SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which Orange Book evaluation level is described as "Verified Design"?
A1
Controlling unauthorized downgrading of information
Pipelining
Security mechanisms and evalautes their effectivenes
2. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.
B3 - Rating
Virtual storage
The Integrity of data within applications
No write down
3. A Policy based control. All objects and systems have a sensitivity level assigned to them
Bell-LaPadula Model
The Strong star property rule
Files - directories and devices
Mandatory Access Control (MAC)
4. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"
Trusted Products Evaluation Program (TPEP)
Multiprocessing
B2 - Structured Protection
Simple Integrity Axiom
5. Permits a database to have two records that are identical except for Their classifications
Polyinstantiation
Its classification label (Top Secret - Secret or confidential)
A Base Register (Memory Management)
A security kernel
6. Which describe a condition when RAM and Secondary storage are used together?
The Simple Security Property
D
Ring 1
Virtual storage
7. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
C2
Trusted hardware - Software and Firmware
An abstract machine
Prohibits
8. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu
Security Policy is clearly defined and documented
Totality of protection mechanisms
The trustworthiness of an information system
Certification
9. When a vendor submits a product for evaluation - it submits it to the ____________.
Examples of Layered Operating Systems
Totality of protection mechanisms
The National Computer Security Center (NCSC)
Enforces the rules
10. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.
Division B - Mandatory Protection
The Strong star property rule
A1
A Layered Operating System Architecure
11. What are the components of an object's sensitivity label?
First evaluation class
Prevent secret information from being accessed
Mandatory access control
A single classification and a Compartment Set
12. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Accountability - Orange Book
Orange Book ratings
Evaluated separately
Firmware
13. Which uses Protection Profiles and Security Targets?
International Standard 15408
C2
Scalar processors
C1 - Discrection Security Protection is a type of environment
14. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
Bell-LaPadula Model
The Common Criteria
A and B
*-Integrity Axiom
15. The Orange book requires protection against two_____________ - which are these Timing and Storage
Implement software or systems in a production environment
The security perimeter
A and B
Types of covert channels
16. When the contents of the address defined in the program's instruction is added to that of an index register.
Indexed addressing
Scalar processors
Orange Book B
Bell-LaPadula Model
17. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object
Direct Addressing
Relative Addresses
Basic Security Theorem (used in computer science) definition
Access control to the objects by the subjects
18. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use
C1 - Discretionary Security Protection
Examples of Layered Operating Systems
The National Computer Security Center (NCSC)
Security mechanisms and evalautes their effectivenes
19. Each data object must contain a classification label and each subject must have a clearance label.
The Thread (memory Management)
The Security Kernel
Models concerned with integrity
B1 - Labeled Security
20. TCB contains The Security Kernel and all ______________.
Overt channel
Isolate processes
security protection mechanisms
The "No read Up" rule
21. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
Its classification label (Top Secret - Secret or confidential)
Firmware
Invocation Property
Trusted Distribution
22. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
C2
An abstract machine
The Integrity of data within applications
Most commonly used approach
23. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
Virtual storage
Orange Book - B2
All Mandatory Access Control (MAC) systems
B3
24. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
Controls the checks
Basic Security Theorem (used in computer science) definition
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Prohibits
25. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.
Compare the security labels
Overt channel
A1
Most commonly used approach
26. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
Scalar processors
C1 - Discrection Security Protection is a type of environment
Primary storage
Prohibits
27. Contains the beginning address
Accountability - Orange Book
Examples of Layered Operating Systems
A Base Register (Memory Management)
No write down
28. The Policy must be explicit and well defined and enforced by the mechanisms within the system
Government and military applications
Security Policy - Orange Book
C1 - Discrection Security Protection is a type of environment
Division B - Mandatory Protection Architecture
29. What access control technique is also known as multilevel security?
A single classification and a Compartment Set
The rule is talking about "Reading"
The security perimeter
Mandatory access control
30. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.
C2 - Controlled Access Protection
Access control to the objects by the subjects
B3 - Rating
The National Computer Security Center (NCSC)
31. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
Files - directories and devices
Reduced Instruction Set Computers (RISC)
B3
B3 - Security Domains
32. Remaining parts of the operating system
Protection Rings Support
Relative Addresses
A Limit Register (Memory Management)
Ring 1
33. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.
The security perimeter
The Strong star property rule
Networks and Communications
Ring 3
34. Mandatory Protection
Orange Book B
Examples of Layered Operating Systems
The Security Kernel
The reference monitor
35. Succesfully Evaluated products are placed on?
Clark-Wilson Model
An abstract machine
Trusted Network Interpretation (TNI)
The Evaluated Products List (EPL) with their corresponding rating
36. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
Life Cycle Assurance Requirement
Division D - Minimal Protection
The *-Property rule (Star property)
B2 - Structured Protection
37. In access control terms - the word "dominate" refers to ___________.
Higher or equal to access class
Files - directories and devices
Prevent secret information from being accessed
'Dominate'
38. The *-Property rule is refered to as ____________.
No read up
Dominate the object's sensitivity label
Orange Book - B1
The "No write Down" Rule
39. In both the Bell-LaPadula and Biba Models if the word "* or Star is used - _______________.
B1 - Labeled Security rating
Identification - Orange Book
Ring 3
The Rule is talking about writing
40. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
B3
Examples of Layered Operating Systems
Polyinstantiation
Multitasking
41. Data in Cache can be accessed much more quickly than Data
Protection Rings Support
Scalar processors
Absolute addresses
Stored in Reak Memory
42. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.
Trusted Products Evaluation Program (TPEP)
'Dominate'
NOT Integrity
The Security Kernel
43. The Bell-LaPadula model Subjects and Objects are ___________.
Assigned labels
Trusted Distribution
Security Policy
First evaluation class
44. The Biba Model adresses _____________________.
The reference monitor
Life-cycle assurance - O/B
The Integrity of data within applications
Invocation Property
45. The Availability - Integrity and confidentiality requirements of multitasking operating systems
Programmable Read-Only Memory (PROM)
State machine model
Protection Rings Support
No read up
46. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
B3 - Security Domains
Higher or equal to access class
Operational assurance requirements
Division B - Mandatory Protection Architecture
47. Minimal Security
No write down
NOT Integrity
Orange Book - D
Invocation Property
48. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.
Programmable Read-Only Memory (PROM)
Life-cycle assurance - O/B
Ring 0
B3
49. A1 is also called "Verified Design" and requires formal verification of the design and specifications.
A lattice of Intergrity Levels
Orange Book - A1
Trusted hardware - Software and Firmware
Labels - Orange Book
50. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
Prevent secret information from being accessed
C2 - Controlled Access Protection
Government and military applications
Absolute addresses
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests