Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Happen because input data is not checked for appropriate length at time of input






2. A system uses the Reference Monitor to ___________________ of a subject and an object?






3. Verification Protection






4. Requires more stringent authentication mechanisms and well-defined interfaces among layers.






5. System Architecture that separates system functionality into Hierarchical layers






6. Remaining parts of the operating system






7. A type of memory used for High-speed writing and reading activities.






8. Can be erased - modified and upgraded.






9. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.






10. Each data object must contain a classification label and each subject must have a clearance label.






11. Individual subjects must be uniquely identified.






12. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.






13. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object






14. Applications and user activity






15. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)






16. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.






17. A1 is also called "Verified Design" and requires formal verification of the design and specifications.






18. Audit data must be captured and protected to enforce accountability






19. The Indexed memory addresses that software uses






20. TCSEC provides a means to evaluate ______________________.






21. The group that oversees the processes of evaluation within TCSEC is?






22. In ______________ the subject must have: Need to Know for ALL the information contained within the system.






23. In the Bell-LaPadula Model the Object's Label contains ___________________.






24. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?






25. Which Orange Book evaluation level is described as "Verified Design"?






26. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma






27. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.






28. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.






29. In the Bell-LaPadula Model the Subject's Label contains ___________________.






30. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.






31. Operating System Kernel






32. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when






33. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.






34. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.






35. The security kernel is the mechanism that _____________ of the reference monitor concept.






36. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.






37. A subject at a given clearance may not read an object at a higher classification






38. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.






39. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.






40. The *-Property rule is refered to as ____________.






41. What does the Clark-Wilson security model focus on






42. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.






43. Discretionary protection






44. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?






45. The combination of RAM - Cache and the Processor Registers






46. Security Labels are not required until __________; thus C2 does not require security labels but B1 does






47. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.






48. The Policy must be explicit and well defined and enforced by the mechanisms within the system






49. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?






50. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?