SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which is an ISO standard product evaluation criteria that supersedes several different criteria
Orange Book B
The Common Criteria
Ring 3
Prevent secret information from being accessed
2. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
The Red Book
Models concerned with integrity
Process isolation
Thrashing
3. Trusted facility management is an assurance requirement only for ________________.
The security perimeter
Execution Domain
Highly secure systems (B2 - B3 and A1)
No read down
4. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?
Trusted hardware - Software and Firmware
Pagefile.sys file
B3
The security perimeter
5. Based on a known address with an offset value applied.
A1
Ring 2
Relative Addresses
Primary storage
6. Levels of Security and Levels of Trust Lower Letters of the alphabet represent higher levels of security. Higher numbers indicate a greater level of trust.
Orange Book ratings
Orange Book - B1
First evaluation class
Be protected from modification
7. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
B3 - Security Domains
A1
Multitasking
Trusted hardware - Software and Firmware
8. Which is a straightforward approach that provides access rights to subjects for objects?
B3 - Security Domains
Access Matrix model
Protection Rings Support
B3 - Rating
9. What prevents a process from accessing another process' data?
Process isolation
Trusted hardware - Software and Firmware
Security mechanisms and evalautes their effectivenes
B2
10. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.
The TCSEC - Aka Orange Book
Secondary Storage
Pipelining
The Biba Model
11. Which in the Orange Book ratings represents the highest level of trust?
Orange Book C
A security kernel
B2
TCB (Trusted Computing Base)
12. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.
Operational assurance requirements
The Rule is talking about writing
Scalar processors
B1
13. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
The Tranqulity principle (The Bell-LaPadula Model)
Certification
Firmware
Direct Addressing
14. The Bell-LaPadula Model is a _______________.
The National Computer Security Center (NCSC)
The Rule is talking about writing
Subject to Object Model
B1 - Labeled Security rating
15. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
Division B - Mandatory Protection Architecture
Life Cycle Assurance Requirement
Integrity
Accountability - Orange Book
16. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Evaluated separately
C1 - Discretionary Security Protection
The "No read Up" rule
Trusted Network Interpretation (TNI)
17. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
The National Computer Security Center (NCSC)
Attributable - original - accurate - contemporaneous and legible
A security kernel
Sensitivity labels
18. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
Prohibits
The security perimeter
D
Multitasking
19. In the Bell-LaPadula Model the Subject's Label contains ___________________.
B1
Its Clearance Label (Top Secret - Secret - or Confidential)
The Integrity of data within applications
Bell-LaPadula Model
20. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
The reference monitor
C1 - Discretionary Security Protection
A security domain
The Trusted Computing Base (TCB)
21. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
Labels - Orange Book
Models concerned with integrity
C2 - Controlled Access Protection
Orange Book - B1
22. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.
Execution Domain
The National Computer Security Center (NCSC)
Division D - Minimal Protection
System High Security Mode
23. TCB contains The Security Kernel and all ______________.
Highly secure systems (B2 - B3 and A1)
security protection mechanisms
C2
A Thread
24. The security kernel is the mechanism that _____________ of the reference monitor concept.
Enforces the rules
Networks and Communications
Fail safe
Clark-Wilson
25. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?
Models concerned with integrity
C1 - Discretionary Security Protection
Fail safe
Attributable - original - accurate - contemporaneous and legible
26. What does the simple integrity axiom mean in the Biba model?
Disclosure of residual data
Physical security
No read down
Clark-Wilson Model
27. Minimal Security
Constrained
Orange Book - D
Orange Book - B1
Cache Memory
28. All users have a clearance for and a formal need to know about - all data processed with the system.
Primary storage
Dedicated Security Mode
The Security Kernel
Dominate the object's sensitivity label
29. What is called the formal acceptance of the adequacy of a system's overall security by management?
Accreditation
Absolute addresses
Simple Security Rule
The "No read Up" rule
30. Should always trace to individuals responsible for observing and recording the data
Attributable data
*-Integrity Axiom
A Domain
Direct Addressing
31. What does the Clark-Wilson security model focus on
Integrity
No read up
The Trusted Computing Base (TCB)
Dedicated Security Mode
32. Audit data must be captured and protected to enforce accountability
The Tranqulity principle (The Bell-LaPadula Model)
The *-Property rule (Star property)
Accountability - Orange Book
Need-to-know
33. The Indexed memory addresses that software uses
A Layered Operating System Architecure
B2
Logical addresses
Types of covert channels
34. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Its classification label (Top Secret - Secret or confidential)
The National Computer Security Center (NCSC)
Continuous protection - O/B
35. When the address location that is specified in the program instruction contains the address of the final desired location.
Models concerned with integrity
Indirect addressing
Mandatory Access Control (MAC)
Orange Book - B1
36. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.
Access control to the objects by the subjects
First evaluation class
C1 - Discrection Security Protection is a type of environment
A security domain
37. The total combination of protection mechanisms within a computer system
TCB (Trusted Computing Base)
C2 - Controlled Access Protection
Orange Book ratings
Mandatory Access Control (MAC)
38. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)
Integrity
The security kernel
Dedicated Security Mode
Firmware
39. In access control terms - the word "dominate" refers to ___________.
Dedicated Security Mode
Higher or equal to access class
Simple Integrity Axiom
Need-to-know
40. The Policy must be explicit and well defined and enforced by the mechanisms within the system
Security Policy - Orange Book
In C2 - Controlled Access Protection environment
Cache Memory
NOT Integrity
41. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
*-Integrity Axiom
Enforces the rules
B1 - Labeled Security rating
C2
42. What are the components of an object's sensitivity label?
Dominate the object's sensitivity label
A single classification and a Compartment Set
System High Security Mode
Evaluated separately
43. Can be erased - modified and upgraded.
Direct addressing
C2
Storage and timing
Erasable and Programmable Read-Only Memory (EPROM)
44. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.
NOT Integrity
Administrative declaration
Disclosure of residual data
The Trusted Computing Base (TCB)
45. Users need to be Identified individually to provide more precise acces control and auditing functionality.
Orange Book interpretations
No read down
Basic Security Theorem (used in computer science) definition
C2 - Controlled Access Protection
46. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
Orange Book - A1
Storage and timing
Swap Space
In C2 - Controlled Access Protection environment
47. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
Execution Domain
Invocation Property
Constrained
Documentation - Orange Book
48. The Red Book aka Trusted Network Interpretation (TNI) - provides _________________ for Trusted computer and communications network systems under the areas of assurance requirements
A Layered Operating System Architecure
Orange Book interpretations
Accountability - Orange Book
Fail safe
49. When a portion of primary memory is accessed by specifying the actual address of the memory location
The Common Criteria
Administrative declaration
Overt channel
Direct addressing
50. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.
Totality of protection mechanisms
B3 - Rating
No read up
Covert channels
