SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.
The National Computer Security Center (NCSC)
Direct Addressing
Continuous protection - O/B
Implement software or systems in a production environment
2. The Orange book requires protection against two_____________ - which are these Timing and Storage
Types of covert channels
Orange Book interpretations
The National Computer Security Center (NCSC)
Erasable and Programmable Read-Only Memory (EPROM)
3. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object
Mandatory Access Control (MAC)
Access control to the objects by the subjects
Basic Security Theorem (used in computer science) definition
A1
4. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma
All Mandatory Access Control (MAC) systems
Discretionary Security Property (ds-property)
Security mechanisms and evalautes their effectivenes
A Domain
5. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
Overt channel
Highly secure systems (B2 - B3 and A1)
A and B
Multitasking
6. What prevents a process from accessing another process' data?
Attributable - original - accurate - contemporaneous and legible
Simple Security Rule
Multitasking
Process isolation
7. A domain of trust that shares a single security policy and single management
The Red Book
A security domain
Totality of protection mechanisms
The National Computer Security Center (NCSC)
8. Data in Cache can be accessed much more quickly than Data
The Red Book
Stored in Reak Memory
Trusted Products Evaluation Program (TPEP)
Dedicated Security Mode
9. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.
C2
attributability
Execution Domain
Compare the security labels
10. TCSEC provides a means to evaluate ______________________.
Thrashing
Dedicated Security Mode
A Thread
The trustworthiness of an information system
11. Verification Protection
The security perimeter
Orange Book A
Higher or equal to access class
Ring 3
12. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
Dedicated Security Mode
Be protected from modification
System High Security Mode
A single classification and a Compartment Set
13. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Security Policy is clearly defined and documented
B3
Evaluated separately
Overt channel
14. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
Pagefile.sys file
The security perimeter
NOT Integrity
Division C - Discretionary Protection
15. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use
Relative Addresses
Controls the checks
A1
Examples of Layered Operating Systems
16. The *-Property rule is refered to as ____________.
The "No write Down" Rule
The TCSEC - Aka Orange Book
Dedicated Security Mode
A and B
17. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.
Ring 1
Scalar processors
The rule is talking about "Reading"
Division C - Discretionary Protection
18. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
D
Fail safe
All Mandatory Access Control (MAC) systems
B3 - Security Domains
19. What access control technique is also known as multilevel security?
The Common Criteria
Mandatory access control
Division C - Discretionary Protection
Orange Book A
20. In ______________ the subject must have: Need to Know for ALL the information contained within the system.
Dedicated Security Mode
Access control to the objects by the subjects
Its Clearance Label (Top Secret - Secret - or Confidential)
Continuous protection - O/B
21. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.
Programmable Read-Only Memory (PROM)
Process isolation
Government and military applications
C1 - Discretionary Security Protection
22. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
Logical addresses
Its Clearance Label (Top Secret - Secret - or Confidential)
B2 - Structured Protection
Life-cycle assurance - O/B
23. The Orange book does NOT Cover ________________ - And Database management systems
Networks and Communications
Totality of protection mechanisms
The Clark Wilson integrity model
Fail safe
24. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.
The security kernel
Security mechanisms and evalautes their effectivenes
Multilevel Security Policies
Orange Book C
25. When the address location that is specified in the program instruction contains the address of the final desired location.
Multiprocessing
The trustworthiness of an information system
Indirect addressing
Division B - Mandatory Protection
26. What are the components of an object's sensitivity label?
The National Computer Security Center (NCSC)
C1
Stored in Reak Memory
A single classification and a Compartment Set
27. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.
Orange Book - B2
Orange Book - A1
NOT Integrity
Clark-Wilson
28. The Simple Security rule is refered to as______________.
Clark-Wilson Model
Virtual storage
The "No read Up" rule
Constrained
29. Components considered as part of the Trusted Computing Base (from the Orange Book) are?
Programmable Read-Only Memory (PROM)
Invocation Property
Pagefile.sys file
Trusted hardware - Software and Firmware
30. A type of memory used for High-speed writing and reading activities.
Multiprocessing
Cache Memory
A Limit Register (Memory Management)
Basic Security Theorem (used in computer science) definition
31. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
Orange Book - B2
'Dominate'
In C2 - Controlled Access Protection environment
Attributable data
32. Permits a database to have two records that are identical except for Their classifications
Operational assurance requirements
Polyinstantiation
Trusted facility management
A1 - Rating
33. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards
Administrative declaration
Virtual Memory
Be protected from modification
Trusted Network Interpretation (TNI)
34. All users have a clearance for and a formal need to know about - all data processed with the system.
security protection mechanisms
The Trusted Computing Base (TCB)
Dedicated Security Mode
Overt channel
35. The Reserved hard drive space used to to extend RAM capabilites.
Subject to Object Model
Swap Space
TCB (Trusted Computing Base)
A Layered Operating System Architecure
36. Should always trace to individuals responsible for observing and recording the data
Attributable data
Trusted Products Evaluation Program (TPEP)
The Simple Security Property
Clark-Wilson
37. Mediates all access and Functions between subjects and objects.
The Security Kernel
Complex Instruction Set Computers (CISC)
Firmware
The *-Property rule (Star property)
38. A subject at a given clearance may not read an object at a higher classification
C2
Networks and Communications
The Simple Security Property
The reference monitor
39. Which TCSEC level first addresses object reuse?
A1
Mandatory Access Control (MAC)
C2
Trusted Distribution
40. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
The *-Property rule (Star property)
Clark-Wilson
C1
The Clark Wilson integrity model
41. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
Security Policy - Orange Book
Orange Book - B2
A lattice of Intergrity Levels
All Mandatory Access Control (MAC) systems
42. Audit data must be captured and protected to enforce accountability
Dedicated Security Mode
The rule is talking about "Reading"
Accountability - Orange Book
The security perimeter
43. What is called the formal acceptance of the adequacy of a system's overall security by management?
Complex Instruction Set Computers (CISC)
Isolate processes
Accreditation
The Clark Wilson integrity model
44. Users need to be Identified individually to provide more precise acces control and auditing functionality.
B2 rating
C2 - Controlled Access Protection
Cache Memory
Its classification label (Top Secret - Secret or confidential)
45. According to the Orange Book - trusted facility management is not required for which security levels?
B1
Execution Domain
The "No write Down" Rule
Documentation - Orange Book
46. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
C1 - Discretionary Security Protection
Virtual Memory
B3
Ring 1
47. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs
The *-Property rule (Star property)
Buffer overflows
Secondary Storage
The Biba Model
48. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
Integrity
No read up
A1 - Rating
An abstract machine
49. When a vendor submits a product for evaluation - it submits it to the ____________.
The National Computer Security Center (NCSC)
Invocation Property
System High Security Mode
The Common Criteria
50. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
Trusted facility management
security protection mechanisms
Controlling unauthorized downgrading of information
A Limit Register (Memory Management)
