SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Simpler instructions that require fewer clock cycles to execute.
No write down
Reduced Instruction Set Computers (RISC)
A Base Register (Memory Management)
First evaluation class
2. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
The security perimeter
The Trusted Computing Base (TCB)
The trustworthiness of an information system
B2 rating
3. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma
A security domain
Access control to the objects by the subjects
Discretionary Security Property (ds-property)
Files - directories and devices
4. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?
A lattice of Intergrity Levels
Orange Book - D
No read down
B3
5. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
Multitasking
Trusted facility management
Certification
The "No write Down" Rule
6. In the Bell-LaPadula Model the Object's Label contains ___________________.
Its classification label (Top Secret - Secret or confidential)
attributability
Division B - Mandatory Protection Architecture
Orange Book C
7. In the Bell-LaPadula Model the Subject's Label contains ___________________.
Trusted Products Evaluation Program (TPEP)
The security perimeter
A single classification and a Compartment Set
Its Clearance Label (Top Secret - Secret - or Confidential)
8. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.
The security perimeter
The rule is talking about "Reading"
Pagefile.sys file
Secondary Storage
9. System Architecture that separates system functionality into Hierarchical layers
A Layered Operating System Architecure
Orange Book interpretations
A and B
Operational assurance requirements
10. The subject must have Need to Know for ONLY the information they are trying to access.
B3 - Rating
Disclosure of residual data
System High Security Mode
B1 - Labeled Security
11. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
Pagefile.sys file
C2 - Controlled Access Protection
The National Computer Security Center (NCSC)
B3
12. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.
Orange Book interpretations
Operational assurance requirements
Trusted Products Evaluation Program (TPEP)
C2 - Controlled Access Protection
13. According to the Orange Book - trusted facility management is not required for which security levels?
Reduced Instruction Set Computers (RISC)
Life Cycle Assurance Requirement
B1
Clark-Wilson
14. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards
Administrative declaration
The reference monitor
The National Computer Security Center (NCSC)
Disclosure of residual data
15. A domain of trust that shares a single security policy and single management
The security kernel
A security domain
Orange Book - B3
The Tranqulity principle (The Bell-LaPadula Model)
16. When a computer uses more than one CPU in parallel to execute instructions is known as?
A Domain
Multiprocessing
The *-Property rule (Star property)
Assigned labels
17. The TCB is the ________________ within a computer system that work together to enforce a security policy.
Orange Book interpretations
Sensitivity labels
Totality of protection mechanisms
Labels - Orange Book
18. Which uses Protection Profiles and Security Targets?
A security kernel
Disclosure of residual data
The "No read Up" rule
International Standard 15408
19. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?
Be protected from modification
security protection mechanisms
Disclosure of residual data
Clark-Wilson
20. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system
The Monolithic Operation system Architecture
NOT Integrity
Life-cycle assurance - O/B
Relative Addresses
21. Which in the Orange Book ratings represents the highest level of trust?
B1 - Labeled Security
B2
Programmable Read-Only Memory (PROM)
Orange Book B
22. A set of objects that a subject is able to access
Prohibits
The Evaluated Products List (EPL) with their corresponding rating
Pipelining
A Domain
23. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.
Orange Book - B1
The Integrity of data within applications
Scalar processors
A and B
24. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
Orange Book C
Trusted hardware - Software and Firmware
A1 - Rating
Life-cycle assurance - O/B
25. Users need to be Identified individually to provide more precise acces control and auditing functionality.
Orange Book - B1
All Mandatory Access Control (MAC) systems
C2 - Controlled Access Protection
Totality of protection mechanisms
26. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
B3 - Rating
Implement software or systems in a production environment
Scalar processors
Stored in Reak Memory
27. When a portion of primary memory is accessed by specifying the actual address of the memory location
No read down
First evaluation class
Direct addressing
Higher or equal to access class
28. The Orange book does NOT Cover ________________ - And Database management systems
Dominate the object's sensitivity label
Networks and Communications
Operational assurance requirements
In C2 - Controlled Access Protection environment
29. In both the Bell-LaPadula and Biba Models if the word "* or Star is used - _______________.
The Rule is talking about writing
B3 - Security Domains
The National Computer Security Center (NCSC)
C2 - Controlled Access Protection
30. The Availability - Integrity and confidentiality requirements of multitasking operating systems
Bell-LaPadula Model
Overt channel
Protection Rings Support
Isolate processes
31. As per FDA data should be ______________________________.
Attributable - original - accurate - contemporaneous and legible
The Simple Security Property
Trusted Distribution
B3 - Rating
32. TCB contains The Security Kernel and all ______________.
The Common Criteria
security protection mechanisms
International Standard 15408
Secondary Storage
33. The Simple Security rule is refered to as______________.
C2
Trusted Distribution
B2 rating
The "No read Up" rule
34. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
B2 rating
Discretionary Security Property (ds-property)
Security mechanisms and evalautes their effectivenes
The reference monitor
35. Data in Cache can be accessed much more quickly than Data
The Common Criteria
Fail safe
Stored in Reak Memory
The Integrity of data within applications
36. Another word for Primary storage and distinguishes physical memory from virtual memory.
Access Matrix model
Security Policy is clearly defined and documented
System High Security Mode
Real storage
37. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
Simple Integrity Axiom
Mandatory Access Control (MAC)
Prohibits
Scalar processors
38. When the RAM and secondary storage are combined the result is __________.
Relative Addresses
Administrative declaration
Certification
Virtual Memory
39. TCSEC provides a means to evaluate ______________________.
Ring 1
The trustworthiness of an information system
The Monolithic Operation system Architecture
Types of covert channels
40. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
The Evaluated Products List (EPL) with their corresponding rating
B3 - Security Domains
Implement software or systems in a production environment
The security perimeter
41. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
Invocation Property
Swap Space
Orange Book - B3
'Dominate'
42. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
Secondary Storage
Identification - Orange Book
Be protected from modification
Files - directories and devices
43. A type of memory used for High-speed writing and reading activities.
Attributable data
Certification
Cache Memory
An abstract machine
44. Mandatory access control is enfored by the use of security labels.
B1 - Labeled Security
A lattice of Intergrity Levels
Ring 2
Division B - Mandatory Protection
45. The Red Book aka Trusted Network Interpretation (TNI) - provides _________________ for Trusted computer and communications network systems under the areas of assurance requirements
Orange Book interpretations
The Security Kernel
Orange Book C
Orange Book - A1
46. Intended for environments that require systems to handle classified data.
A security kernel
B1 - Labeled Security rating
Security mechanisms and evalautes their effectivenes
Ring 3
47. When a vendor submits a product for evaluation - it submits it to the ____________.
The National Computer Security Center (NCSC)
B1 - Labeled Security rating
Covert channels
Complex Instruction Set Computers (CISC)
48. Succesfully Evaluated products are placed on?
Access control to the objects by the subjects
Reduced Instruction Set Computers (RISC)
The security kernel
The Evaluated Products List (EPL) with their corresponding rating
49. Contains the ending address
TCB (Trusted Computing Base)
The Evaluated Products List (EPL) with their corresponding rating
A Limit Register (Memory Management)
Multitasking
50. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
C2
Controls the checks
Highly secure systems (B2 - B3 and A1)
B1 - Labeled Security
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests