SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Based on a known address with an offset value applied.
All Mandatory Access Control (MAC) systems
The Trusted Computing Base (TCB)
A Layered Operating System Architecure
Relative Addresses
2. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.
Orange Book - A1
Buffer (temporary data storage area)
Invocation Property
Programmable Read-Only Memory (PROM)
3. The Security Model Incorporates the ____________ that should be enforced in the system.
C1 - Discretionary Security Protection
Documentation - Orange Book
Division B - Mandatory Protection
Security Policy
4. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
Swap Space
D
Orange Book - A1
Reduced Instruction Set Computers (RISC)
5. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
Evaluated separately
Overt channel
C2
Absolute addresses
6. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
Implement software or systems in a production environment
Evaluated separately
Integrity
Division C - Discretionary Protection
7. The TCB is the ________________ within a computer system that work together to enforce a security policy.
A Base Register (Memory Management)
Process isolation
Trusted Network Interpretation (TNI)
Totality of protection mechanisms
8. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.
B3 - Rating
The "No write Down" Rule
Attributable - original - accurate - contemporaneous and legible
The Tranqulity principle (The Bell-LaPadula Model)
9. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
Sensitivity labels
C2
A1
The Tranqulity principle (The Bell-LaPadula Model)
10. The Reserved hard drive space used to to extend RAM capabilites.
Swap Space
Direct Addressing
Prohibits
B1 - Labeled Security
11. The Bell-LaPadula model Subjects and Objects are ___________.
Pipelining
Higher or equal to access class
Overt channel
Assigned labels
12. Which addresses a portion of the primary memory by specifying the actual address of the memory location?
A security domain
Direct Addressing
B2
A lattice of Intergrity Levels
13. Which Orange Book evaluation level is described as "Verified Design"?
Trusted Network Interpretation (TNI)
A1
Life Cycle Assurance Requirement
Ring 1
14. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.
Virtual storage
Orange Book - B1
A Base Register (Memory Management)
Simple Integrity Axiom
15. What prevents a process from accessing another process' data?
Dominate the object's sensitivity label
B1
Process isolation
Primary storage
16. Certification is a Technical review that assesses the _____________ - where as Accreditation is management's Official acceptance of the information in the Certification process findings.
Relative Addresses
Evaluated separately
Security mechanisms and evalautes their effectivenes
The Evaluated Products List (EPL) with their corresponding rating
17. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
The security perimeter
Division D - Minimal Protection
Orange Book B
The Monolithic Operation system Architecture
18. Contains the beginning address
A1
A security domain
A Base Register (Memory Management)
Division B - Mandatory Protection Architecture
19. Happen because input data is not checked for appropriate length at time of input
Most commonly used approach
B1 - Labeled Security rating
Buffer overflows
All Mandatory Access Control (MAC) systems
20. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
Orange Book A
Multitasking
Isolate processes
A security kernel
21. Which describe a condition when RAM and Secondary storage are used together?
C2 - Controlled Access Protection
Fail safe
Virtual storage
No read down
22. Which Orange Book evaluation level is described as "Discretionary Security Protection"?
attributability
C1
Trusted Distribution
A1 - Rating
23. The security kernel is the mechanism that _____________ of the reference monitor concept.
Pagefile.sys file
Labels - Orange Book
Programmable Read-Only Memory (PROM)
Enforces the rules
24. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
Invocation Property
Real storage
The Evaluated Products List (EPL) with their corresponding rating
Programmable Read-Only Memory (PROM)
25. A system uses the Reference Monitor to ___________________ of a subject and an object?
A Limit Register (Memory Management)
C2
Compare the security labels
C2
26. Involves sharing the processor amoung all ready processes
The Monolithic Operation system Architecture
Orange Book interpretations
Multitasking
Protection Rings Support
27. Each data object must contain a classification label and each subject must have a clearance label.
B1 - Labeled Security
B3
C1
Labels - Orange Book
28. According to the Orange Book - trusted facility management is not required for which security levels?
B1
The National Computer Security Center (NCSC)
B2 rating
The *-Property rule (Star property)
29. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?
Relative Addresses
B1 - Labeled Security
Accreditation
Fail safe
30. Which is an ISO standard product evaluation criteria that supersedes several different criteria
The Common Criteria
Security rating B
Controlling unauthorized downgrading of information
Constrained
31. In ______________ the subject must have: Need to Know for ALL the information contained within the system.
Division D - Minimal Protection
Dedicated Security Mode
Orange Book - B2
NOT Integrity
32. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
A1 - Rating
Continuous protection - O/B
C2 - Controlled Access Protection
The reference monitor
33. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.
Process isolation
An abstract machine
The Trusted Computing Base (TCB)
B2 rating
34. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.
No read down
Storage and timing
The Biba Model
Programmable Read-Only Memory (PROM)
35. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.
Access control to the objects by the subjects
NOT Integrity
Continuous protection - O/B
State machine model
36. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?
Relative Addresses
Orange Book - D
Disclosure of residual data
State machine model
37. In the Bell-LaPadula Model the Subject's Label contains ___________________.
B3
Its Clearance Label (Top Secret - Secret - or Confidential)
Security Policy is clearly defined and documented
No read down
38. Mandatory Protection
Dominate the object's sensitivity label
Attributable data
Reduced Instruction Set Computers (RISC)
Orange Book B
39. Applications and user activity
Dedicated Security Mode
Integrity
Ring 3
Implement software or systems in a production environment
40. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
Accreditation
Division B - Mandatory Protection Architecture
B2
Trusted hardware - Software and Firmware
41. Security Labels are not required until __________; thus C2 does not require security labels but B1 does
Highly secure systems (B2 - B3 and A1)
Security rating B
Orange Book interpretations
An abstract machine
42. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.
The Biba Model
System High Security Mode
The security perimeter
Orange Book B
43. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)
Firmware
Covert channels
A Layered Operating System Architecure
Security Policy
44. The Orange book does NOT Cover ________________ - And Database management systems
Subject to Object Model
A1
Highly secure systems (B2 - B3 and A1)
Networks and Communications
45. What model use an access control triples and requires that the system maintain separation of duty ?
Labels - Orange Book
Clark-Wilson
An abstract machine
Execution Domain
46. Can be erased - modified and upgraded.
Security mechanisms and evalautes their effectivenes
Erasable and Programmable Read-Only Memory (EPROM)
Life-cycle assurance - O/B
Attributable data
47. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use
Buffer overflows
Examples of Layered Operating Systems
Protection Rings Support
B3
48. The Availability - Integrity and confidentiality requirements of multitasking operating systems
C2
Protection Rings Support
Multilevel Security Policies
The Integrity of data within applications
49. Discretionary protection
Swap Space
Orange Book C
Indexed addressing
Overt channel
50. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
Polyinstantiation
State machine model
Multiprocessing
A and B