Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Minimal Security






2. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"






3. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.






4. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)






5. What model use an access control triples and requires that the system maintain separation of duty ?






6. An organization within the National Security Agency (NSA) is responsible for Evaluating computer systems and products. The Trusted Product Evaluation program (TPEP) oversees the testing by approved entities of commercial products against a specific s






7. Mandatory access control is enfored by the use of security labels.






8. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.






9. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)






10. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.






11. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.






12. Each data object must contain a classification label and each subject must have a clearance label.






13. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)






14. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.






15. Which is an ISO standard product evaluation criteria that supersedes several different criteria






16. Bell-LaPadula model was proposed for enforcing access control in _____________________.






17. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m






18. For a subject to have read access to an object in a Multi-Level Security Policy - it is necessary that the subject's sensitivity label must ____________________.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


19. Permits a database to have two records that are identical except for Their classifications






20. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise






21. TCB contains The Security Kernel and all ______________.






22. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?






23. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.






24. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?






25. Mandatory Access requires that _____________ be attached to all objects.






26. Documentation must be provided - including test - design - and specification document - user guides and manuals






27. Succesfully Evaluated products are placed on?






28. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?






29. TCSEC provides a means to evaluate ______________________.






30. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.






31. What are the components of an object's sensitivity label?






32. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.






33. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.






34. Users need to be Identified individually to provide more precise acces control and auditing functionality.






35. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.






36. When a portion of primary memory is accessed by specifying the actual address of the memory location






37. Execute one instruction at a time.






38. Mediates all access and Functions between subjects and objects.






39. Which Orange Book evaluation level is described as "Verified Design"?






40. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?






41. When the contents of the address defined in the program's instruction is added to that of an index register.






42. The *-Property rule is refered to as ____________.






43. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.






44. The Reserved hard drive space used to to extend RAM capabilites.






45. Requires more stringent authentication mechanisms and well-defined interfaces among layers.






46. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.






47. The Bell-LaPadula model Subjects and Objects are ___________.






48. A1 is also called "Verified Design" and requires formal verification of the design and specifications.






49. Subjects and Objects cannot change their security levels once they have been instantiated (created)






50. The Orange book does NOT Cover ________________ - And Database management systems