SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
Clark-Wilson Model
Prohibits
Overt channel
Prevent secret information from being accessed
2. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs
Secondary Storage
Mandatory Access Control (MAC)
Programmable Read-Only Memory (PROM)
The Tranqulity principle (The Bell-LaPadula Model)
3. Individual subjects must be uniquely identified.
Dominate the object's sensitivity label
Identification - Orange Book
Stored in Reak Memory
Erasable and Programmable Read-Only Memory (EPROM)
4. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Isolate processes
Secondary Storage
The National Computer Security Center (NCSC)
5. Based on a known address with an offset value applied.
Swap Space
Isolate processes
Orange Book ratings
Relative Addresses
6. Which Orange Book evaluation level is described as "Verified Design"?
The National Computer Security Center (NCSC)
Sensitivity labels
A1
Ring 3
7. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
Trusted hardware - Software and Firmware
Certification
Simple Integrity Axiom
Prohibits
8. Execute one instruction at a time.
Scalar processors
Need-to-know
The TCSEC - Aka Orange Book
Its Clearance Label (Top Secret - Secret - or Confidential)
9. What prevents a process from accessing another process' data?
Logical addresses
Operational assurance requirements
Process isolation
Ring 0
10. The Indexed memory addresses that software uses
Logical addresses
Trusted Products Evaluation Program (TPEP)
Division C - Discretionary Protection
Overt channel
11. Which TCSEC level first addresses object reuse?
Clark-Wilson
Security Policy
C2
*-Integrity Axiom
12. Contains the beginning address
A1
A Base Register (Memory Management)
Programmable Read-Only Memory (PROM)
Orange Book C
13. The Policy must be explicit and well defined and enforced by the mechanisms within the system
Security Policy - Orange Book
The rule is talking about "Reading"
Enforces the rules
Relative Addresses
14. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
Swap Space
'Dominate'
D
The Integrity of data within applications
15. Verification Protection
Access Matrix model
The TCSEC - Aka Orange Book
Orange Book A
B2
16. The group that oversees the processes of evaluation within TCSEC is?
No write down
Secondary Storage
Trusted Products Evaluation Program (TPEP)
Compare the security labels
17. Security Labels are not required until __________; thus C2 does not require security labels but B1 does
Prevent secret information from being accessed
*-Integrity Axiom
Security rating B
C2 - Controlled Access Protection
18. The Orange book does NOT Cover ________________ - And Database management systems
Dedicated Security Mode
Networks and Communications
Swap Space
Orange Book ratings
19. In access control terms - the word "dominate" refers to ___________.
Access Matrix model
Higher or equal to access class
The "No read Up" rule
Highly secure systems (B2 - B3 and A1)
20. When the contents of the address defined in the program's instruction is added to that of an index register.
Indexed addressing
Identification - Orange Book
Absolute addresses
Dedicated Security Mode
21. A system uses the Reference Monitor to ___________________ of a subject and an object?
Life-cycle assurance - O/B
A Layered Operating System Architecure
Logical addresses
Compare the security labels
22. The first mathematical model of a multi-level security policy used to define the concept of a secure state - the modes of access - and rules for granting access?
Logical addresses
C2 - Controlled Access Protection
Bell-LaPadula Model
Absolute addresses
23. What does the * (star) property mean in the Bell-LaPadula model?
Covert channels
security protection mechanisms
Ring 1
No write down
24. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
Multiprocessing
The Simple Security Property
Division D - Minimal Protection
Indexed addressing
25. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
Simple Security Rule
The security perimeter
C1
Division B - Mandatory Protection Architecture
26. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"
The Biba Model
Overt channel
Be protected from modification
Simple Integrity Axiom
27. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.
Buffer (temporary data storage area)
Programmable Read-Only Memory (PROM)
Continuous protection - O/B
NOT Integrity
28. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
Prevent secret information from being accessed
Documentation - Orange Book
C2
Trusted facility management
29. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
The *-Property rule (Star property)
Real storage
Overt channel
C1 - Discrection Security Protection is a type of environment
30. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
C1 - Discrection Security Protection is a type of environment
C2
Multiprocessing
B2 - Structured Protection
31. Bell-LaPadula Model -______________: A subject in a given security level can NOT WRITE information to a LOWER security level.
NOT Integrity
Logical addresses
Sensitivity labels
The *-Property rule (Star property)
32. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system
Cache Memory
Higher or equal to access class
Models concerned with integrity
The Monolithic Operation system Architecture
33. The Availability - Integrity and confidentiality requirements of multitasking operating systems
The "No read Up" rule
Security Policy - Orange Book
Protection Rings Support
Types of covert channels
34. Which is an ISO standard product evaluation criteria that supersedes several different criteria
The Common Criteria
Clark-Wilson
B3
Models concerned with integrity
35. In both the Bell-LaPadula and Biba Models if the word "* or Star is used - _______________.
Operational assurance requirements
Firmware
The Rule is talking about writing
Security mechanisms and evalautes their effectivenes
36. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
Continuous protection - O/B
A Thread
'Dominate'
Pipelining
37. In the Bell-LaPadula Model the Subject's Label contains ___________________.
B2 - Structured Protection
Security mechanisms and evalautes their effectivenes
B2
Its Clearance Label (Top Secret - Secret - or Confidential)
38. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.
No write down
C2 - Controlled Access Protection
B2 - Structured Protection
A1 - Rating
39. As per FDA data should be ______________________________.
A lattice of Intergrity Levels
No read up
Attributable - original - accurate - contemporaneous and legible
System High Security Mode
40. The Security Model Incorporates the ____________ that should be enforced in the system.
Fail safe
The *-Property rule (Star property)
Constrained
Security Policy
41. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.
A Limit Register (Memory Management)
Orange Book - B1
International Standard 15408
The Evaluated Products List (EPL) with their corresponding rating
42. System Architecture that separates system functionality into Hierarchical layers
Ring 1
Life Cycle Assurance Requirement
A Layered Operating System Architecure
Security Policy - Orange Book
43. A type of memory used for High-speed writing and reading activities.
Cache Memory
Division C - Discretionary Protection
Mandatory Access Control (MAC)
The "No read Up" rule
44. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
Clark-Wilson
Buffer (temporary data storage area)
Physical security
The reference monitor
45. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards
A Domain
Administrative declaration
Overt channel
B1
46. Mandatory Access requires that _____________ be attached to all objects.
Physical security
The security perimeter
Sensitivity labels
Accreditation
47. A1 is also called "Verified Design" and requires formal verification of the design and specifications.
No write down
Orange Book - B3
Orange Book - A1
The Thread (memory Management)
48. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
Security Policy is clearly defined and documented
C1 - Discretionary Security Protection
An abstract machine
Networks and Communications
49. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
In C2 - Controlled Access Protection environment
Orange Book C
Protection Rings Support
Relative Addresses
50. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.
The Integrity of data within applications
Division B - Mandatory Protection Architecture
Physical security
A Layered Operating System Architecure
