SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
Security Policy
Its Clearance Label (Top Secret - Secret - or Confidential)
B2 - Structured Protection
Logical addresses
2. The Physical memory address that the CPU uses
Life Cycle Assurance Requirement
Absolute addresses
A Layered Operating System Architecure
B1 - Labeled Security
3. According to the Orange Book - trusted facility management is not required for which security levels?
The security perimeter
Multiprocessing
B1
Orange Book interpretations
4. Which addresses a portion of the primary memory by specifying the actual address of the memory location?
Direct Addressing
The Thread (memory Management)
The Rule is talking about writing
Orange Book B
5. System Architecture that separates system functionality into Hierarchical layers
Networks and Communications
A Layered Operating System Architecure
'Dominate'
Life Cycle Assurance Requirement
6. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
C1 - Discrection Security Protection is a type of environment
Bell-LaPadula Model
Controlling unauthorized downgrading of information
Attributable - original - accurate - contemporaneous and legible
7. The Security Model Incorporates the ____________ that should be enforced in the system.
Process isolation
The Thread (memory Management)
Security Policy
attributability
8. The Bell-LaPadula model Subjects and Objects are ___________.
Assigned labels
B3 - Rating
Primary storage
Thrashing
9. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?
Disclosure of residual data
Discretionary Security Property (ds-property)
Examples of Layered Operating Systems
Orange Book - A1
10. TCSEC provides a means to evaluate ______________________.
A Base Register (Memory Management)
The Tranqulity principle (The Bell-LaPadula Model)
No write down
The trustworthiness of an information system
11. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.
Primary storage
attributability
Models concerned with integrity
Protection Rings Support
12. Users need to be Identified individually to provide more precise acces control and auditing functionality.
C2 - Controlled Access Protection
Enforces the rules
Attributable data
Attributable - original - accurate - contemporaneous and legible
13. What model use an access control triples and requires that the system maintain separation of duty ?
Clark-Wilson
Higher or equal to access class
Disclosure of residual data
The trustworthiness of an information system
14. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.
Sensitivity labels
Swap Space
The rule is talking about "Reading"
Programmable Read-Only Memory (PROM)
15. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.
Accountability - Orange Book
First evaluation class
The National Computer Security Center (NCSC)
A Layered Operating System Architecure
16. When the RAM and secondary storage are combined the result is __________.
Orange Book - D
Accreditation
Reduced Instruction Set Computers (RISC)
Virtual Memory
17. The Availability - Integrity and confidentiality requirements of multitasking operating systems
Orange Book A
Prohibits
Protection Rings Support
Subject to Object Model
18. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
A security kernel
Security mechanisms and evalautes their effectivenes
The Simple Security Property
B1 - Labeled Security
19. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
A Base Register (Memory Management)
The security kernel
Models concerned with integrity
The Strong star property rule
20. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
A Thread
Highly secure systems (B2 - B3 and A1)
Swap Space
Virtual storage
21. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.
Files - directories and devices
Indexed addressing
C2 - Controlled Access Protection
Direct addressing
22. Access control labels must be associated properly with objects.
Prevent secret information from being accessed
The TCSEC - Aka Orange Book
No read down
Labels - Orange Book
23. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
Trusted Products Evaluation Program (TPEP)
Security Policy is clearly defined and documented
A Limit Register (Memory Management)
Prevent secret information from being accessed
24. What does the * (star) property mean in the Bell-LaPadula model?
No write down
Orange Book - B3
The Common Criteria
Integrity
25. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.
Multiprocessing
Execution Domain
Clark-Wilson Model
Division B - Mandatory Protection
26. The Bell-LaPadula Model is a _______________.
Orange Book - A1
Subject to Object Model
Security mechanisms and evalautes their effectivenes
D
27. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
Security Policy - Orange Book
Administrative declaration
A1 - Rating
Bell-LaPadula Model
28. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
Thrashing
Ring 3
Covert channels
Division B - Mandatory Protection
29. In both the Bell-LaPadula and Biba Models if the word "* or Star is used - _______________.
C2 - Controlled Access Protection
Documentation - Orange Book
Relative Addresses
The Rule is talking about writing
30. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
The trustworthiness of an information system
Indirect addressing
Division C - Discretionary Protection
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
31. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.
Subject to Object Model
attributability
The Strong star property rule
Access Matrix model
32. Data in Cache can be accessed much more quickly than Data
Examples of Layered Operating Systems
State machine model
Stored in Reak Memory
C1
33. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)
*-Integrity Axiom
The Monolithic Operation system Architecture
A Thread
Networks and Communications
34. Discretionary protection
Assigned labels
Division B - Mandatory Protection
The *-Property rule (Star property)
Orange Book C
35. Permits a database to have two records that are identical except for Their classifications
Polyinstantiation
The trustworthiness of an information system
Life-cycle assurance - O/B
A security domain
36. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Be protected from modification
Disclosure of residual data
Evaluated separately
Security rating B
37. Which is an ISO standard product evaluation criteria that supersedes several different criteria
B2 - Structured Protection
The Common Criteria
Isolate processes
Division B - Mandatory Protection Architecture
38. A domain of trust that shares a single security policy and single management
C2
Dominate the object's sensitivity label
A security domain
Reduced Instruction Set Computers (RISC)
39. A Policy based control. All objects and systems have a sensitivity level assigned to them
Mandatory Access Control (MAC)
Attributable - original - accurate - contemporaneous and legible
Erasable and Programmable Read-Only Memory (EPROM)
Division D - Minimal Protection
40. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.
The Evaluated Products List (EPL) with their corresponding rating
Networks and Communications
The Trusted Computing Base (TCB)
Life Cycle Assurance Requirement
41. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.
Security Policy is clearly defined and documented
The Biba Model
Physical security
The Red Book
42. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
The Common Criteria
The security perimeter
Division B - Mandatory Protection
The Red Book
43. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.
Most commonly used approach
Orange Book interpretations
Files - directories and devices
Pipelining
44. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
Life Cycle Assurance Requirement
Documentation - Orange Book
D
The Clark Wilson integrity model
45. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
The Thread (memory Management)
Life-cycle assurance - O/B
Sensitivity labels
Operational assurance requirements
46. When a portion of primary memory is accessed by specifying the actual address of the memory location
Direct addressing
A Base Register (Memory Management)
Access Matrix model
C2
47. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system
Multilevel Security Policies
First evaluation class
Ring 2
The Monolithic Operation system Architecture
48. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
Scalar processors
Erasable and Programmable Read-Only Memory (EPROM)
Trusted Distribution
A Layered Operating System Architecure
49. When the contents of the address defined in the program's instruction is added to that of an index register.
C2 - Controlled Access Protection
Indexed addressing
Thrashing
The National Computer Security Center (NCSC)
50. Minimal Security
Polyinstantiation
Orange Book - D
B3 - Security Domains
Isolate processes
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests