Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Data in Cache can be accessed much more quickly than Data






2. Discretionary protection






3. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)






4. As per FDA data should be ______________________________.






5. When the RAM and secondary storage are combined the result is __________.






6. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object






7. What does the simple integrity axiom mean in the Biba model?






8. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?






9. A1 is also called "Verified Design" and requires formal verification of the design and specifications.






10. Permits a database to have two records that are identical except for Their classifications






11. Which addresses a portion of the primary memory by specifying the actual address of the memory location?






12. Applications and user activity






13. Each data object must contain a classification label and each subject must have a clearance label.






14. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.






15. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.






16. Minimal Security






17. Bell-LaPadula model was proposed for enforcing access control in _____________________.






18. Access control labels must be associated properly with objects.






19. When the contents of the address defined in the program's instruction is added to that of an index register.






20. When a computer uses more than one CPU in parallel to execute instructions is known as?






21. Which Orange Book evaluation level is described as "Discretionary Security Protection"?






22. The total combination of protection mechanisms within a computer system






23. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?






24. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system






25. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu






26. The group that oversees the processes of evaluation within TCSEC is?






27. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.






28. In the Bell-LaPadula Model the Subject's Label contains ___________________.






29. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when






30. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.






31. The Simple Security rule is refered to as______________.






32. Documentation must be provided - including test - design - and specification document - user guides and manuals






33. In Access Control terms it means to be higher than or equal to. In the Bell-Lapadula Model - this is refered to as the dominance relation - which is the relationship of the subject's clearance to the object's classification

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


34. Intended for environments that require systems to handle classified data.






35. Which is an ISO standard product evaluation criteria that supersedes several different criteria






36. Which can be used as a covert channel?






37. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.






38. Which is a straightforward approach that provides access rights to subjects for objects?






39. In the Bell-LaPadula Model the Object's Label contains ___________________.






40. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?






41. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?






42. In access control terms - the word "dominate" refers to ___________.






43. Which increases the performance in a computer by overlapping the steps of different instructions?






44. Components considered as part of the Trusted Computing Base (from the Orange Book) are?






45. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.






46. Happen because input data is not checked for appropriate length at time of input






47. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.






48. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise






49. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?






50. A Policy based control. All objects and systems have a sensitivity level assigned to them