SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. What access control technique is also known as multilevel security?
Labels - Orange Book
The Integrity of data within applications
Polyinstantiation
Mandatory access control
2. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object
B1 - Labeled Security
Access control to the objects by the subjects
The security kernel
Clark-Wilson Model
3. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
D
No read up
Orange Book ratings
Pagefile.sys file
4. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
Controlling unauthorized downgrading of information
Physical security
Trusted Network Interpretation (TNI)
The Thread (memory Management)
5. TCB contains The Security Kernel and all ______________.
International Standard 15408
Physical security
Evaluated separately
security protection mechanisms
6. What model use an access control triples and requires that the system maintain separation of duty ?
Clark-Wilson
The rule is talking about "Reading"
Prohibits
Ring 0
7. Individual subjects must be uniquely identified.
Life-cycle assurance - O/B
Identification - Orange Book
Orange Book - B1
C1
8. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
Process isolation
In C2 - Controlled Access Protection environment
The Monolithic Operation system Architecture
Scalar processors
9. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system
B3
Virtual Memory
The Monolithic Operation system Architecture
Polyinstantiation
10. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.
Orange Book - B1
The security perimeter
Its Clearance Label (Top Secret - Secret - or Confidential)
Bell-LaPadula Model
11. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards
Bell-LaPadula Model
Administrative declaration
Process isolation
Ring 1
12. The C2 evaluation class of the _________________ offers controlled access protection.
Trusted Network Interpretation (TNI)
Types of covert channels
Its Clearance Label (Top Secret - Secret - or Confidential)
Multilevel Security Policies
13. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
Need-to-know
Certification
Ring 3
B1 - Labeled Security
14. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma
Orange Book - B1
Discretionary Security Property (ds-property)
Models concerned with integrity
Totality of protection mechanisms
15. When a computer uses more than one CPU in parallel to execute instructions is known as?
Multiprocessing
Absolute addresses
Direct Addressing
Execution Domain
16. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.
Bell-LaPadula Model
Secondary Storage
Operational assurance requirements
Overt channel
17. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.
C1 - Discrection Security Protection is a type of environment
B2
Buffer overflows
Higher or equal to access class
18. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs
State machine model
Secondary Storage
Buffer (temporary data storage area)
Real storage
19. Permits a database to have two records that are identical except for Their classifications
Polyinstantiation
The Simple Security Property
First evaluation class
Orange Book interpretations
20. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
C1 - Discretionary Security Protection
Polyinstantiation
Buffer (temporary data storage area)
Erasable and Programmable Read-Only Memory (EPROM)
21. A Policy based control. All objects and systems have a sensitivity level assigned to them
Division B - Mandatory Protection Architecture
Mandatory Access Control (MAC)
Attributable - original - accurate - contemporaneous and legible
Orange Book - A1
22. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
Compare the security labels
Security Policy
Life-cycle assurance - O/B
The Red Book
23. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Evaluated separately
Orange Book - D
C1 - Discretionary Security Protection
Buffer overflows
24. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
Discretionary Security Property (ds-property)
Controls the checks
A and B
Attributable data
25. What prevents a process from accessing another process' data?
Mandatory Access Control (MAC)
TCB (Trusted Computing Base)
Process isolation
Multilevel Security Policies
26. When a vendor submits a product for evaluation - it submits it to the ____________.
Direct Addressing
B3
Relative Addresses
The National Computer Security Center (NCSC)
27. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.
System High Security Mode
Sensitivity labels
Documentation - Orange Book
Physical security
28. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.
Buffer (temporary data storage area)
The *-Property rule (Star property)
The Strong star property rule
Orange Book - B2
29. Users need to be Identified individually to provide more precise acces control and auditing functionality.
Integrity
B2 rating
Compare the security labels
C2 - Controlled Access Protection
30. Contains the ending address
Enforces the rules
The Security Kernel
A Limit Register (Memory Management)
No write down
31. The Orange book does NOT Cover ________________ - And Database management systems
Be protected from modification
Absolute addresses
Multilevel Security Policies
Networks and Communications
32. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
The Monolithic Operation system Architecture
Overt channel
B3
No write down
33. Trusted facility management is an assurance requirement only for ________________.
Basic Security Theorem (used in computer science) definition
No write down
Covert channels
Highly secure systems (B2 - B3 and A1)
34. The combination of RAM - Cache and the Processor Registers
Invocation Property
The trustworthiness of an information system
Division D - Minimal Protection
Primary storage
35. The security kernel is the mechanism that _____________ of the reference monitor concept.
Erasable and Programmable Read-Only Memory (EPROM)
Virtual storage
Enforces the rules
Orange Book ratings
36. System Architecture that separates system functionality into Hierarchical layers
B3 - Security Domains
Polyinstantiation
Simple Security Rule
A Layered Operating System Architecure
37. Which describe a condition when RAM and Secondary storage are used together?
System High Security Mode
Identification - Orange Book
Virtual storage
Mandatory Access Control (MAC)
38. Should always trace to individuals responsible for observing and recording the data
Dominate the object's sensitivity label
Life-cycle assurance - O/B
Attributable data
Security Policy is clearly defined and documented
39. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.
Clark-Wilson
Government and military applications
attributability
In C2 - Controlled Access Protection environment
40. Succesfully Evaluated products are placed on?
Ring 0
Pagefile.sys file
D
The Evaluated Products List (EPL) with their corresponding rating
41. The Red Book aka Trusted Network Interpretation (TNI) - provides _________________ for Trusted computer and communications network systems under the areas of assurance requirements
Orange Book interpretations
B1 - Labeled Security
*-Integrity Axiom
Discretionary Security Property (ds-property)
42. Which Orange Book evaluation level is described as "Verified Design"?
Files - directories and devices
Programmable Read-Only Memory (PROM)
A1
B3 - Rating
43. What does the * (star) property mean in the Bell-LaPadula model?
Orange Book - D
Multitasking
Its Clearance Label (Top Secret - Secret - or Confidential)
No write down
44. What is called the formal acceptance of the adequacy of a system's overall security by management?
Accreditation
The Monolithic Operation system Architecture
Indexed addressing
Storage and timing
45. A subject at a given clearance may not read an object at a higher classification
Indirect addressing
Ring 1
Discretionary Security Property (ds-property)
The Simple Security Property
46. Execute one instruction at a time.
C1 - Discretionary Security Protection
Dominate the object's sensitivity label
Scalar processors
Thrashing
47. Components considered as part of the Trusted Computing Base (from the Orange Book) are?
Trusted hardware - Software and Firmware
A1 - Rating
Bell-LaPadula Model
Prohibits
48. The assignment of a specific individual to administer the security-related functions of a system.
Trusted facility management
The security perimeter
Erasable and Programmable Read-Only Memory (EPROM)
Logical addresses
49. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
Trusted hardware - Software and Firmware
A security kernel
Ring 0
Direct addressing
50. The Indexed memory addresses that software uses
Security rating B
Logical addresses
The TCSEC - Aka Orange Book
A and B