Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In ______________ the subject must have: Need to Know for ALL the information contained within the system.






2. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?






3. Requires more stringent authentication mechanisms and well-defined interfaces among layers.






4. Each data object must contain a classification label and each subject must have a clearance label.






5. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)






6. Bell-LaPadula model was proposed for enforcing access control in _____________________.






7. What model use an access control triples and requires that the system maintain separation of duty ?






8. The group that oversees the processes of evaluation within TCSEC is?






9. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.






10. The reserved hard drive space used to Extend RAM capabilities. Windows system use the pagefile.sys file to reserve this space






11. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?






12. A system uses the Reference Monitor to ___________________ of a subject and an object?






13. The C2 evaluation class of the _________________ offers controlled access protection.






14. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?






15. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system






16. The Simple Security rule is refered to as______________.






17. The Orange book does NOT Cover ________________ - And Database management systems






18. Bell-LaPadula Model -______________: A subject in a given security level can NOT WRITE information to a LOWER security level.






19. Mandatory Access requires that _____________ be attached to all objects.






20. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.






21. Operating System Kernel






22. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.






23. What does the simple security (ss) property mean in the Bell-LaPadula model?






24. The Availability - Integrity and confidentiality requirements of multitasking operating systems






25. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.






26. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu






27. What prevents a process from accessing another process' data?






28. Trusted facility management is an assurance requirement only for ________________.






29. Applications and user activity






30. All users have a clearance for and a formal need to know about - all data processed with the system.






31. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.






32. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities






33. The Biba Model adresses _____________________.






34. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.






35. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.






36. Should always trace to individuals responsible for observing and recording the data






37. Remaining parts of the operating system






38. Simpler instructions that require fewer clock cycles to execute.






39. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.






40. Security Labels are not required until __________; thus C2 does not require security labels but B1 does






41. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.






42. Discretionary protection






43. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity






44. Based on a known address with an offset value applied.






45. When a computer uses more than one CPU in parallel to execute instructions is known as?






46. A set of objects that a subject is able to access






47. Verification Protection






48. Users need to be Identified individually to provide more precise acces control and auditing functionality.






49. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?






50. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain