SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. According to the Orange Book - trusted facility management is not required for which security levels?
B1
Covert channels
A Domain
Life Cycle Assurance Requirement
2. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
Sensitivity labels
Models concerned with integrity
The Clark Wilson integrity model
Orange Book ratings
3. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.
Sensitivity labels
Dedicated Security Mode
Direct addressing
Need-to-know
4. What is called the formal acceptance of the adequacy of a system's overall security by management?
No read down
Accreditation
Pipelining
Be protected from modification
5. The Orange book requires protection against two_____________ - which are these Timing and Storage
A and B
NOT Integrity
Types of covert channels
Orange Book - D
6. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.
*-Integrity Axiom
Storage and timing
Evaluated separately
The rule is talking about "Reading"
7. Applications and user activity
B2 - Structured Protection
Ring 3
The Rule is talking about writing
A Domain
8. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
Trusted hardware - Software and Firmware
All Mandatory Access Control (MAC) systems
Life Cycle Assurance Requirement
Pagefile.sys file
9. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
Prevent secret information from being accessed
C2
Bell-LaPadula Model
Examples of Layered Operating Systems
10. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.
Simple Integrity Axiom
C1 - Discrection Security Protection is a type of environment
Controls the checks
B3 - Rating
11. Documentation must be provided - including test - design - and specification document - user guides and manuals
The National Computer Security Center (NCSC)
Files - directories and devices
Documentation - Orange Book
No read down
12. Mediates all access and Functions between subjects and objects.
Division B - Mandatory Protection
Higher or equal to access class
The Security Kernel
Compare the security labels
13. A domain of trust that shares a single security policy and single management
Multitasking
Secondary Storage
Identification - Orange Book
A security domain
14. Should always trace to individuals responsible for observing and recording the data
Attributable data
Controls the checks
C1
Security mechanisms and evalautes their effectivenes
15. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
Prohibits
C1
Security rating B
Buffer (temporary data storage area)
16. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.
Basic Security Theorem (used in computer science) definition
The National Computer Security Center (NCSC)
Swap Space
A lattice of Intergrity Levels
17. Which in the Orange Book ratings represents the highest level of trust?
B2
B3 - Security Domains
The Tranqulity principle (The Bell-LaPadula Model)
Swap Space
18. Which can be used as a covert channel?
Highly secure systems (B2 - B3 and A1)
Storage and timing
A Thread
The Trusted Computing Base (TCB)
19. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system
The Red Book
Disclosure of residual data
The "No write Down" Rule
Isolate processes
20. The Simple Security rule is refered to as______________.
The "No read Up" rule
C2 - Controlled Access Protection
Access control to the objects by the subjects
The *-Property rule (Star property)
21. When the address location that is specified in the program instruction contains the address of the final desired location.
Ring 3
Indirect addressing
Trusted hardware - Software and Firmware
A Base Register (Memory Management)
22. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
The Thread (memory Management)
Dedicated Security Mode
No write down
A security kernel
23. Contains an Address of where the instruction and dara reside that need to be processed.
Bell-LaPadula Model
Assigned labels
Disclosure of residual data
The Thread (memory Management)
24. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
Orange Book - A1
Models concerned with integrity
Protection Rings Support
Its Clearance Label (Top Secret - Secret - or Confidential)
25. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
Swap Space
Pipelining
B3 - Rating
The Red Book
26. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
Dedicated Security Mode
Be protected from modification
The Rule is talking about writing
The "No write Down" Rule
27. TCB contains The Security Kernel and all ______________.
The National Computer Security Center (NCSC)
Bell-LaPadula Model
First evaluation class
security protection mechanisms
28. Contains the ending address
Orange Book A
A Limit Register (Memory Management)
Orange Book C
Attributable - original - accurate - contemporaneous and legible
29. What does the simple security (ss) property mean in the Bell-LaPadula model?
No read up
Operational assurance requirements
Examples of Layered Operating Systems
B2
30. What are the components of an object's sensitivity label?
Division C - Discretionary Protection
Indexed addressing
A single classification and a Compartment Set
A Layered Operating System Architecure
31. The Policy must be explicit and well defined and enforced by the mechanisms within the system
Security Policy - Orange Book
Orange Book A
Compare the security labels
No read down
32. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
Orange Book - A1
All Mandatory Access Control (MAC) systems
Highly secure systems (B2 - B3 and A1)
D
33. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
The "No write Down" Rule
Secondary Storage
Accountability - Orange Book
Controlling unauthorized downgrading of information
34. As per FDA data should be ______________________________.
Complex Instruction Set Computers (CISC)
Attributable - original - accurate - contemporaneous and legible
Dedicated Security Mode
Controls the checks
35. Bell-LaPadula model was proposed for enforcing access control in _____________________.
B2
Government and military applications
Networks and Communications
security protection mechanisms
36. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
Fail safe
Types of covert channels
First evaluation class
Thrashing
37. The Security Model Incorporates the ____________ that should be enforced in the system.
Ring 1
Mandatory Access Control (MAC)
Attributable data
Security Policy
38. Remaining parts of the operating system
Ring 1
Buffer overflows
Security Policy - Orange Book
Assigned labels
39. An organization within the National Security Agency (NSA) is responsible for Evaluating computer systems and products. The Trusted Product Evaluation program (TPEP) oversees the testing by approved entities of commercial products against a specific s
Life Cycle Assurance Requirement
Continuous protection - O/B
Ring 1
The National Computer Security Center (NCSC)
40. In the Bell-LaPadula Model the Object's Label contains ___________________.
Implement software or systems in a production environment
Indirect addressing
Operational assurance requirements
Its classification label (Top Secret - Secret or confidential)
41. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.
Simple Integrity Axiom
Swap Space
A1
Multilevel Security Policies
42. A set of objects that a subject is able to access
Types of covert channels
Pagefile.sys file
A Domain
security protection mechanisms
43. Used by Windows systems to reserve the "Swap Space"
Bell-LaPadula Model
Pagefile.sys file
Operational assurance requirements
B2 rating
44. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
Implement software or systems in a production environment
Documentation - Orange Book
Attributable - original - accurate - contemporaneous and legible
Need-to-know
45. System Architecture that separates system functionality into Hierarchical layers
Mandatory access control
A Layered Operating System Architecure
The National Computer Security Center (NCSC)
Pagefile.sys file
46. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
A and B
Bell-LaPadula Model
A Limit Register (Memory Management)
The security perimeter
47. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
Discretionary Security Property (ds-property)
Higher or equal to access class
Trusted Network Interpretation (TNI)
C1 - Discretionary Security Protection
48. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
B3 - Rating
Administrative declaration
B3 - Security Domains
No read up
49. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
Orange Book interpretations
A Thread
The TCSEC - Aka Orange Book
The Trusted Computing Base (TCB)
50. The group that oversees the processes of evaluation within TCSEC is?
The security perimeter
Orange Book - A1
Operational assurance requirements
Trusted Products Evaluation Program (TPEP)
