Book evaluation level is described as "Discretionary Security Protection"?
C1
The reference monitor
Attributable - original - accurate - contemporaneous and legible
Integrity
13. Mediates all access and Functions between subjects and objects.
Constrained
Life Cycle Assurance Requirement
The Security Kernel
The Common Criteria
14. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
Controls the checks
Trusted Distribution
Multitasking
The Thread (memory Management)
15. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.
Most commonly used approach
Totality of protection mechanisms
Sensitivity labels
B1 - Labeled Security
16. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.
Labels - Orange Book
Complex Instruction Set Computers (CISC)
Orange Book - B1
Simple Security Rule
17. In both the Bell-LaPadula and Biba Models if the word "* or Star is used - _______________.
Direct addressing
Prohibits
The Rule is talking about writing
Protection Rings Support
18. TCB contains The Security Kernel and all ______________.
Prevent secret information from being accessed
security protection mechanisms
Integrity
Swap Space
19. Bell-LaPadula Model -______________: A subject in a given security level can NOT WRITE information to a LOWER security level.
Dedicated Security Mode
The *-Property rule (Star property)
Swap Space
Examples of Layered Operating Systems
20. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
Clark-Wilson
Isolate processes
Logical addresses
B3
21. The Physical memory address that the CPU uses
Ring 0
A security domain
Absolute addresses
Multitasking
22. Can be erased - modified and upgraded.
The Evaluated Products List (EPL) with their corresponding rating
Erasable and Programmable Read-Only Memory (EPROM)
Thrashing
Isolate processes
23. The first mathematical model of a multi-level security policy used to define the concept of a secure state - the modes of access - and rules for granting access?
Dedicated Security Mode
Buffer (temporary data storage area)
Logical addresses
Bell-LaPadula Model
24. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
Swap Space
Certification
Thrashing
Life-cycle assurance - O/B
25. The Bell-LaPadula Model is a _______________.
Subject to Object Model
Life Cycle Assurance Requirement
Orange Book - B1
Simple Integrity Axiom
26. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
The Evaluated Products List (EPL) with their corresponding rating
Be protected from modification
Swap Space
B3 - Rating
27. Mandatory Access requires that _____________ be attached to all objects.
Sensitivity labels
Isolate processes
Protection Rings Support
Ring 1
28. The assignment of a specific individual to administer the security-related functions of a system.
A and B
The security perimeter
Orange Book - B1
Trusted facility management
29. What access control technique is also known as multilevel security?
Mandatory access control
In C2 - Controlled Access Protection environment
Security mechanisms and evalautes their effectivenes
*-Integrity Axiom
30. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?
Security rating B
Fail safe
Prevent secret information from being accessed
The Tranqulity principle (The Bell-LaPadula Model)
31. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.
Orange Book - B1
Simple Integrity Axiom
A single classification and a Compartment Set
The Biba Model
32. The Availability - Integrity and confidentiality requirements of multitasking operating systems
Protection Rings Support
Sensitivity labels
A single classification and a Compartment Set
Overt channel
33. Trusted facility management is an assurance requirement only for ________________.
Highly secure systems (B2 - B3 and A1)
Direct Addressing
Evaluated separately
B3 - Security Domains
34. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.
Reduced Instruction Set Computers (RISC)
Thrashing
No write down
Life Cycle Assurance Requirement
35. The group that oversees the processes of evaluation within TCSEC is?
Trusted Products Evaluation Program (TPEP)
The *-Property rule (Star property)
Swap Space
Pipelining
36. Which addresses a portion of the primary memory by specifying the actual address of the memory location?
Government and military applications
No write down
Operational assurance requirements
Direct Addressing
37. Which TCSEC level first addresses object reuse?
A Thread
C2
Accreditation
Firmware
38. A1 is also called "Verified Design" and requires formal verification of the design and specifications.
Orange Book - B1
attributability
Orange Book - A1
Complex Instruction Set Computers (CISC)
39. The C2 evaluation class of the _________________ offers controlled access protection.
Identification - Orange Book
A single classification and a Compartment Set
Trusted Network Interpretation (TNI)
Implement software or systems in a production environment
40. Which is a straightforward approach that provides access rights to subjects for objects?
Overt channel
Swap Space
Access Matrix model
Primary storage
41. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
The rule is talking about "Reading"
C2
Stored in Reak Memory
Dominate the object's sensitivity label
42. Individual subjects must be uniquely identified.
Identification - Orange Book
Controlling unauthorized downgrading of information
Buffer (temporary data storage area)
Discretionary Security Property (ds-property)
43. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle
B3 - Rating
Complex Instruction Set Computers (CISC)
Basic Security Theorem (used in computer science) definition
The security perimeter
44. When a vendor submits a product for evaluation - it submits it to the ____________.
A Layered Operating System Architecure
The National Computer Security Center (NCSC)
B3
Most commonly used approach
45. The reserved hard drive space used to Extend RAM capabilities. Windows system use the pagefile.sys file to reserve this space
Swap Space
A lattice of Intergrity Levels
The Biba Model
Secondary Storage
46. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.
Programmable Read-Only Memory (PROM)
Models concerned with integrity
B1 - Labeled Security
Ring 2
47. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
Prevent secret information from being accessed
The "No read Up" rule
Operational assurance requirements
In C2 - Controlled Access Protection environment
48. When the RAM and secondary storage are combined the result is __________.
Security rating B
Virtual Memory
No write down
Process isolation
49. Components considered as part of the Trusted Computing Base (from the Orange Book) are?
B2
Trusted hardware - Software and Firmware
Dedicated Security Mode
C1
50. The Policy must be explicit and well defined and enforced by the mechanisms within the system
Security Policy - Orange Book
Attributable - original - accurate - contemporaneous and legible
The Evaluated Products List (EPL) with their corresponding rating
Pagefile.sys file
