SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. What access control technique is also known as multilevel security?
Mandatory access control
Real storage
Ring 0
Orange Book interpretations
2. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.
Protection Rings Support
Polyinstantiation
Indexed addressing
First evaluation class
3. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
All Mandatory Access Control (MAC) systems
The Red Book
Orange Book - D
B1 - Labeled Security rating
4. Which is an ISO standard product evaluation criteria that supersedes several different criteria
Its classification label (Top Secret - Secret or confidential)
The Common Criteria
Disclosure of residual data
C1
5. Security Labels are not required until __________; thus C2 does not require security labels but B1 does
Bell-LaPadula Model
Security rating B
Ring 1
Real storage
6. Which can be used as a covert channel?
Be protected from modification
Storage and timing
B3
Cache Memory
7. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma
First evaluation class
Discretionary Security Property (ds-property)
Security mechanisms and evalautes their effectivenes
Isolate processes
8. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
First evaluation class
The security perimeter
Division B - Mandatory Protection Architecture
Compare the security labels
9. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?
A Base Register (Memory Management)
Documentation - Orange Book
Virtual storage
Fail safe
10. Which increases the performance in a computer by overlapping the steps of different instructions?
Pipelining
Clark-Wilson
Controls the checks
Division B - Mandatory Protection
11. A subject at a given clearance may not read an object at a higher classification
Relative Addresses
Indirect addressing
Dedicated Security Mode
The Simple Security Property
12. The Physical memory address that the CPU uses
Absolute addresses
Security Policy
Reduced Instruction Set Computers (RISC)
The security perimeter
13. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
C2 - Controlled Access Protection
Orange Book - B3
Direct addressing
D
14. Using TPs (Transformation Procedures) to modify CDIs (Constrained Data) items is refered to as Well-Formed transaction
Clark-Wilson Model
B3 - Rating
Virtual Memory
Sensitivity labels
15. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)
Discretionary Security Property (ds-property)
A security domain
Direct Addressing
Firmware
16. According to the Orange Book - trusted facility management is not required for which security levels?
Security Policy
Scalar processors
B1
Models concerned with integrity
17. Documentation must be provided - including test - design - and specification document - user guides and manuals
Cache Memory
NOT Integrity
Files - directories and devices
Documentation - Orange Book
18. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.
The Security Kernel
The Trusted Computing Base (TCB)
B1 - Labeled Security
Buffer (temporary data storage area)
19. The subject must have Need to Know for ONLY the information they are trying to access.
System High Security Mode
The Security Kernel
A1
Ring 1
20. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?
In C2 - Controlled Access Protection environment
Disclosure of residual data
Secondary Storage
A Thread
21. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.
C2 - Controlled Access Protection
No write down
Division B - Mandatory Protection Architecture
Continuous protection - O/B
22. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
B3 - Security Domains
All Mandatory Access Control (MAC) systems
The National Computer Security Center (NCSC)
Orange Book - B1
23. I/O drivers and utilities
A1 - Rating
Storage and timing
Trusted facility management
Ring 2
24. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
Implement software or systems in a production environment
Security Policy
Mandatory Access Control (MAC)
Security Policy - Orange Book
25. Which would be designated as objects on a MAC system?
Assigned labels
Files - directories and devices
*-Integrity Axiom
Access Matrix model
26. Discretionary protection
Programmable Read-Only Memory (PROM)
Integrity
Trusted facility management
Orange Book C
27. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.
Buffer overflows
Isolate processes
Orange Book - B1
Reduced Instruction Set Computers (RISC)
28. Subjects and Objects cannot change their security levels once they have been instantiated (created)
Labels - Orange Book
The TCSEC - Aka Orange Book
No read down
The Tranqulity principle (The Bell-LaPadula Model)
29. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.
Need-to-know
Security Policy is clearly defined and documented
Orange Book - B3
The rule is talking about "Reading"
30. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
attributability
Overt channel
Government and military applications
Indexed addressing
31. The Reserved hard drive space used to to extend RAM capabilites.
Subject to Object Model
Storage and timing
A Limit Register (Memory Management)
Swap Space
32. The TCB is the ________________ within a computer system that work together to enforce a security policy.
An abstract machine
Programmable Read-Only Memory (PROM)
Totality of protection mechanisms
Dedicated Security Mode
33. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.
Programmable Read-Only Memory (PROM)
Logical addresses
A lattice of Intergrity Levels
Fail safe
34. Mediates all access and Functions between subjects and objects.
A security kernel
Higher or equal to access class
The Security Kernel
A1
35. As per FDA data should be ______________________________.
Execution Domain
A Thread
Attributable - original - accurate - contemporaneous and legible
The Security Kernel
36. The Simple Security rule is refered to as______________.
Accreditation
Erasable and Programmable Read-Only Memory (EPROM)
The "No read Up" rule
Covert channels
37. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
Complex Instruction Set Computers (CISC)
A1 - Rating
C1 - Discretionary Security Protection
Orange Book A
38. Users need to be Identified individually to provide more precise acces control and auditing functionality.
The security perimeter
The Integrity of data within applications
Virtual Memory
C2 - Controlled Access Protection
39. Should always trace to individuals responsible for observing and recording the data
Attributable data
Mandatory Access Control (MAC)
Ring 3
Life-cycle assurance - O/B
40. The combination of RAM - Cache and the Processor Registers
Physical security
Examples of Layered Operating Systems
Primary storage
Security Policy is clearly defined and documented
41. The Biba Model adresses _____________________.
The Integrity of data within applications
Sensitivity labels
Discretionary Security Property (ds-property)
The National Computer Security Center (NCSC)
42. When a vendor submits a product for evaluation - it submits it to the ____________.
Access Matrix model
Security Policy - Orange Book
The National Computer Security Center (NCSC)
Direct addressing
43. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards
Administrative declaration
Invocation Property
Accreditation
B2 rating
44. Verification Protection
Evaluated separately
*-Integrity Axiom
Orange Book A
A security domain
45. The Availability - Integrity and confidentiality requirements of multitasking operating systems
Stored in Reak Memory
TCB (Trusted Computing Base)
Disclosure of residual data
Protection Rings Support
46. Succesfully Evaluated products are placed on?
D
The Evaluated Products List (EPL) with their corresponding rating
The Integrity of data within applications
B2
47. When a computer uses more than one CPU in parallel to execute instructions is known as?
Covert channels
Orange Book ratings
Multiprocessing
Compare the security labels
48. A1 is also called "Verified Design" and requires formal verification of the design and specifications.
Orange Book - A1
Ring 0
Attributable - original - accurate - contemporaneous and legible
Simple Integrity Axiom
49. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
B1 - Labeled Security
The reference monitor
Virtual storage
A single classification and a Compartment Set
50. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
Buffer overflows
B2 rating
Ring 0
Attributable - original - accurate - contemporaneous and legible