SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Verification Protection
Primary storage
Orange Book A
B3 - Rating
Overt channel
2. An organization within the National Security Agency (NSA) is responsible for Evaluating computer systems and products. The Trusted Product Evaluation program (TPEP) oversees the testing by approved entities of commercial products against a specific s
The Clark Wilson integrity model
The National Computer Security Center (NCSC)
Isolate processes
Firmware
3. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.
Life Cycle Assurance Requirement
Administrative declaration
Access Matrix model
State machine model
4. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
Physical security
Orange Book - B3
Programmable Read-Only Memory (PROM)
State machine model
5. Operating System Kernel
Orange Book interpretations
Fail safe
Orange Book - B2
Ring 0
6. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.
Orange Book - B1
D
Secondary Storage
Primary storage
7. When the contents of the address defined in the program's instruction is added to that of an index register.
C2 - Controlled Access Protection
The Strong star property rule
Indexed addressing
C1 - Discrection Security Protection is a type of environment
8. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
Multiprocessing
Life-cycle assurance - O/B
Operational assurance requirements
Direct Addressing
9. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
State machine model
Scalar processors
Models concerned with integrity
Trusted Distribution
10. What model use an access control triples and requires that the system maintain separation of duty ?
Dedicated Security Mode
A security kernel
Clark-Wilson
Covert channels
11. Which in the Orange Book ratings represents the highest level of trust?
Documentation - Orange Book
Mandatory access control
A Thread
B2
12. When a computer uses more than one CPU in parallel to execute instructions is known as?
Multiprocessing
A lattice of Intergrity Levels
B1 - Labeled Security
A and B
13. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)
Trusted hardware - Software and Firmware
*-Integrity Axiom
B3
Stored in Reak Memory
14. Execute one instruction at a time.
Scalar processors
Orange Book interpretations
Division D - Minimal Protection
Discretionary Security Property (ds-property)
15. What does the simple integrity axiom mean in the Biba model?
No read down
Clark-Wilson Model
Simple Security Rule
Erasable and Programmable Read-Only Memory (EPROM)
16. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
Examples of Layered Operating Systems
Complex Instruction Set Computers (CISC)
A security kernel
Process isolation
17. According to the Orange Book - trusted facility management is not required for which security levels?
Ring 0
Administrative declaration
The trustworthiness of an information system
B1
18. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards
Administrative declaration
A Layered Operating System Architecure
Stored in Reak Memory
Security Policy is clearly defined and documented
19. What prevents a process from accessing another process' data?
Controls the checks
A security kernel
Process isolation
Orange Book - B1
20. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
Complex Instruction Set Computers (CISC)
B2 rating
A Thread
The Strong star property rule
21. Happen because input data is not checked for appropriate length at time of input
Complex Instruction Set Computers (CISC)
Buffer overflows
The Thread (memory Management)
Covert channels
22. The Indexed memory addresses that software uses
Logical addresses
Orange Book - D
International Standard 15408
The security perimeter
23. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use
C1
Erasable and Programmable Read-Only Memory (EPROM)
Examples of Layered Operating Systems
State machine model
24. Which can be used as a covert channel?
Buffer overflows
The Monolithic Operation system Architecture
Storage and timing
Simple Integrity Axiom
25. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.
Subject to Object Model
Covert channels
Disclosure of residual data
Isolate processes
26. Which is an ISO standard product evaluation criteria that supersedes several different criteria
The Common Criteria
The trustworthiness of an information system
TCB (Trusted Computing Base)
Mandatory access control
27. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.
No write down
security protection mechanisms
attributability
Examples of Layered Operating Systems
28. The Biba Model adresses _____________________.
The National Computer Security Center (NCSC)
A security kernel
The Integrity of data within applications
First evaluation class
29. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.
C1 - Discrection Security Protection is a type of environment
C2 - Controlled Access Protection
First evaluation class
B3 - Security Domains
30. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.
C2 - Controlled Access Protection
International Standard 15408
Division B - Mandatory Protection Architecture
'Dominate'
31. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m
C2 - Controlled Access Protection
No write down
Virtual Memory
Models concerned with integrity
32. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?
Fail safe
The Red Book
Attributable data
Administrative declaration
33. The first mathematical model of a multi-level security policy used to define the concept of a secure state - the modes of access - and rules for granting access?
The Trusted Computing Base (TCB)
Swap Space
Bell-LaPadula Model
Ring 3
34. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?
Orange Book C
Disclosure of residual data
The rule is talking about "Reading"
Division B - Mandatory Protection Architecture
35. The TCB is the ________________ within a computer system that work together to enforce a security policy.
Orange Book C
Totality of protection mechanisms
C2
Orange Book - D
36. The Policy must be explicit and well defined and enforced by the mechanisms within the system
Direct Addressing
Orange Book - A1
Security Policy - Orange Book
No write down
37. Simpler instructions that require fewer clock cycles to execute.
B2
B2 - Structured Protection
Reduced Instruction Set Computers (RISC)
The Trusted Computing Base (TCB)
38. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
Basic Security Theorem (used in computer science) definition
Multitasking
Isolate processes
Implement software or systems in a production environment
39. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
B1
C2 - Controlled Access Protection
A1 - Rating
Controls the checks
40. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
No read down
The security kernel
B2 - Structured Protection
Life Cycle Assurance Requirement
41. The reserved hard drive space used to Extend RAM capabilities. Windows system use the pagefile.sys file to reserve this space
No read down
Swap Space
Controlling unauthorized downgrading of information
Orange Book B
42. Contains the ending address
Totality of protection mechanisms
A Limit Register (Memory Management)
Security mechanisms and evalautes their effectivenes
Absolute addresses
43. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system
The security perimeter
The National Computer Security Center (NCSC)
The Monolithic Operation system Architecture
B3
44. Which TCSEC level first addresses object reuse?
C2
The Thread (memory Management)
B1 - Labeled Security rating
Security Policy - Orange Book
45. The Reserved hard drive space used to to extend RAM capabilites.
The National Computer Security Center (NCSC)
Division C - Discretionary Protection
Complex Instruction Set Computers (CISC)
Swap Space
46. The assignment of a specific individual to administer the security-related functions of a system.
Trusted facility management
The Evaluated Products List (EPL) with their corresponding rating
Thrashing
The "No write Down" Rule
47. In access control terms - the word "dominate" refers to ___________.
Polyinstantiation
The Security Kernel
Higher or equal to access class
Security mechanisms and evalautes their effectivenes
48. Each data object must contain a classification label and each subject must have a clearance label.
Protection Rings Support
All Mandatory Access Control (MAC) systems
B1 - Labeled Security
Accountability - Orange Book
49. Which increases the performance in a computer by overlapping the steps of different instructions?
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Pipelining
Constrained
Attributable - original - accurate - contemporaneous and legible
50. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
Mandatory Access Control (MAC)
security protection mechanisms
Its classification label (Top Secret - Secret or confidential)
An abstract machine
