Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain






2. In both the Bell-LaPadula and Biba Models if the word "* or Star is used - _______________.






3. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.






4. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.






5. Contains the ending address






6. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)






7. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.






8. Permits a database to have two records that are identical except for Their classifications






9. Succesfully Evaluated products are placed on?






10. What does the * (star) property mean in the Bell-LaPadula model?






11. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.






12. A subject at a given clearance may not read an object at a higher classification






13. The *-Property rule is refered to as ____________.






14. The Bell-LaPadula Model is a _______________.






15. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.






16. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection






17. Subjects and Objects cannot change their security levels once they have been instantiated (created)






18. A domain of trust that shares a single security policy and single management






19. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?






20. Contains the beginning address






21. The Availability - Integrity and confidentiality requirements of multitasking operating systems






22. An organization within the National Security Agency (NSA) is responsible for Evaluating computer systems and products. The Trusted Product Evaluation program (TPEP) oversees the testing by approved entities of commercial products against a specific s






23. The combination of RAM - Cache and the Processor Registers






24. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?






25. Levels of Security and Levels of Trust Lower Letters of the alphabet represent higher levels of security. Higher numbers indicate a greater level of trust.






26. Bell-LaPadula model was proposed for enforcing access control in _____________________.






27. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system






28. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?






29. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?






30. The TCB is the ________________ within a computer system that work together to enforce a security policy.






31. Execute one instruction at a time.






32. Access control labels must be associated properly with objects.






33. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma






34. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.






35. All users have a clearance for and a formal need to know about - all data processed with the system.






36. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.






37. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.






38. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.






39. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu






40. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object






41. The C2 evaluation class of the _________________ offers controlled access protection.






42. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.






43. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.






44. Used by Windows systems to reserve the "Swap Space"






45. Which is a straightforward approach that provides access rights to subjects for objects?






46. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.






47. What does the simple security (ss) property mean in the Bell-LaPadula model?






48. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.






49. For a subject to have read access to an object in a Multi-Level Security Policy - it is necessary that the subject's sensitivity label must ____________________.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


50. Mandatory access control is enfored by the use of security labels.