Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.






2. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"






3. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m






4. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.






5. Documentation must be provided - including test - design - and specification document - user guides and manuals






6. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.






7. What are the components of an object's sensitivity label?






8. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain






9. Contains the ending address






10. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.






11. An organization within the National Security Agency (NSA) is responsible for Evaluating computer systems and products. The Trusted Product Evaluation program (TPEP) oversees the testing by approved entities of commercial products against a specific s






12. In ______________ the subject must have: Need to Know for ALL the information contained within the system.






13. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle






14. In Access Control terms it means to be higher than or equal to. In the Bell-Lapadula Model - this is refered to as the dominance relation - which is the relationship of the subject's clearance to the object's classification

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


15. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.






16. Audit data must be captured and protected to enforce accountability






17. Succesfully Evaluated products are placed on?






18. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.






19. When the address location that is specified in the program instruction contains the address of the final desired location.






20. Users need to be Identified individually to provide more precise acces control and auditing functionality.






21. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when






22. When a vendor submits a product for evaluation - it submits it to the ____________.






23. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities






24. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)






25. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.






26. The Bell-LaPadula model Subjects and Objects are ___________.






27. Minimal Security






28. Requires more stringent authentication mechanisms and well-defined interfaces among layers.






29. Which increases the performance in a computer by overlapping the steps of different instructions?






30. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.






31. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.






32. A set of objects that a subject is able to access






33. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu






34. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity






35. The Red Book aka Trusted Network Interpretation (TNI) - provides _________________ for Trusted computer and communications network systems under the areas of assurance requirements






36. The reserved hard drive space used to Extend RAM capabilities. Windows system use the pagefile.sys file to reserve this space






37. Bell-LaPadula model was proposed for enforcing access control in _____________________.






38. The Orange book requires protection against two_____________ - which are these Timing and Storage






39. Used by Windows systems to reserve the "Swap Space"






40. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.






41. Involves sharing the processor amoung all ready processes






42. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.






43. A1 is also called "Verified Design" and requires formal verification of the design and specifications.






44. Which describe a condition when RAM and Secondary storage are used together?






45. Which is a straightforward approach that provides access rights to subjects for objects?






46. When the contents of the address defined in the program's instruction is added to that of an index register.






47. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.






48. Security Labels are not required until __________; thus C2 does not require security labels but B1 does






49. As per FDA data should be ______________________________.






50. A Policy based control. All objects and systems have a sensitivity level assigned to them







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests