Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.






2. The first mathematical model of a multi-level security policy used to define the concept of a secure state - the modes of access - and rules for granting access?






3. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.






4. Subjects and Objects cannot change their security levels once they have been instantiated (created)






5. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data






6. Which would be designated as objects on a MAC system?






7. Execute one instruction at a time.






8. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.






9. Which can be used as a covert channel?






10. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity






11. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.






12. Verification Protection






13. When a vendor submits a product for evaluation - it submits it to the ____________.






14. Involves sharing the processor amoung all ready processes






15. A subject at a given clearance may not read an object at a higher classification






16. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)






17. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.






18. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.






19. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.






20. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.






21. The total combination of protection mechanisms within a computer system






22. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.






23. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards






24. What does the simple security (ss) property mean in the Bell-LaPadula model?






25. Which Orange Book evaluation level is described as "Discretionary Security Protection"?






26. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use






27. The Policy must be explicit and well defined and enforced by the mechanisms within the system






28. The combination of RAM - Cache and the Processor Registers






29. Operating System Kernel






30. Mandatory Protection






31. Mandatory access control is enfored by the use of security labels.






32. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.






33. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.






34. What is called the formal acceptance of the adequacy of a system's overall security by management?






35. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?






36. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when






37. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection






38. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.






39. What does the * (star) property mean in the Bell-LaPadula model?






40. What does the Clark-Wilson security model focus on






41. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?






42. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise






43. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?






44. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.






45. A1 is also called "Verified Design" and requires formal verification of the design and specifications.






46. Users need to be Identified individually to provide more precise acces control and auditing functionality.






47. Which TCSEC level first addresses object reuse?






48. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.






49. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.






50. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests