Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The Reserved hard drive space used to to extend RAM capabilites.






2. Contains an Address of where the instruction and dara reside that need to be processed.






3. The Red Book aka Trusted Network Interpretation (TNI) - provides _________________ for Trusted computer and communications network systems under the areas of assurance requirements






4. A Policy based control. All objects and systems have a sensitivity level assigned to them






5. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity






6. When the contents of the address defined in the program's instruction is added to that of an index register.






7. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.






8. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.






9. Which uses Protection Profiles and Security Targets?






10. As per FDA data should be ______________________________.






11. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu






12. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs






13. Should always trace to individuals responsible for observing and recording the data






14. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked






15. The total combination of protection mechanisms within a computer system






16. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.






17. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?






18. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when






19. Audit data must be captured and protected to enforce accountability






20. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.






21. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.






22. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.






23. Which describe a condition when RAM and Secondary storage are used together?






24. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise






25. The C2 evaluation class of the _________________ offers controlled access protection.






26. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.






27. Which Orange Book evaluation level is described as "Discretionary Security Protection"?






28. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?






29. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.






30. Applications and user activity






31. Using TPs (Transformation Procedures) to modify CDIs (Constrained Data) items is refered to as Well-Formed transaction






32. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.






33. TCB contains The Security Kernel and all ______________.






34. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.






35. According to the Orange Book - trusted facility management is not required for which security levels?






36. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.






37. The Simple Security rule is refered to as______________.






38. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?






39. The Biba Model adresses _____________________.






40. Mediates all access and Functions between subjects and objects.






41. A1 is also called "Verified Design" and requires formal verification of the design and specifications.






42. System Architecture that separates system functionality into Hierarchical layers






43. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.






44. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.






45. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.






46. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.






47. Subjects and Objects cannot change their security levels once they have been instantiated (created)






48. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.






49. What does the simple security (ss) property mean in the Bell-LaPadula model?






50. Trusted facility management is an assurance requirement only for ________________.






Can you answer 50 questions in 15 minutes?



Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests