SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?
A Layered Operating System Architecure
Fail safe
Multitasking
Real storage
2. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
The rule is talking about "Reading"
The Red Book
Orange Book C
The security perimeter
3. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
Models concerned with integrity
Disclosure of residual data
The reference monitor
State machine model
4. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
The Tranqulity principle (The Bell-LaPadula Model)
Storage and timing
Life-cycle assurance - O/B
The Thread (memory Management)
5. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.
B3
NOT Integrity
Invocation Property
Orange Book - B1
6. Documentation must be provided - including test - design - and specification document - user guides and manuals
No write down
International Standard 15408
Documentation - Orange Book
In C2 - Controlled Access Protection environment
7. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu
Its Clearance Label (Top Secret - Secret - or Confidential)
Certification
Security Policy is clearly defined and documented
Operational assurance requirements
8. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
Controls the checks
Implement software or systems in a production environment
C2 - Controlled Access Protection
Orange Book A
9. What model use an access control triples and requires that the system maintain separation of duty ?
A Domain
Clark-Wilson
C2 - Controlled Access Protection
Real storage
10. In the Bell-LaPadula Model the Object's Label contains ___________________.
Division D - Minimal Protection
C2 - Controlled Access Protection
'Dominate'
Its classification label (Top Secret - Secret or confidential)
11. The first mathematical model of a multi-level security policy used to define the concept of a secure state - the modes of access - and rules for granting access?
Overt channel
Virtual Memory
Bell-LaPadula Model
Orange Book B
12. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.
D
The Trusted Computing Base (TCB)
Security Policy is clearly defined and documented
Orange Book - B2
13. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.
Virtual Memory
Life Cycle Assurance Requirement
Basic Security Theorem (used in computer science) definition
C1 - Discretionary Security Protection
14. The group that oversees the processes of evaluation within TCSEC is?
The "No read Up" rule
Simple Security Rule
Trusted Products Evaluation Program (TPEP)
Orange Book - A1
15. The security kernel is the mechanism that _____________ of the reference monitor concept.
B1 - Labeled Security
Indirect addressing
C2
Enforces the rules
16. Which describe a condition when RAM and Secondary storage are used together?
Virtual storage
NOT Integrity
Trusted facility management
Orange Book - B1
17. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
Orange Book interpretations
A Domain
B2 - Structured Protection
Multiprocessing
18. As per FDA data should be ______________________________.
The trustworthiness of an information system
Attributable - original - accurate - contemporaneous and legible
Programmable Read-Only Memory (PROM)
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
19. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
Implement software or systems in a production environment
Security Policy is clearly defined and documented
Discretionary Security Property (ds-property)
Clark-Wilson Model
20. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system
Division C - Discretionary Protection
Prevent secret information from being accessed
The Monolithic Operation system Architecture
Mandatory Access Control (MAC)
21. Which in the Orange Book ratings represents the highest level of trust?
Orange Book interpretations
A Base Register (Memory Management)
The Tranqulity principle (The Bell-LaPadula Model)
B2
22. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.
No read up
Identification - Orange Book
The rule is talking about "Reading"
Basic Security Theorem (used in computer science) definition
23. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m
Division B - Mandatory Protection Architecture
Its classification label (Top Secret - Secret or confidential)
C2 - Controlled Access Protection
The Monolithic Operation system Architecture
24. The Biba Model adresses _____________________.
Controlling unauthorized downgrading of information
NOT Integrity
Networks and Communications
The Integrity of data within applications
25. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.
Simple Security Rule
A lattice of Intergrity Levels
B3
Storage and timing
26. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
Reduced Instruction Set Computers (RISC)
Storage and timing
The security kernel
Administrative declaration
27. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)
C1 - Discrection Security Protection is a type of environment
C2
Firmware
B2 - Structured Protection
28. The subject must have Need to Know for ONLY the information they are trying to access.
System High Security Mode
Life-cycle assurance - O/B
Simple Integrity Axiom
Reduced Instruction Set Computers (RISC)
29. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.
Simple Security Rule
The Biba Model
Certification
Buffer overflows
30. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
B3 - Rating
Division C - Discretionary Protection
The Strong star property rule
TCB (Trusted Computing Base)
31. Which Orange Book evaluation level is described as "Verified Design"?
A1
Virtual storage
Its Clearance Label (Top Secret - Secret - or Confidential)
Need-to-know
32. The *-Property rule is refered to as ____________.
Prevent secret information from being accessed
Swap Space
B3 - Security Domains
The "No write Down" Rule
33. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.
A security domain
C2 - Controlled Access Protection
Secondary Storage
State machine model
34. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
The "No write Down" Rule
The security kernel
The Red Book
Overt channel
35. Permits a database to have two records that are identical except for Their classifications
The Biba Model
Polyinstantiation
B1 - Labeled Security
TCB (Trusted Computing Base)
36. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
First evaluation class
All Mandatory Access Control (MAC) systems
B3
Division D - Minimal Protection
37. Users need to be Identified individually to provide more precise acces control and auditing functionality.
B3
The Monolithic Operation system Architecture
C2 - Controlled Access Protection
Multilevel Security Policies
38. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.
B1 - Labeled Security rating
Real storage
security protection mechanisms
C1 - Discrection Security Protection is a type of environment
39. Access control labels must be associated properly with objects.
Labels - Orange Book
Primary storage
Reduced Instruction Set Computers (RISC)
Examples of Layered Operating Systems
40. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.
The security perimeter
Examples of Layered Operating Systems
Division D - Minimal Protection
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
41. In access control terms - the word "dominate" refers to ___________.
TCB (Trusted Computing Base)
Higher or equal to access class
Be protected from modification
Invocation Property
42. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
A1 - Rating
Access Matrix model
The trustworthiness of an information system
Absolute addresses
43. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use
Examples of Layered Operating Systems
Virtual Memory
Reduced Instruction Set Computers (RISC)
The *-Property rule (Star property)
44. In ______________ the subject must have: Need to Know for ALL the information contained within the system.
Dedicated Security Mode
Discretionary Security Property (ds-property)
B2
Files - directories and devices
45. Levels of Security and Levels of Trust Lower Letters of the alphabet represent higher levels of security. Higher numbers indicate a greater level of trust.
Orange Book B
The rule is talking about "Reading"
Orange Book ratings
The Clark Wilson integrity model
46. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
Complex Instruction Set Computers (CISC)
Virtual storage
Buffer overflows
Models concerned with integrity
47. Mandatory access control is enfored by the use of security labels.
The *-Property rule (Star property)
Absolute addresses
Subject to Object Model
Division B - Mandatory Protection
48. The Reserved hard drive space used to to extend RAM capabilites.
Swap Space
Ring 3
No write down
Stored in Reak Memory
49. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
Orange Book - D
Stored in Reak Memory
Orange Book - B3
Clark-Wilson
50. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
Thrashing
The Rule is talking about writing
Constrained
The trustworthiness of an information system
