SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
The trustworthiness of an information system
Simple Security Rule
Prevent secret information from being accessed
The security kernel
2. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
Direct Addressing
In C2 - Controlled Access Protection environment
Discretionary Security Property (ds-property)
Complex Instruction Set Computers (CISC)
3. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain
Simple Integrity Axiom
NOT Integrity
C2 - Controlled Access Protection
Constrained
4. Minimal Security
Operational assurance requirements
B2 rating
TCB (Trusted Computing Base)
Orange Book - D
5. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
The Rule is talking about writing
D
Access control to the objects by the subjects
B3 - Security Domains
6. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.
Networks and Communications
Multitasking
The *-Property rule (Star property)
NOT Integrity
7. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.
C1
The "No read Up" rule
Firmware
Operational assurance requirements
8. Which can be used as a covert channel?
Thrashing
The Evaluated Products List (EPL) with their corresponding rating
Storage and timing
Accreditation
9. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
Documentation - Orange Book
The Integrity of data within applications
Orange Book C
A security kernel
10. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
Totality of protection mechanisms
B2 - Structured Protection
The Rule is talking about writing
Clark-Wilson
11. The Simple Security rule is refered to as______________.
Orange Book - D
The "No read Up" rule
In C2 - Controlled Access Protection environment
The Thread (memory Management)
12. What are the components of an object's sensitivity label?
Reduced Instruction Set Computers (RISC)
A Base Register (Memory Management)
Government and military applications
A single classification and a Compartment Set
13. Users need to be Identified individually to provide more precise acces control and auditing functionality.
A Domain
Security Policy is clearly defined and documented
C2 - Controlled Access Protection
Its classification label (Top Secret - Secret or confidential)
14. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.
Attributable - original - accurate - contemporaneous and legible
Files - directories and devices
B3 - Rating
A single classification and a Compartment Set
15. Remaining parts of the operating system
The security kernel
Stored in Reak Memory
Ring 1
attributability
16. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
Physical security
Prohibits
Erasable and Programmable Read-Only Memory (EPROM)
The Tranqulity principle (The Bell-LaPadula Model)
17. Which is a straightforward approach that provides access rights to subjects for objects?
Firmware
Access Matrix model
Orange Book - B1
Operational assurance requirements
18. In the Bell-LaPadula Model the Object's Label contains ___________________.
A security kernel
First evaluation class
Its classification label (Top Secret - Secret or confidential)
D
19. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
A and B
Buffer (temporary data storage area)
System High Security Mode
Discretionary Security Property (ds-property)
20. The TCB is the ________________ within a computer system that work together to enforce a security policy.
Totality of protection mechanisms
Physical security
Trusted Distribution
Trusted hardware - Software and Firmware
21. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
B1
The Evaluated Products List (EPL) with their corresponding rating
An abstract machine
Ring 1
22. In Access Control terms it means to be higher than or equal to. In the Bell-Lapadula Model - this is refered to as the dominance relation - which is the relationship of the subject's clearance to the object's classification
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
23. What does the simple integrity axiom mean in the Biba model?
International Standard 15408
No read down
Logical addresses
A Layered Operating System Architecure
24. According to the Orange Book - trusted facility management is not required for which security levels?
C2 - Controlled Access Protection
NOT Integrity
B1
A1
25. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
Sensitivity labels
Multilevel Security Policies
The security perimeter
Absolute addresses
26. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
Security mechanisms and evalautes their effectivenes
Trusted Distribution
C2
Direct addressing
27. Should always trace to individuals responsible for observing and recording the data
Complex Instruction Set Computers (CISC)
Attributable data
A Domain
Pipelining
28. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?
Orange Book - A1
The TCSEC - Aka Orange Book
The security perimeter
Execution Domain
29. Can be erased - modified and upgraded.
Orange Book C
A single classification and a Compartment Set
The Trusted Computing Base (TCB)
Erasable and Programmable Read-Only Memory (EPROM)
30. Mediates all access and Functions between subjects and objects.
Clark-Wilson
The Security Kernel
Buffer (temporary data storage area)
The National Computer Security Center (NCSC)
31. Which addresses a portion of the primary memory by specifying the actual address of the memory location?
Direct Addressing
The security perimeter
Evaluated separately
Orange Book - B1
32. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
A Layered Operating System Architecure
Life-cycle assurance - O/B
security protection mechanisms
The National Computer Security Center (NCSC)
33. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
State machine model
B1 - Labeled Security rating
Indexed addressing
B2 rating
34. A Policy based control. All objects and systems have a sensitivity level assigned to them
Mandatory Access Control (MAC)
Scalar processors
Its classification label (Top Secret - Secret or confidential)
Attributable - original - accurate - contemporaneous and legible
35. Mandatory Access requires that _____________ be attached to all objects.
Sensitivity labels
Orange Book - B1
Security rating B
Highly secure systems (B2 - B3 and A1)
36. In the Bell-LaPadula Model the Subject's Label contains ___________________.
The Red Book
Clark-Wilson Model
Its Clearance Label (Top Secret - Secret - or Confidential)
Secondary Storage
37. The reserved hard drive space used to Extend RAM capabilities. Windows system use the pagefile.sys file to reserve this space
A Domain
Swap Space
Its Clearance Label (Top Secret - Secret - or Confidential)
C2
38. A system uses the Reference Monitor to ___________________ of a subject and an object?
D
Compare the security labels
Labels - Orange Book
Most commonly used approach
39. The Orange book requires protection against two_____________ - which are these Timing and Storage
Types of covert channels
Life-cycle assurance - O/B
Stored in Reak Memory
Division C - Discretionary Protection
40. When the RAM and secondary storage are combined the result is __________.
Life Cycle Assurance Requirement
Simple Security Rule
Virtual Memory
The Monolithic Operation system Architecture
41. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
Division B - Mandatory Protection Architecture
Protection Rings Support
The Strong star property rule
The Security Kernel
42. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.
Buffer (temporary data storage area)
The Strong star property rule
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Access Matrix model
43. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.
Covert channels
In C2 - Controlled Access Protection environment
The Security Kernel
Simple Integrity Axiom
44. In ______________ the subject must have: Need to Know for ALL the information contained within the system.
Dedicated Security Mode
Virtual storage
B3 - Rating
Higher or equal to access class
45. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
Totality of protection mechanisms
The Clark Wilson integrity model
B1 - Labeled Security
Ring 2
46. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
The "No read Up" rule
Orange Book - D
A Thread
Division D - Minimal Protection
47. Used by Windows systems to reserve the "Swap Space"
Dominate the object's sensitivity label
Trusted facility management
A lattice of Intergrity Levels
Pagefile.sys file
48. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
All Mandatory Access Control (MAC) systems
Multilevel Security Policies
Files - directories and devices
International Standard 15408
49. Intended for environments that require systems to handle classified data.
Trusted Network Interpretation (TNI)
attributability
B1 - Labeled Security rating
Multitasking
50. The security kernel is the mechanism that _____________ of the reference monitor concept.
Totality of protection mechanisms
Enforces the rules
Integrity
State machine model
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests