SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
A Domain
Most commonly used approach
A and B
No read down
2. Individual subjects must be uniquely identified.
Identification - Orange Book
Orange Book - B1
Indexed addressing
Buffer overflows
3. Data in Cache can be accessed much more quickly than Data
Stored in Reak Memory
Most commonly used approach
Dedicated Security Mode
A Base Register (Memory Management)
4. The C2 evaluation class of the _________________ offers controlled access protection.
Buffer overflows
Trusted Network Interpretation (TNI)
Security Policy is clearly defined and documented
The rule is talking about "Reading"
5. When the RAM and secondary storage are combined the result is __________.
Discretionary Security Property (ds-property)
Virtual Memory
NOT Integrity
Execution Domain
6. Used by Windows systems to reserve the "Swap Space"
Attributable data
Orange Book - B3
Orange Book B
Pagefile.sys file
7. The Reserved hard drive space used to to extend RAM capabilites.
Swap Space
Identification - Orange Book
The Simple Security Property
Indexed addressing
8. The Security Model Incorporates the ____________ that should be enforced in the system.
Higher or equal to access class
Security Policy
Its Clearance Label (Top Secret - Secret - or Confidential)
Buffer (temporary data storage area)
9. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.
Execution Domain
Physical security
An abstract machine
The National Computer Security Center (NCSC)
10. The Availability - Integrity and confidentiality requirements of multitasking operating systems
Division C - Discretionary Protection
Scalar processors
Protection Rings Support
Orange Book - B2
11. A1 is also called "Verified Design" and requires formal verification of the design and specifications.
A and B
A security domain
Virtual storage
Orange Book - A1
12. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.
Direct addressing
B3 - Rating
Buffer overflows
Multitasking
13. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
Dedicated Security Mode
A Thread
Accountability - Orange Book
Certification
14. What does the * (star) property mean in the Bell-LaPadula model?
No write down
Implement software or systems in a production environment
First evaluation class
Ring 1
15. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.
Multilevel Security Policies
A security domain
In C2 - Controlled Access Protection environment
Need-to-know
16. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
The *-Property rule (Star property)
Mandatory access control
Its classification label (Top Secret - Secret or confidential)
A1 - Rating
17. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
Basic Security Theorem (used in computer science) definition
Buffer overflows
B3
Orange Book B
18. Which can be used as a covert channel?
The Simple Security Property
Storage and timing
The "No write Down" Rule
Controlling unauthorized downgrading of information
19. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.
Primary storage
The Trusted Computing Base (TCB)
The Monolithic Operation system Architecture
Indexed addressing
20. Audit data must be captured and protected to enforce accountability
Accountability - Orange Book
System High Security Mode
Labels - Orange Book
Ring 0
21. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.
System High Security Mode
Indexed addressing
The National Computer Security Center (NCSC)
Covert channels
22. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
Reduced Instruction Set Computers (RISC)
Government and military applications
Security Policy
A security kernel
23. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
Controls the checks
Documentation - Orange Book
A Thread
Division D - Minimal Protection
24. A Policy based control. All objects and systems have a sensitivity level assigned to them
Constrained
Mandatory Access Control (MAC)
Real storage
Assigned labels
25. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system
Isolate processes
No read down
Enforces the rules
Multitasking
26. Which increases the performance in a computer by overlapping the steps of different instructions?
Access Matrix model
Attributable - original - accurate - contemporaneous and legible
Pipelining
Certification
27. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?
Networks and Communications
Fail safe
Swap Space
Direct Addressing
28. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
Overt channel
The TCSEC - Aka Orange Book
B1 - Labeled Security rating
Trusted Distribution
29. In Access Control terms it means to be higher than or equal to. In the Bell-Lapadula Model - this is refered to as the dominance relation - which is the relationship of the subject's clearance to the object's classification
30. Which in the Orange Book ratings represents the highest level of trust?
Administrative declaration
B2
Process isolation
The TCSEC - Aka Orange Book
31. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
The National Computer Security Center (NCSC)
Documentation - Orange Book
Highly secure systems (B2 - B3 and A1)
All Mandatory Access Control (MAC) systems
32. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
Execution Domain
The security kernel
The Rule is talking about writing
Physical security
33. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.
Compare the security labels
Implement software or systems in a production environment
Continuous protection - O/B
C2
34. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
Bell-LaPadula Model
Division B - Mandatory Protection Architecture
Controlling unauthorized downgrading of information
*-Integrity Axiom
35. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
In C2 - Controlled Access Protection environment
System High Security Mode
Assigned labels
Trusted Distribution
36. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
Thrashing
Direct addressing
The Trusted Computing Base (TCB)
Multilevel Security Policies
37. Verification Protection
Polyinstantiation
Orange Book A
B2 rating
Orange Book B
38. Operating System Kernel
Division B - Mandatory Protection Architecture
The Trusted Computing Base (TCB)
Programmable Read-Only Memory (PROM)
Ring 0
39. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.
Controlling unauthorized downgrading of information
Virtual Memory
Cache Memory
Life Cycle Assurance Requirement
40. An organization within the National Security Agency (NSA) is responsible for Evaluating computer systems and products. The Trusted Product Evaluation program (TPEP) oversees the testing by approved entities of commercial products against a specific s
A Domain
Dedicated Security Mode
The National Computer Security Center (NCSC)
Direct addressing
41. What are the components of an object's sensitivity label?
A single classification and a Compartment Set
B2 rating
Higher or equal to access class
The Common Criteria
42. Access control labels must be associated properly with objects.
C1 - Discrection Security Protection is a type of environment
Division B - Mandatory Protection Architecture
Labels - Orange Book
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
43. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.
A security kernel
Process isolation
NOT Integrity
Multilevel Security Policies
44. Subjects and Objects cannot change their security levels once they have been instantiated (created)
The Tranqulity principle (The Bell-LaPadula Model)
Labels - Orange Book
Orange Book A
Dominate the object's sensitivity label
45. The Bell-LaPadula model Subjects and Objects are ___________.
Types of covert channels
No read down
A Layered Operating System Architecure
Assigned labels
46. Contains the ending address
Life Cycle Assurance Requirement
Subject to Object Model
No read up
A Limit Register (Memory Management)
47. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
Dedicated Security Mode
Controls the checks
Most commonly used approach
Prohibits
48. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
Ring 3
Indexed addressing
D
Networks and Communications
49. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)
The Biba Model
No read up
Security rating B
*-Integrity Axiom
50. Can be erased - modified and upgraded.
Orange Book C
The Trusted Computing Base (TCB)
The trustworthiness of an information system
Erasable and Programmable Read-Only Memory (EPROM)
