Test your basic knowledge |

CISSP Security Architecture And Design

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
The trustworthiness of an information system
Simple Security Rule
Prevent secret information from being accessed
The security kernel

2. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
Direct Addressing
In C2 - Controlled Access Protection environment
Discretionary Security Property (ds-property)
Complex Instruction Set Computers (CISC)

3. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain
Simple Integrity Axiom
NOT Integrity
C2 - Controlled Access Protection
Constrained

4. Minimal Security
Operational assurance requirements
B2 rating
TCB (Trusted Computing Base)
Orange Book - D

5. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
The Rule is talking about writing
D
Access control to the objects by the subjects
B3 - Security Domains

6. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.
Networks and Communications
Multitasking
The *-Property rule (Star property)
NOT Integrity

7. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.
C1
The "No read Up" rule
Firmware
Operational assurance requirements

8. Which can be used as a covert channel?
Thrashing
The Evaluated Products List (EPL) with their corresponding rating
Storage and timing
Accreditation

9. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
Documentation - Orange Book
The Integrity of data within applications
Orange Book C
A security kernel

10. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
Totality of protection mechanisms
B2 - Structured Protection
The Rule is talking about writing
Clark-Wilson

11. The Simple Security rule is refered to as______________.
Orange Book - D
The "No read Up" rule
In C2 - Controlled Access Protection environment
The Thread (memory Management)

12. What are the components of an object's sensitivity label?
Reduced Instruction Set Computers (RISC)
A Base Register (Memory Management)
Government and military applications
A single classification and a Compartment Set

13. Users need to be Identified individually to provide more precise acces control and auditing functionality.
A Domain
Security Policy is clearly defined and documented
C2 - Controlled Access Protection
Its classification label (Top Secret - Secret or confidential)

14. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.
Attributable - original - accurate - contemporaneous and legible
Files - directories and devices
B3 - Rating
A single classification and a Compartment Set

15. Remaining parts of the operating system
The security kernel
Stored in Reak Memory
Ring 1
attributability

16. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
Physical security
Prohibits
Erasable and Programmable Read-Only Memory (EPROM)
The Tranqulity principle (The Bell-LaPadula Model)

17. Which is a straightforward approach that provides access rights to subjects for objects?
Firmware
Access Matrix model
Orange Book - B1
Operational assurance requirements

18. In the Bell-LaPadula Model the Object's Label contains ___________________.
A security kernel
First evaluation class
Its classification label (Top Secret - Secret or confidential)
D

19. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
A and B
Buffer (temporary data storage area)
System High Security Mode
Discretionary Security Property (ds-property)

20. The TCB is the ________________ within a computer system that work together to enforce a security policy.
Totality of protection mechanisms
Physical security
Trusted Distribution
Trusted hardware - Software and Firmware

21. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
B1
The Evaluated Products List (EPL) with their corresponding rating
An abstract machine
Ring 1

22. In Access Control terms it means to be higher than or equal to. In the Bell-Lapadula Model - this is refered to as the dominance relation - which is the relationship of the subject's clearance to the object's classification

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

23. What does the simple integrity axiom mean in the Biba model?
International Standard 15408
No read down
Logical addresses
A Layered Operating System Architecure

24. According to the Orange Book - trusted facility management is not required for which security levels?
C2 - Controlled Access Protection
NOT Integrity
B1
A1

25. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
Sensitivity labels
Multilevel Security Policies
The security perimeter
Absolute addresses

26. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
Security mechanisms and evalautes their effectivenes
Trusted Distribution
C2
Direct addressing

27. Should always trace to individuals responsible for observing and recording the data
Complex Instruction Set Computers (CISC)
Attributable data
A Domain
Pipelining

28. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?
Orange Book - A1
The TCSEC - Aka Orange Book
The security perimeter
Execution Domain

29. Can be erased - modified and upgraded.
Orange Book C
A single classification and a Compartment Set
The Trusted Computing Base (TCB)
Erasable and Programmable Read-Only Memory (EPROM)

30. Mediates all access and Functions between subjects and objects.
Clark-Wilson
The Security Kernel
Buffer (temporary data storage area)
The National Computer Security Center (NCSC)

31. Which addresses a portion of the primary memory by specifying the actual address of the memory location?
Direct Addressing
The security perimeter
Evaluated separately
Orange Book - B1

32. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
A Layered Operating System Architecure
Life-cycle assurance - O/B
security protection mechanisms
The National Computer Security Center (NCSC)

33. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
State machine model
B1 - Labeled Security rating
Indexed addressing
B2 rating

34. A Policy based control. All objects and systems have a sensitivity level assigned to them
Mandatory Access Control (MAC)
Scalar processors
Its classification label (Top Secret - Secret or confidential)
Attributable - original - accurate - contemporaneous and legible

35. Mandatory Access requires that _____________ be attached to all objects.
Sensitivity labels
Orange Book - B1
Security rating B
Highly secure systems (B2 - B3 and A1)

36. In the Bell-LaPadula Model the Subject's Label contains ___________________.
The Red Book
Clark-Wilson Model
Its Clearance Label (Top Secret - Secret - or Confidential)
Secondary Storage

37. The reserved hard drive space used to Extend RAM capabilities. Windows system use the pagefile.sys file to reserve this space
A Domain
Swap Space
Its Clearance Label (Top Secret - Secret - or Confidential)
C2

38. A system uses the Reference Monitor to ___________________ of a subject and an object?
D
Compare the security labels
Labels - Orange Book
Most commonly used approach

39. The Orange book requires protection against two_____________ - which are these Timing and Storage
Types of covert channels
Life-cycle assurance - O/B
Stored in Reak Memory
Division C - Discretionary Protection

40. When the RAM and secondary storage are combined the result is __________.
Life Cycle Assurance Requirement
Simple Security Rule
Virtual Memory
The Monolithic Operation system Architecture

41. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
Division B - Mandatory Protection Architecture
Protection Rings Support
The Strong star property rule
The Security Kernel

42. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.
Buffer (temporary data storage area)
The Strong star property rule
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Access Matrix model

43. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.
Covert channels
In C2 - Controlled Access Protection environment
The Security Kernel
Simple Integrity Axiom

44. In ______________ the subject must have: Need to Know for ALL the information contained within the system.
Dedicated Security Mode
Virtual storage
B3 - Rating
Higher or equal to access class

45. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
Totality of protection mechanisms
The Clark Wilson integrity model
B1 - Labeled Security
Ring 2

46. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
The "No read Up" rule
Orange Book - D
A Thread
Division D - Minimal Protection

47. Used by Windows systems to reserve the "Swap Space"
Dominate the object's sensitivity label
Trusted facility management
A lattice of Intergrity Levels
Pagefile.sys file

48. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
All Mandatory Access Control (MAC) systems
Multilevel Security Policies
Files - directories and devices
International Standard 15408

49. Intended for environments that require systems to handle classified data.
Trusted Network Interpretation (TNI)
attributability
B1 - Labeled Security rating
Multitasking

50. The security kernel is the mechanism that _____________ of the reference monitor concept.
Totality of protection mechanisms
Enforces the rules
Integrity
State machine model

Can you answer 50 questions in 15 minutes?

Major Subjects
Tests & Exams AP CLEP DSST GRE SAT GMAT	Certifications CISSP go to https://www.isc2.org/ PMP ITIL RHCE MCTS More...	IT Skills Android Programming Data Modeling Objective C Programming Basic Python Programming Adobe Illustrator More...	Business Skills Advertising Techniques Business Accounting Basics Business Strategy Human Resource Management Marketing Basics More...
Soft Skills Body Language People Skills Public Speaking Persuasion Job Hunting And Resumes More...	Vocabulary GRE Vocab SAT Vocab TOEFL Essential Vocab Basic English Words For All Global Words You Should Know Business English More...	Languages AP German Vocab AP Latin Vocab SAT Subject Test: French Italian Survival Norwegian Survival More...	Engineering Audio Engineering Computer Science Engineering Aerospace Engineering Chemical Engineering Structural Engineering More...
Health Sciences Basic Nursing Skills Health Science Language Fundamentals Veterinary Technology Medical Language Cardiology Clinical Surgery More...	English Grammar Fundamentals Literary And Rhetorical Vocab Elements Of Style Vocab Introduction To English Major Complete Advanced Sentences Literature Homonyms More...	Math Algebra Formulas Basic Arithmetic: Measurements Metric Conversions Geometric Properties Important Math Facts Number Sense Vocab Business Math More...	Other Major Subjects Science Economics History Law Performing-arts Cooking Logic & Reasoning Trivia

Test your basic knowledge |

CISSP Security Architecture And Design

Can you answer 50 questions in 15 minutes?

Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests

Major Subjects

Tests & Exams

Certifications

IT Skills

Business Skills

Soft Skills

Vocabulary

Languages

Engineering

Health Sciences

English

Math

Other Major Subjects

Browse all subjects

Browse all tests

Most popular tests