Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which is an ISO standard product evaluation criteria that supersedes several different criteria






2. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data






3. Trusted facility management is an assurance requirement only for ________________.






4. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?






5. Based on a known address with an offset value applied.






6. Levels of Security and Levels of Trust Lower Letters of the alphabet represent higher levels of security. Higher numbers indicate a greater level of trust.






7. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.






8. Which is a straightforward approach that provides access rights to subjects for objects?






9. What prevents a process from accessing another process' data?






10. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.






11. Which in the Orange Book ratings represents the highest level of trust?






12. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.






13. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.






14. The Bell-LaPadula Model is a _______________.






15. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.






16. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.






17. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?






18. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.






19. In the Bell-LaPadula Model the Subject's Label contains ___________________.






20. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities






21. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)






22. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.






23. TCB contains The Security Kernel and all ______________.






24. The security kernel is the mechanism that _____________ of the reference monitor concept.






25. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?






26. What does the simple integrity axiom mean in the Biba model?






27. Minimal Security






28. All users have a clearance for and a formal need to know about - all data processed with the system.






29. What is called the formal acceptance of the adequacy of a system's overall security by management?






30. Should always trace to individuals responsible for observing and recording the data






31. What does the Clark-Wilson security model focus on






32. Audit data must be captured and protected to enforce accountability






33. The Indexed memory addresses that software uses






34. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.






35. When the address location that is specified in the program instruction contains the address of the final desired location.






36. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.






37. The total combination of protection mechanisms within a computer system






38. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)






39. In access control terms - the word "dominate" refers to ___________.






40. The Policy must be explicit and well defined and enforced by the mechanisms within the system






41. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when






42. What are the components of an object's sensitivity label?






43. Can be erased - modified and upgraded.






44. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.






45. Users need to be Identified individually to provide more precise acces control and auditing functionality.






46. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.






47. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity






48. The Red Book aka Trusted Network Interpretation (TNI) - provides _________________ for Trusted computer and communications network systems under the areas of assurance requirements






49. When a portion of primary memory is accessed by specifying the actual address of the memory location






50. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.