Test your basic knowledge |

CISSP Security Architecture And Design

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
A1 - Rating
The "No write Down" Rule
C1 - Discretionary Security Protection
The Red Book

2. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
All Mandatory Access Control (MAC) systems
security protection mechanisms
In C2 - Controlled Access Protection environment
'Dominate'

3. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle
B2
Attributable - original - accurate - contemporaneous and legible
Complex Instruction Set Computers (CISC)
Attributable data

4. When a portion of primary memory is accessed by specifying the actual address of the memory location
Constrained
Dominate the object's sensitivity label
Direct addressing
'Dominate'

5. Operating System Kernel
B3
Ring 3
Ring 0
B2 rating

6. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?
Trusted facility management
The Evaluated Products List (EPL) with their corresponding rating
Orange Book C
B3

7. Succesfully Evaluated products are placed on?
B1 - Labeled Security
Bell-LaPadula Model
The Evaluated Products List (EPL) with their corresponding rating
Ring 3

8. Applications and user activity
Real storage
The *-Property rule (Star property)
Ring 3
Attributable data

9. The subject must have Need to Know for ONLY the information they are trying to access.
A Domain
Overt channel
System High Security Mode
Swap Space

10. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
Storage and timing
In C2 - Controlled Access Protection environment
Orange Book - B1
The Clark Wilson integrity model

11. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
Division D - Minimal Protection
Constrained
Sensitivity labels
Ring 3

12. What are the components of an object's sensitivity label?
A single classification and a Compartment Set
Fail safe
Continuous protection - O/B
Direct Addressing

13. Access control labels must be associated properly with objects.
Files - directories and devices
Dedicated Security Mode
Labels - Orange Book
Enforces the rules

14. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu
C2 - Controlled Access Protection
A1 - Rating
Security Policy is clearly defined and documented
Mandatory access control

15. According to the Orange Book - trusted facility management is not required for which security levels?
B3 - Security Domains
Division B - Mandatory Protection Architecture
B1
Overt channel

16. A domain of trust that shares a single security policy and single management
Programmable Read-Only Memory (PROM)
Dominate the object's sensitivity label
State machine model
A security domain

17. Which TCSEC level first addresses object reuse?
Life-cycle assurance - O/B
Multitasking
C2
Division D - Minimal Protection

18. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
Overt channel
Highly secure systems (B2 - B3 and A1)
Primary storage
B2 - Structured Protection

19. In the Bell-LaPadula Model the Object's Label contains ___________________.
Clark-Wilson
Ring 1
Its classification label (Top Secret - Secret or confidential)
Clark-Wilson Model

20. A system uses the Reference Monitor to ___________________ of a subject and an object?
Indexed addressing
Compare the security labels
A security kernel
*-Integrity Axiom

21. Based on a known address with an offset value applied.
Swap Space
Invocation Property
B1
Relative Addresses

22. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
The TCSEC - Aka Orange Book
Implement software or systems in a production environment
Ring 2
C2

23. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.
Multilevel Security Policies
Higher or equal to access class
The rule is talking about "Reading"
State machine model

24. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.
Stored in Reak Memory
Models concerned with integrity
Enforces the rules
Basic Security Theorem (used in computer science) definition

25. What prevents a process from accessing another process' data?
TCB (Trusted Computing Base)
Process isolation
Implement software or systems in a production environment
Attributable - original - accurate - contemporaneous and legible

26. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.
The security perimeter
B1 - Labeled Security
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Administrative declaration

27. Mandatory Protection
Orange Book B
An abstract machine
Documentation - Orange Book
B3

28. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
Division B - Mandatory Protection Architecture
Division C - Discretionary Protection
Secondary Storage
The reference monitor

29. The first mathematical model of a multi-level security policy used to define the concept of a secure state - the modes of access - and rules for granting access?
Orange Book - B1
Bell-LaPadula Model
Virtual Memory
Most commonly used approach

30. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object
Secondary Storage
The Security Kernel
Access control to the objects by the subjects
B1 - Labeled Security

31. The assignment of a specific individual to administer the security-related functions of a system.
C2 - Controlled Access Protection
Trusted facility management
Dedicated Security Mode
Reduced Instruction Set Computers (RISC)

32. Audit data must be captured and protected to enforce accountability
A Thread
Virtual Memory
Accountability - Orange Book
No write down

33. When the RAM and secondary storage are combined the result is __________.
Swap Space
Attributable - original - accurate - contemporaneous and legible
Virtual Memory
Pipelining

34. The Availability - Integrity and confidentiality requirements of multitasking operating systems
A security kernel
attributability
B3
Protection Rings Support

35. The group that oversees the processes of evaluation within TCSEC is?
A single classification and a Compartment Set
Mandatory Access Control (MAC)
Trusted Products Evaluation Program (TPEP)
The Simple Security Property

36. Execute one instruction at a time.
B1 - Labeled Security
A Layered Operating System Architecure
Scalar processors
Dedicated Security Mode

37. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
Certification
*-Integrity Axiom
Examples of Layered Operating Systems
Prohibits

38. Bell-LaPadula model was proposed for enforcing access control in _____________________.
NOT Integrity
Documentation - Orange Book
Government and military applications
C1 - Discretionary Security Protection

39. Which addresses a portion of the primary memory by specifying the actual address of the memory location?
Direct Addressing
B3
Certification
Its Clearance Label (Top Secret - Secret - or Confidential)

40. What access control technique is also known as multilevel security?
B2
Mandatory access control
The Integrity of data within applications
Buffer overflows

41. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use
Firmware
The rule is talking about "Reading"
Protection Rings Support
Examples of Layered Operating Systems

42. Another word for Primary storage and distinguishes physical memory from virtual memory.
The Trusted Computing Base (TCB)
A Domain
Thrashing
Real storage

43. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.
Dominate the object's sensitivity label
State machine model
'Dominate'
The Evaluated Products List (EPL) with their corresponding rating

44. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.
A Domain
Ring 0
First evaluation class
Primary storage

45. A1 is also called "Verified Design" and requires formal verification of the design and specifications.
Security Policy
Execution Domain
Orange Book - A1
Storage and timing

46. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.
B3 - Security Domains
A1
B3 - Rating
Ring 2

47. TCSEC provides a means to evaluate ______________________.
The trustworthiness of an information system
Reduced Instruction Set Computers (RISC)
B3 - Rating
Security mechanisms and evalautes their effectivenes

48. Simpler instructions that require fewer clock cycles to execute.
B3 - Rating
The National Computer Security Center (NCSC)
Ring 0
Reduced Instruction Set Computers (RISC)

49. Verification Protection
Orange Book A
The TCSEC - Aka Orange Book
A Domain
Documentation - Orange Book

50. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.
Primary storage
Basic Security Theorem (used in computer science) definition
Life Cycle Assurance Requirement
Ring 2

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Major Subjects
Tests & Exams AP CLEP DSST GRE SAT GMAT	Certifications CISSP go to https://www.isc2.org/ PMP ITIL RHCE MCTS More...	IT Skills Android Programming Data Modeling Objective C Programming Basic Python Programming Adobe Illustrator More...	Business Skills Advertising Techniques Business Accounting Basics Business Strategy Human Resource Management Marketing Basics More...
Soft Skills Body Language People Skills Public Speaking Persuasion Job Hunting And Resumes More...	Vocabulary GRE Vocab SAT Vocab TOEFL Essential Vocab Basic English Words For All Global Words You Should Know Business English More...	Languages AP German Vocab AP Latin Vocab SAT Subject Test: French Italian Survival Norwegian Survival More...	Engineering Audio Engineering Computer Science Engineering Aerospace Engineering Chemical Engineering Structural Engineering More...
Health Sciences Basic Nursing Skills Health Science Language Fundamentals Veterinary Technology Medical Language Cardiology Clinical Surgery More...	English Grammar Fundamentals Literary And Rhetorical Vocab Elements Of Style Vocab Introduction To English Major Complete Advanced Sentences Literature Homonyms More...	Math Algebra Formulas Basic Arithmetic: Measurements Metric Conversions Geometric Properties Important Math Facts Number Sense Vocab Business Math More...	Other Major Subjects Science Economics History Law Performing-arts Cooking Logic & Reasoning Trivia

Test your basic knowledge |

CISSP Security Architecture And Design

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests

Major Subjects

Tests & Exams

Certifications

IT Skills

Business Skills

Soft Skills

Vocabulary

Languages

Engineering

Health Sciences

English

Math

Other Major Subjects

Browse all subjects

Browse all tests

Most popular tests