SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In Access Control terms it means to be higher than or equal to. In the Bell-Lapadula Model - this is refered to as the dominance relation - which is the relationship of the subject's clearance to the object's classification
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
2. The Policy must be explicit and well defined and enforced by the mechanisms within the system
The security perimeter
Security Policy - Orange Book
attributability
C2
3. I/O drivers and utilities
Ring 2
The Integrity of data within applications
Orange Book - B1
Compare the security labels
4. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.
Networks and Communications
Basic Security Theorem (used in computer science) definition
Complex Instruction Set Computers (CISC)
Prohibits
5. Bell-LaPadula model was proposed for enforcing access control in _____________________.
Government and military applications
The reference monitor
Orange Book A
A security domain
6. A Policy based control. All objects and systems have a sensitivity level assigned to them
The Security Kernel
Buffer overflows
First evaluation class
Mandatory Access Control (MAC)
7. Based on a known address with an offset value applied.
Clark-Wilson
Relative Addresses
Virtual storage
Dominate the object's sensitivity label
8. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.
The National Computer Security Center (NCSC)
Disclosure of residual data
Physical security
Security mechanisms and evalautes their effectivenes
9. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.
Access Matrix model
Security mechanisms and evalautes their effectivenes
The Evaluated Products List (EPL) with their corresponding rating
attributability
10. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?
Logical addresses
The "No write Down" Rule
Fail safe
Division D - Minimal Protection
11. TCB contains The Security Kernel and all ______________.
Real storage
A Layered Operating System Architecure
security protection mechanisms
Bell-LaPadula Model
12. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs
Prevent secret information from being accessed
Ring 0
Secondary Storage
Protection Rings Support
13. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
A lattice of Intergrity Levels
Trusted Distribution
C2 - Controlled Access Protection
No read up
14. Contains an Address of where the instruction and dara reside that need to be processed.
Division C - Discretionary Protection
The Thread (memory Management)
Bell-LaPadula Model
Assigned labels
15. The Bell-LaPadula Model is a _______________.
Life-cycle assurance - O/B
The Thread (memory Management)
Subject to Object Model
NOT Integrity
16. A system uses the Reference Monitor to ___________________ of a subject and an object?
A single classification and a Compartment Set
Compare the security labels
C1 - Discretionary Security Protection
Enforces the rules
17. Verification Protection
Orange Book A
Controls the checks
The security kernel
Orange Book - A1
18. Subjects and Objects cannot change their security levels once they have been instantiated (created)
B3
The Tranqulity principle (The Bell-LaPadula Model)
Implement software or systems in a production environment
Multiprocessing
19. The security kernel is the mechanism that _____________ of the reference monitor concept.
Security rating B
C2 - Controlled Access Protection
Enforces the rules
B3
20. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.
The Biba Model
Highly secure systems (B2 - B3 and A1)
Isolate processes
Trusted Network Interpretation (TNI)
21. A1 is also called "Verified Design" and requires formal verification of the design and specifications.
The Rule is talking about writing
A Domain
Protection Rings Support
Orange Book - A1
22. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"
C2 - Controlled Access Protection
Trusted Network Interpretation (TNI)
Simple Integrity Axiom
Physical security
23. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object
Access Matrix model
Access control to the objects by the subjects
Buffer (temporary data storage area)
The TCSEC - Aka Orange Book
24. According to the Orange Book - trusted facility management is not required for which security levels?
Stored in Reak Memory
A and B
B1
The rule is talking about "Reading"
25. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.
Most commonly used approach
No read down
Orange Book A
Need-to-know
26. TCSEC provides a means to evaluate ______________________.
attributability
The National Computer Security Center (NCSC)
Networks and Communications
The trustworthiness of an information system
27. The C2 evaluation class of the _________________ offers controlled access protection.
Trusted Network Interpretation (TNI)
Life-cycle assurance - O/B
Prevent secret information from being accessed
Orange Book C
28. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.
C2
Security Policy
TCB (Trusted Computing Base)
State machine model
29. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
The security kernel
Thrashing
The security perimeter
Orange Book C
30. Simpler instructions that require fewer clock cycles to execute.
A security domain
The security kernel
Simple Integrity Axiom
Reduced Instruction Set Computers (RISC)
31. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
The Biba Model
C2
Complex Instruction Set Computers (CISC)
Process isolation
32. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
The reference monitor
Programmable Read-Only Memory (PROM)
The Rule is talking about writing
Orange Book C
33. The TCB is the ________________ within a computer system that work together to enforce a security policy.
Labels - Orange Book
A security kernel
Life Cycle Assurance Requirement
Totality of protection mechanisms
34. Which Orange Book evaluation level is described as "Discretionary Security Protection"?
Life Cycle Assurance Requirement
Complex Instruction Set Computers (CISC)
B3 - Security Domains
C1
35. When the RAM and secondary storage are combined the result is __________.
Virtual Memory
Clark-Wilson
The Strong star property rule
Dominate the object's sensitivity label
36. Mandatory Access requires that _____________ be attached to all objects.
No read up
Disclosure of residual data
Discretionary Security Property (ds-property)
Sensitivity labels
37. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
System High Security Mode
An abstract machine
Trusted Network Interpretation (TNI)
C1 - Discretionary Security Protection
38. Levels of Security and Levels of Trust Lower Letters of the alphabet represent higher levels of security. Higher numbers indicate a greater level of trust.
Firmware
B2 - Structured Protection
Dedicated Security Mode
Orange Book ratings
39. Which is a straightforward approach that provides access rights to subjects for objects?
Most commonly used approach
Implement software or systems in a production environment
Scalar processors
Access Matrix model
40. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
Simple Integrity Axiom
Implement software or systems in a production environment
Attributable data
A Layered Operating System Architecure
41. Discretionary protection
Ring 1
Orange Book C
Basic Security Theorem (used in computer science) definition
Indirect addressing
42. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
Most commonly used approach
B2 - Structured Protection
Division D - Minimal Protection
Subject to Object Model
43. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.
Swap Space
Polyinstantiation
Compare the security labels
NOT Integrity
44. Trusted facility management is an assurance requirement only for ________________.
Access control to the objects by the subjects
Highly secure systems (B2 - B3 and A1)
Controlling unauthorized downgrading of information
Orange Book A
45. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Evaluated separately
Disclosure of residual data
'Dominate'
A and B
46. A domain of trust that shares a single security policy and single management
Be protected from modification
Orange Book - B3
A security domain
Its classification label (Top Secret - Secret or confidential)
47. Can be erased - modified and upgraded.
Erasable and Programmable Read-Only Memory (EPROM)
Division B - Mandatory Protection
B3 - Security Domains
'Dominate'
48. Users need to be Identified individually to provide more precise acces control and auditing functionality.
Trusted facility management
All Mandatory Access Control (MAC) systems
Ring 3
C2 - Controlled Access Protection
49. Operating System Kernel
The "No write Down" Rule
No read down
Ring 0
A and B
50. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle
Clark-Wilson
Discretionary Security Property (ds-property)
Complex Instruction Set Computers (CISC)
Examples of Layered Operating Systems
