SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
A and B
Orange Book A
Secondary Storage
Operational assurance requirements
2. The Indexed memory addresses that software uses
B3
A Domain
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Logical addresses
3. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
Pagefile.sys file
Ring 3
Certification
Security Policy - Orange Book
4. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
C1 - Discretionary Security Protection
Disclosure of residual data
Sensitivity labels
No read down
5. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
Secondary Storage
Files - directories and devices
Be protected from modification
A security domain
6. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object
Trusted Products Evaluation Program (TPEP)
Examples of Layered Operating Systems
Access control to the objects by the subjects
Overt channel
7. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.
A Layered Operating System Architecure
The rule is talking about "Reading"
International Standard 15408
The Clark Wilson integrity model
8. According to the Orange Book - trusted facility management is not required for which security levels?
Subject to Object Model
International Standard 15408
B1
Division B - Mandatory Protection
9. Discretionary protection
Process isolation
Orange Book C
B2 - Structured Protection
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
10. In the Bell-LaPadula Model the Subject's Label contains ___________________.
Its Clearance Label (Top Secret - Secret - or Confidential)
The reference monitor
No write down
Relative Addresses
11. The Simple Security rule is refered to as______________.
B2
Attributable - original - accurate - contemporaneous and legible
The "No read Up" rule
The Integrity of data within applications
12. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.
Reduced Instruction Set Computers (RISC)
The Evaluated Products List (EPL) with their corresponding rating
The Thread (memory Management)
The Biba Model
13. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
The Simple Security Property
Orange Book - D
Prevent secret information from being accessed
A1 - Rating
14. I/O drivers and utilities
Virtual Memory
D
Ring 2
Simple Security Rule
15. What is called the formal acceptance of the adequacy of a system's overall security by management?
Accreditation
The Red Book
The Trusted Computing Base (TCB)
Evaluated separately
16. The Biba Model adresses _____________________.
B3
The Integrity of data within applications
Dominate the object's sensitivity label
Reduced Instruction Set Computers (RISC)
17. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma
A Limit Register (Memory Management)
Bell-LaPadula Model
Discretionary Security Property (ds-property)
Ring 1
18. Bell-LaPadula Model -______________: A subject in a given security level can NOT WRITE information to a LOWER security level.
The *-Property rule (Star property)
The Evaluated Products List (EPL) with their corresponding rating
No read down
Virtual storage
19. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
B2 - Structured Protection
First evaluation class
Accountability - Orange Book
Direct Addressing
20. Succesfully Evaluated products are placed on?
Disclosure of residual data
The Evaluated Products List (EPL) with their corresponding rating
Subject to Object Model
C1
21. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
Process isolation
B3 - Security Domains
Security mechanisms and evalautes their effectivenes
Be protected from modification
22. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle
Totality of protection mechanisms
Complex Instruction Set Computers (CISC)
D
Security rating B
23. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.
Clark-Wilson Model
Trusted Products Evaluation Program (TPEP)
Life Cycle Assurance Requirement
Most commonly used approach
24. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.
Orange Book interpretations
C2 - Controlled Access Protection
Bell-LaPadula Model
Multilevel Security Policies
25. The Physical memory address that the CPU uses
Administrative declaration
Compare the security labels
Security rating B
Absolute addresses
26. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.
attributability
The Clark Wilson integrity model
The rule is talking about "Reading"
Government and military applications
27. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
B2 - Structured Protection
The Red Book
Types of covert channels
Security mechanisms and evalautes their effectivenes
28. The combination of RAM - Cache and the Processor Registers
Types of covert channels
Primary storage
The Rule is talking about writing
B3 - Security Domains
29. The C2 evaluation class of the _________________ offers controlled access protection.
Attributable - original - accurate - contemporaneous and legible
Implement software or systems in a production environment
Trusted Network Interpretation (TNI)
Direct addressing
30. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
NOT Integrity
Division C - Discretionary Protection
Dominate the object's sensitivity label
Prohibits
31. Which increases the performance in a computer by overlapping the steps of different instructions?
Pipelining
Indexed addressing
The "No read Up" rule
B2 rating
32. When the address location that is specified in the program instruction contains the address of the final desired location.
Controlling unauthorized downgrading of information
Orange Book - D
attributability
Indirect addressing
33. A domain of trust that shares a single security policy and single management
Attributable - original - accurate - contemporaneous and legible
State machine model
A security domain
B2 - Structured Protection
34. A type of memory used for High-speed writing and reading activities.
Cache Memory
The Simple Security Property
Evaluated separately
Discretionary Security Property (ds-property)
35. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
Fail safe
C1 - Discrection Security Protection is a type of environment
C2 - Controlled Access Protection
C2
36. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
Networks and Communications
A security kernel
Simple Security Rule
Controlling unauthorized downgrading of information
37. What does the Clark-Wilson security model focus on
Security mechanisms and evalautes their effectivenes
C2 - Controlled Access Protection
Integrity
Division D - Minimal Protection
38. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.
B2 rating
Administrative declaration
Controls the checks
The security perimeter
39. Which in the Orange Book ratings represents the highest level of trust?
Security rating B
Orange Book ratings
B2
Indirect addressing
40. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
A1 - Rating
In C2 - Controlled Access Protection environment
Invocation Property
Enforces the rules
41. Remaining parts of the operating system
Operational assurance requirements
Covert channels
Ring 1
Assigned labels
42. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.
Evaluated separately
A lattice of Intergrity Levels
Primary storage
Controlling unauthorized downgrading of information
43. Bell-LaPadula model was proposed for enforcing access control in _____________________.
*-Integrity Axiom
Documentation - Orange Book
The security perimeter
Government and military applications
44. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
The Common Criteria
No write down
An abstract machine
Orange Book interpretations
45. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.
Need-to-know
Fail safe
A1 - Rating
Storage and timing
46. A system uses the Reference Monitor to ___________________ of a subject and an object?
B2 rating
Orange Book C
Real storage
Compare the security labels
47. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.
Labels - Orange Book
Accreditation
Prohibits
Covert channels
48. Execute one instruction at a time.
Scalar processors
Trusted hardware - Software and Firmware
A security domain
First evaluation class
49. Involves sharing the processor amoung all ready processes
Prevent secret information from being accessed
The reference monitor
Multitasking
Mandatory access control
50. Each data object must contain a classification label and each subject must have a clearance label.
The TCSEC - Aka Orange Book
B1 - Labeled Security
Labels - Orange Book
Clark-Wilson
