SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Using TPs (Transformation Procedures) to modify CDIs (Constrained Data) items is refered to as Well-Formed transaction
Ring 3
*-Integrity Axiom
Clark-Wilson Model
Isolate processes
2. Bell-LaPadula Model -______________: A subject in a given security level can NOT WRITE information to a LOWER security level.
Process isolation
Fail safe
Clark-Wilson Model
The *-Property rule (Star property)
3. The group that oversees the processes of evaluation within TCSEC is?
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Trusted Products Evaluation Program (TPEP)
B2 - Structured Protection
A Domain
4. What prevents a process from accessing another process' data?
All Mandatory Access Control (MAC) systems
Process isolation
Orange Book interpretations
International Standard 15408
5. Which would be designated as objects on a MAC system?
Files - directories and devices
Security Policy is clearly defined and documented
Discretionary Security Property (ds-property)
*-Integrity Axiom
6. Components considered as part of the Trusted Computing Base (from the Orange Book) are?
A Thread
Trusted hardware - Software and Firmware
Scalar processors
B1
7. Bell-LaPadula model was proposed for enforcing access control in _____________________.
Protection Rings Support
The Security Kernel
Constrained
Government and military applications
8. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
All Mandatory Access Control (MAC) systems
Swap Space
Ring 0
Controls the checks
9. When the RAM and secondary storage are combined the result is __________.
A lattice of Intergrity Levels
Virtual Memory
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Direct Addressing
10. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.
C2
B2 rating
Certification
Basic Security Theorem (used in computer science) definition
11. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
Integrity
Certification
A single classification and a Compartment Set
Dedicated Security Mode
12. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
A and B
Compare the security labels
Prohibits
Orange Book A
13. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle
Accreditation
Complex Instruction Set Computers (CISC)
Bell-LaPadula Model
Attributable data
14. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.
Reduced Instruction Set Computers (RISC)
Basic Security Theorem (used in computer science) definition
Administrative declaration
The security perimeter
15. What does the * (star) property mean in the Bell-LaPadula model?
Fail safe
No write down
Programmable Read-Only Memory (PROM)
Clark-Wilson
16. Each data object must contain a classification label and each subject must have a clearance label.
C1 - Discretionary Security Protection
*-Integrity Axiom
B1 - Labeled Security
Implement software or systems in a production environment
17. Which is a straightforward approach that provides access rights to subjects for objects?
Types of covert channels
Access Matrix model
Buffer (temporary data storage area)
C1 - Discrection Security Protection is a type of environment
18. What model use an access control triples and requires that the system maintain separation of duty ?
Orange Book - B3
Division B - Mandatory Protection
Clark-Wilson
security protection mechanisms
19. The first mathematical model of a multi-level security policy used to define the concept of a secure state - the modes of access - and rules for granting access?
B3
Government and military applications
B1
Bell-LaPadula Model
20. Execute one instruction at a time.
Scalar processors
Labels - Orange Book
The Red Book
The TCSEC - Aka Orange Book
21. The subject must have Need to Know for ONLY the information they are trying to access.
The security kernel
System High Security Mode
In C2 - Controlled Access Protection environment
C1 - Discrection Security Protection is a type of environment
22. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.
State machine model
Need-to-know
Its Clearance Label (Top Secret - Secret - or Confidential)
B3 - Rating
23. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.
Operational assurance requirements
The TCSEC - Aka Orange Book
Execution Domain
Covert channels
24. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
An abstract machine
Trusted facility management
Buffer overflows
Covert channels
25. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
Be protected from modification
Accountability - Orange Book
The Evaluated Products List (EPL) with their corresponding rating
The "No write Down" Rule
26. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
State machine model
The Thread (memory Management)
Invocation Property
Division D - Minimal Protection
27. A domain of trust that shares a single security policy and single management
Life Cycle Assurance Requirement
Absolute addresses
The Biba Model
A security domain
28. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain
Constrained
Mandatory access control
Multiprocessing
Indexed addressing
29. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.
Models concerned with integrity
Bell-LaPadula Model
B3 - Rating
Trusted facility management
30. The Policy must be explicit and well defined and enforced by the mechanisms within the system
All Mandatory Access Control (MAC) systems
Life-cycle assurance - O/B
Security Policy - Orange Book
Discretionary Security Property (ds-property)
31. What is called the formal acceptance of the adequacy of a system's overall security by management?
Accreditation
Trusted Products Evaluation Program (TPEP)
A and B
Security Policy - Orange Book
32. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.
System High Security Mode
Absolute addresses
Physical security
C1 - Discrection Security Protection is a type of environment
33. Used by Windows systems to reserve the "Swap Space"
Pagefile.sys file
Orange Book - D
Most commonly used approach
Virtual Memory
34. When the address location that is specified in the program instruction contains the address of the final desired location.
Reduced Instruction Set Computers (RISC)
Indirect addressing
Process isolation
The National Computer Security Center (NCSC)
35. Mediates all access and Functions between subjects and objects.
The Security Kernel
Ring 2
Indirect addressing
Accountability - Orange Book
36. Based on a known address with an offset value applied.
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Government and military applications
Attributable data
Relative Addresses
37. The Simple Security rule is refered to as______________.
In C2 - Controlled Access Protection environment
The "No read Up" rule
International Standard 15408
Pagefile.sys file
38. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.
Orange Book - A1
A Layered Operating System Architecure
The rule is talking about "Reading"
Buffer (temporary data storage area)
39. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
A security domain
Disclosure of residual data
Division B - Mandatory Protection Architecture
Security mechanisms and evalautes their effectivenes
40. The Bell-LaPadula model Subjects and Objects are ___________.
Administrative declaration
Primary storage
Assigned labels
B2
41. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
Discretionary Security Property (ds-property)
Orange Book C
A security kernel
B2
42. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
A Layered Operating System Architecure
Prevent secret information from being accessed
Virtual storage
Clark-Wilson Model
43. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
No write down
In C2 - Controlled Access Protection environment
Ring 0
Relative Addresses
44. The Biba Model adresses _____________________.
A Base Register (Memory Management)
The Tranqulity principle (The Bell-LaPadula Model)
In C2 - Controlled Access Protection environment
The Integrity of data within applications
45. The *-Property rule is refered to as ____________.
Access Matrix model
The "No write Down" Rule
Virtual Memory
Erasable and Programmable Read-Only Memory (EPROM)
46. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
Be protected from modification
B3 - Rating
C2
attributability
47. Remaining parts of the operating system
B3 - Security Domains
Most commonly used approach
The trustworthiness of an information system
Ring 1
48. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.
Security Policy
The Evaluated Products List (EPL) with their corresponding rating
Need-to-know
C2
49. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
Indirect addressing
A Thread
The Monolithic Operation system Architecture
Indexed addressing
50. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.
Enforces the rules
The Strong star property rule
Protection Rings Support
C2 - Controlled Access Protection
