Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Based on a known address with an offset value applied.






2. A type of memory used for High-speed writing and reading activities.






3. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)






4. Remaining parts of the operating system






5. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?






6. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection






7. Which in the Orange Book ratings represents the highest level of trust?






8. Discretionary protection






9. Which can be used as a covert channel?






10. Subjects and Objects cannot change their security levels once they have been instantiated (created)






11. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?






12. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?






13. Requires more stringent authentication mechanisms and well-defined interfaces among layers.






14. Which is an ISO standard product evaluation criteria that supersedes several different criteria






15. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise






16. When a computer uses more than one CPU in parallel to execute instructions is known as?






17. Operating System Kernel






18. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.






19. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?






20. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.






21. The combination of RAM - Cache and the Processor Registers






22. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.






23. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.






24. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.






25. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.






26. Each data object must contain a classification label and each subject must have a clearance label.






27. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.






28. The security kernel is the mechanism that _____________ of the reference monitor concept.






29. Bell-LaPadula model was proposed for enforcing access control in _____________________.






30. The first mathematical model of a multi-level security policy used to define the concept of a secure state - the modes of access - and rules for granting access?






31. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.






32. What access control technique is also known as multilevel security?






33. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)






34. A subject at a given clearance may not read an object at a higher classification






35. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.






36. What is called the formal acceptance of the adequacy of a system's overall security by management?






37. Documentation must be provided - including test - design - and specification document - user guides and manuals






38. Mediates all access and Functions between subjects and objects.






39. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)






40. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when






41. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.






42. Which is a straightforward approach that provides access rights to subjects for objects?






43. In ______________ the subject must have: Need to Know for ALL the information contained within the system.






44. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.






45. The group that oversees the processes of evaluation within TCSEC is?






46. In both the Bell-LaPadula and Biba Models if the word "* or Star is used - _______________.






47. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.






48. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.






49. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.






50. Intended for environments that require systems to handle classified data.