SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
Protection Rings Support
Thrashing
Complex Instruction Set Computers (CISC)
The *-Property rule (Star property)
2. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.
Operational assurance requirements
The security perimeter
Multitasking
Division D - Minimal Protection
3. What is called the formal acceptance of the adequacy of a system's overall security by management?
Accreditation
The Monolithic Operation system Architecture
Real storage
Accountability - Orange Book
4. Minimal Security
A1 - Rating
Orange Book - D
Compare the security labels
The Monolithic Operation system Architecture
5. A set of objects that a subject is able to access
A Domain
TCB (Trusted Computing Base)
Real storage
B2
6. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.
Security rating B
A Domain
The Monolithic Operation system Architecture
Multilevel Security Policies
7. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
Government and military applications
The National Computer Security Center (NCSC)
B3 - Security Domains
The Strong star property rule
8. In ______________ the subject must have: Need to Know for ALL the information contained within the system.
B3 - Security Domains
Dedicated Security Mode
The Strong star property rule
A Limit Register (Memory Management)
9. Which uses Protection Profiles and Security Targets?
Buffer overflows
The TCSEC - Aka Orange Book
International Standard 15408
Overt channel
10. Remaining parts of the operating system
Disclosure of residual data
B2 - Structured Protection
Execution Domain
Ring 1
11. Security Labels are not required until __________; thus C2 does not require security labels but B1 does
The *-Property rule (Star property)
Security rating B
Models concerned with integrity
A security kernel
12. Execute one instruction at a time.
Most commonly used approach
Scalar processors
Security Policy
TCB (Trusted Computing Base)
13. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.
Its classification label (Top Secret - Secret or confidential)
C2 - Controlled Access Protection
D
Attributable - original - accurate - contemporaneous and legible
14. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.
B3 - Rating
Operational assurance requirements
Programmable Read-Only Memory (PROM)
Assigned labels
15. A Policy based control. All objects and systems have a sensitivity level assigned to them
B3
Secondary Storage
Orange Book A
Mandatory Access Control (MAC)
16. Bell-LaPadula model was proposed for enforcing access control in _____________________.
Models concerned with integrity
C2 - Controlled Access Protection
*-Integrity Axiom
Government and military applications
17. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
Its Clearance Label (Top Secret - Secret - or Confidential)
Identification - Orange Book
Prohibits
The Security Kernel
18. Trusted facility management is an assurance requirement only for ________________.
Storage and timing
Assigned labels
Highly secure systems (B2 - B3 and A1)
Trusted Products Evaluation Program (TPEP)
19. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?
The Strong star property rule
B3 - Security Domains
No read up
The TCSEC - Aka Orange Book
20. The Physical memory address that the CPU uses
Protection Rings Support
Totality of protection mechanisms
Pipelining
Absolute addresses
21. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
Life-cycle assurance - O/B
Basic Security Theorem (used in computer science) definition
Overt channel
Implement software or systems in a production environment
22. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
The security kernel
Trusted Distribution
Division B - Mandatory Protection
B3
23. Contains the ending address
The Integrity of data within applications
Orange Book - B2
A Limit Register (Memory Management)
Pagefile.sys file
24. Discretionary protection
Orange Book C
Attributable data
Enforces the rules
A Thread
25. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system
Dedicated Security Mode
The Monolithic Operation system Architecture
Models concerned with integrity
B2
26. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?
Controls the checks
Disclosure of residual data
C2 - Controlled Access Protection
B3
27. In the Bell-LaPadula Model the Subject's Label contains ___________________.
Division D - Minimal Protection
Integrity
Its Clearance Label (Top Secret - Secret - or Confidential)
Logical addresses
28. Simpler instructions that require fewer clock cycles to execute.
No read up
*-Integrity Axiom
Accountability - Orange Book
Reduced Instruction Set Computers (RISC)
29. A system uses the Reference Monitor to ___________________ of a subject and an object?
Erasable and Programmable Read-Only Memory (EPROM)
A Layered Operating System Architecure
Dominate the object's sensitivity label
Compare the security labels
30. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
The security kernel
Dedicated Security Mode
Higher or equal to access class
Continuous protection - O/B
31. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Dominate the object's sensitivity label
A and B
attributability
32. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
Orange Book - D
Identification - Orange Book
Erasable and Programmable Read-Only Memory (EPROM)
Controlling unauthorized downgrading of information
33. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.
Virtual Memory
Discretionary Security Property (ds-property)
Most commonly used approach
No write down
34. Components considered as part of the Trusted Computing Base (from the Orange Book) are?
No read up
Trusted hardware - Software and Firmware
International Standard 15408
Swap Space
35. TCB contains The Security Kernel and all ______________.
In C2 - Controlled Access Protection environment
Access control to the objects by the subjects
security protection mechanisms
Stored in Reak Memory
36. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.
Files - directories and devices
Discretionary Security Property (ds-property)
Orange Book - B1
Orange Book - D
37. Which TCSEC level first addresses object reuse?
Overt channel
Ring 1
C2
The Common Criteria
38. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.
The Clark Wilson integrity model
Simple Security Rule
Indexed addressing
Assigned labels
39. Used by Windows systems to reserve the "Swap Space"
C1 - Discretionary Security Protection
Reduced Instruction Set Computers (RISC)
Pagefile.sys file
Security Policy
40. Data in Cache can be accessed much more quickly than Data
B2 rating
Stored in Reak Memory
A Thread
The Simple Security Property
41. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.
Physical security
Access Matrix model
Simple Security Rule
The Strong star property rule
42. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
C2
Pipelining
Most commonly used approach
The rule is talking about "Reading"
43. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object
The security perimeter
Documentation - Orange Book
Access control to the objects by the subjects
The Red Book
44. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.
Basic Security Theorem (used in computer science) definition
The National Computer Security Center (NCSC)
Execution Domain
Security mechanisms and evalautes their effectivenes
45. Which addresses a portion of the primary memory by specifying the actual address of the memory location?
Need-to-know
Files - directories and devices
Direct Addressing
Thrashing
46. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
Orange Book - B1
A1 - Rating
C2 - Controlled Access Protection
Pipelining
47. Audit data must be captured and protected to enforce accountability
Certification
Life Cycle Assurance Requirement
A1 - Rating
Accountability - Orange Book
48. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.
Ring 1
Accreditation
Orange Book - B2
Security rating B
49. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
Be protected from modification
Identification - Orange Book
Discretionary Security Property (ds-property)
Life Cycle Assurance Requirement
50. All users have a clearance for and a formal need to know about - all data processed with the system.
Dedicated Security Mode
Indirect addressing
Trusted Distribution
Security Policy
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests