SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
No read down
B2 rating
C2
Pagefile.sys file
2. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
Multitasking
The Clark Wilson integrity model
Dedicated Security Mode
Files - directories and devices
3. Permits a database to have two records that are identical except for Their classifications
Trusted Products Evaluation Program (TPEP)
The trustworthiness of an information system
Dedicated Security Mode
Polyinstantiation
4. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
Be protected from modification
Government and military applications
International Standard 15408
Clark-Wilson
5. Can be erased - modified and upgraded.
Orange Book B
Pipelining
Erasable and Programmable Read-Only Memory (EPROM)
C1 - Discrection Security Protection is a type of environment
6. Which in the Orange Book ratings represents the highest level of trust?
Secondary Storage
B2
B3 - Rating
The trustworthiness of an information system
7. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
B1
System High Security Mode
A1 - Rating
Reduced Instruction Set Computers (RISC)
8. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.
Execution Domain
B3
Most commonly used approach
Networks and Communications
9. The reserved hard drive space used to Extend RAM capabilities. Windows system use the pagefile.sys file to reserve this space
The security kernel
C2 - Controlled Access Protection
Swap Space
Firmware
10. As per FDA data should be ______________________________.
Real storage
Division C - Discretionary Protection
Attributable - original - accurate - contemporaneous and legible
Programmable Read-Only Memory (PROM)
11. Contains an Address of where the instruction and dara reside that need to be processed.
Assigned labels
B3
The Thread (memory Management)
The Strong star property rule
12. The security kernel is the mechanism that _____________ of the reference monitor concept.
Enforces the rules
Secondary Storage
Integrity
A1
13. Remaining parts of the operating system
Attributable data
Ring 1
Scalar processors
The Common Criteria
14. The Orange book requires protection against two_____________ - which are these Timing and Storage
State machine model
Types of covert channels
Models concerned with integrity
Networks and Communications
15. Which describe a condition when RAM and Secondary storage are used together?
Need-to-know
Polyinstantiation
The National Computer Security Center (NCSC)
Virtual storage
16. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?
The TCSEC - Aka Orange Book
B2 rating
Controlling unauthorized downgrading of information
Physical security
17. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
Totality of protection mechanisms
The security kernel
Ring 3
D
18. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
The Security Kernel
Scalar processors
Need-to-know
Life-cycle assurance - O/B
19. Succesfully Evaluated products are placed on?
Buffer (temporary data storage area)
Networks and Communications
Models concerned with integrity
The Evaluated Products List (EPL) with their corresponding rating
20. Using TPs (Transformation Procedures) to modify CDIs (Constrained Data) items is refered to as Well-Formed transaction
Cache Memory
Be protected from modification
Clark-Wilson Model
Erasable and Programmable Read-Only Memory (EPROM)
21. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.
Overt channel
Multitasking
The Evaluated Products List (EPL) with their corresponding rating
State machine model
22. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
An abstract machine
Life-cycle assurance - O/B
Ring 0
Bell-LaPadula Model
23. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
No read up
System High Security Mode
Certification
Evaluated separately
24. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.
Life Cycle Assurance Requirement
The *-Property rule (Star property)
Enforces the rules
B3
25. Based on a known address with an offset value applied.
Relative Addresses
'Dominate'
Highly secure systems (B2 - B3 and A1)
Attributable data
26. Contains the beginning address
Most commonly used approach
Clark-Wilson
A Base Register (Memory Management)
Documentation - Orange Book
27. Operating System Kernel
Ring 0
Cache Memory
Trusted hardware - Software and Firmware
Compare the security labels
28. Individual subjects must be uniquely identified.
Identification - Orange Book
A1
Evaluated separately
Controls the checks
29. Subjects and Objects cannot change their security levels once they have been instantiated (created)
Storage and timing
The Tranqulity principle (The Bell-LaPadula Model)
Ring 0
Ring 3
30. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
Indirect addressing
C1 - Discretionary Security Protection
No read up
Polyinstantiation
31. Minimal Security
Mandatory Access Control (MAC)
Orange Book - B2
Continuous protection - O/B
Orange Book - D
32. Which would be designated as objects on a MAC system?
Files - directories and devices
*-Integrity Axiom
B1 - Labeled Security
Multilevel Security Policies
33. When a computer uses more than one CPU in parallel to execute instructions is known as?
Multiprocessing
Highly secure systems (B2 - B3 and A1)
A security domain
Totality of protection mechanisms
34. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.
Physical security
The Integrity of data within applications
C2 - Controlled Access Protection
C2
35. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
Prohibits
Orange Book - B3
The Red Book
B3
36. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
Basic Security Theorem (used in computer science) definition
Stored in Reak Memory
A security kernel
Mandatory access control
37. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
Trusted hardware - Software and Firmware
A security kernel
A Thread
C2
38. Happen because input data is not checked for appropriate length at time of input
Operational assurance requirements
Buffer overflows
An abstract machine
Assigned labels
39. When a vendor submits a product for evaluation - it submits it to the ____________.
The National Computer Security Center (NCSC)
The Evaluated Products List (EPL) with their corresponding rating
Enforces the rules
The Red Book
40. The total combination of protection mechanisms within a computer system
TCB (Trusted Computing Base)
Cache Memory
C2 - Controlled Access Protection
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
41. What is called the formal acceptance of the adequacy of a system's overall security by management?
Indirect addressing
Life Cycle Assurance Requirement
Accreditation
The Monolithic Operation system Architecture
42. A1 is also called "Verified Design" and requires formal verification of the design and specifications.
Division B - Mandatory Protection Architecture
Ring 2
Thrashing
Orange Book - A1
43. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
Storage and timing
The security perimeter
Reduced Instruction Set Computers (RISC)
Trusted Network Interpretation (TNI)
44. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.
Trusted hardware - Software and Firmware
Orange Book interpretations
Execution Domain
Orange Book - D
45. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
Pipelining
Controlling unauthorized downgrading of information
Security mechanisms and evalautes their effectivenes
B1 - Labeled Security
46. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.
Trusted Products Evaluation Program (TPEP)
B3
Orange Book - B2
Life Cycle Assurance Requirement
47. Bell-LaPadula model was proposed for enforcing access control in _____________________.
B2 - Structured Protection
Government and military applications
Orange Book - A1
No read up
48. Each data object must contain a classification label and each subject must have a clearance label.
Primary storage
C1 - Discrection Security Protection is a type of environment
B1 - Labeled Security
C1
49. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
Trusted Distribution
C1 - Discrection Security Protection is a type of environment
NOT Integrity
Process isolation
50. The combination of RAM - Cache and the Processor Registers
Security Policy
Primary storage
Multitasking
Trusted hardware - Software and Firmware
