SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which in the Orange Book ratings represents the highest level of trust?
Security rating B
'Dominate'
Highly secure systems (B2 - B3 and A1)
B2
2. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
Totality of protection mechanisms
B3
Indexed addressing
Highly secure systems (B2 - B3 and A1)
3. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
The Common Criteria
Controlling unauthorized downgrading of information
security protection mechanisms
Division B - Mandatory Protection Architecture
4. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain
Higher or equal to access class
Indirect addressing
Constrained
The National Computer Security Center (NCSC)
5. When the RAM and secondary storage are combined the result is __________.
Government and military applications
Virtual Memory
Swap Space
Absolute addresses
6. Mandatory Access requires that _____________ be attached to all objects.
B2 - Structured Protection
Sensitivity labels
Clark-Wilson Model
C1 - Discrection Security Protection is a type of environment
7. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.
The security perimeter
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Enforces the rules
Swap Space
8. The TCB is the ________________ within a computer system that work together to enforce a security policy.
Direct addressing
Totality of protection mechanisms
C1 - Discrection Security Protection is a type of environment
Division C - Discretionary Protection
9. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
In C2 - Controlled Access Protection environment
First evaluation class
Life-cycle assurance - O/B
A security domain
10. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Evaluated separately
Prevent secret information from being accessed
Its Clearance Label (Top Secret - Secret - or Confidential)
Access Matrix model
11. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
Government and military applications
Identification - Orange Book
Certification
Trusted Network Interpretation (TNI)
12. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.
Orange Book - B1
B2
C2 - Controlled Access Protection
Controls the checks
13. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
The Common Criteria
The reference monitor
Primary storage
Trusted Distribution
14. The Biba Model adresses _____________________.
Direct addressing
The Integrity of data within applications
Discretionary Security Property (ds-property)
B3 - Rating
15. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)
NOT Integrity
Firmware
International Standard 15408
Most commonly used approach
16. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.
C1 - Discrection Security Protection is a type of environment
C1
Orange Book C
Security Policy is clearly defined and documented
17. Which Orange Book evaluation level is described as "Discretionary Security Protection"?
C1
C2 - Controlled Access Protection
Attributable - original - accurate - contemporaneous and legible
Indexed addressing
18. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?
The TCSEC - Aka Orange Book
Clark-Wilson Model
Controls the checks
Trusted hardware - Software and Firmware
19. In the Bell-LaPadula Model the Subject's Label contains ___________________.
B3
Networks and Communications
Its Clearance Label (Top Secret - Secret - or Confidential)
Constrained
20. Bell-LaPadula model was proposed for enforcing access control in _____________________.
The Simple Security Property
Integrity
D
Government and military applications
21. Trusted facility management is an assurance requirement only for ________________.
Division B - Mandatory Protection
Highly secure systems (B2 - B3 and A1)
Buffer (temporary data storage area)
The "No read Up" rule
22. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.
Multilevel Security Policies
B2 - Structured Protection
security protection mechanisms
Life Cycle Assurance Requirement
23. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs
State machine model
Ring 0
A security kernel
Secondary Storage
24. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.
Programmable Read-Only Memory (PROM)
Accreditation
Assigned labels
Stored in Reak Memory
25. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.
Physical security
A Base Register (Memory Management)
Ring 3
The Evaluated Products List (EPL) with their corresponding rating
26. An organization within the National Security Agency (NSA) is responsible for Evaluating computer systems and products. The Trusted Product Evaluation program (TPEP) oversees the testing by approved entities of commercial products against a specific s
Pagefile.sys file
The National Computer Security Center (NCSC)
Simple Security Rule
Direct Addressing
27. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
Prevent secret information from being accessed
The Red Book
attributability
Trusted facility management
28. The Red Book aka Trusted Network Interpretation (TNI) - provides _________________ for Trusted computer and communications network systems under the areas of assurance requirements
Mandatory access control
Controls the checks
Dedicated Security Mode
Orange Book interpretations
29. Remaining parts of the operating system
Ring 1
Division D - Minimal Protection
B1
Access Matrix model
30. Permits a database to have two records that are identical except for Their classifications
The Clark Wilson integrity model
Polyinstantiation
Highly secure systems (B2 - B3 and A1)
The National Computer Security Center (NCSC)
31. All users have a clearance for and a formal need to know about - all data processed with the system.
The Evaluated Products List (EPL) with their corresponding rating
Polyinstantiation
Dedicated Security Mode
Swap Space
32. When a computer uses more than one CPU in parallel to execute instructions is known as?
A Domain
Totality of protection mechanisms
Multiprocessing
Scalar processors
33. Audit data must be captured and protected to enforce accountability
Process isolation
Files - directories and devices
Trusted Network Interpretation (TNI)
Accountability - Orange Book
34. Which increases the performance in a computer by overlapping the steps of different instructions?
Orange Book interpretations
Continuous protection - O/B
Totality of protection mechanisms
Pipelining
35. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.
Polyinstantiation
No read up
Operational assurance requirements
Documentation - Orange Book
36. A set of objects that a subject is able to access
A Domain
Ring 3
Mandatory access control
Sensitivity labels
37. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
B3 - Security Domains
Ring 3
Be protected from modification
Evaluated separately
38. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
Invocation Property
Thrashing
The Tranqulity principle (The Bell-LaPadula Model)
Labels - Orange Book
39. Which TCSEC level first addresses object reuse?
Orange Book A
Basic Security Theorem (used in computer science) definition
Orange Book ratings
C2
40. A subject at a given clearance may not read an object at a higher classification
The Simple Security Property
The Thread (memory Management)
The security perimeter
Security Policy
41. Access control labels must be associated properly with objects.
Prevent secret information from being accessed
Swap Space
Labels - Orange Book
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
42. A system uses the Reference Monitor to ___________________ of a subject and an object?
Bell-LaPadula Model
Compare the security labels
Multitasking
Execution Domain
43. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
A Domain
C2
B2
Security rating B
44. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
Trusted Products Evaluation Program (TPEP)
Clark-Wilson
Implement software or systems in a production environment
Controlling unauthorized downgrading of information
45. The Simple Security rule is refered to as______________.
Documentation - Orange Book
Orange Book interpretations
The "No read Up" rule
B1
46. Another word for Primary storage and distinguishes physical memory from virtual memory.
Orange Book - B2
A security domain
Real storage
Security Policy is clearly defined and documented
47. System Architecture that separates system functionality into Hierarchical layers
Firmware
A Layered Operating System Architecure
Swap Space
Evaluated separately
48. Contains the beginning address
A Base Register (Memory Management)
Government and military applications
Subject to Object Model
No write down
49. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
Overt channel
Highly secure systems (B2 - B3 and A1)
Trusted Network Interpretation (TNI)
The *-Property rule (Star property)
50. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
Multitasking
Orange Book interpretations
Multilevel Security Policies
Orange Book - B3