SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which can be used as a covert channel?
Storage and timing
The Red Book
Simple Integrity Axiom
Constrained
2. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu
Security Policy is clearly defined and documented
Assigned labels
Orange Book - B1
Primary storage
3. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.
Controls the checks
attributability
B1
Mandatory Access Control (MAC)
4. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.
Multiprocessing
The Integrity of data within applications
Relative Addresses
Physical security
5. When a computer uses more than one CPU in parallel to execute instructions is known as?
Trusted facility management
Files - directories and devices
The reference monitor
Multiprocessing
6. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.
Ring 2
Operational assurance requirements
Controls the checks
Multitasking
7. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.
A Limit Register (Memory Management)
B2 rating
Execution Domain
Pagefile.sys file
8. A domain of trust that shares a single security policy and single management
Thrashing
Covert channels
No read up
A security domain
9. Minimal Security
The security perimeter
Orange Book - D
Fail safe
C2 - Controlled Access Protection
10. When the RAM and secondary storage are combined the result is __________.
Virtual Memory
Its classification label (Top Secret - Secret or confidential)
B2 rating
First evaluation class
11. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.
The *-Property rule (Star property)
The National Computer Security Center (NCSC)
Compare the security labels
Orange Book - B2
12. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m
Networks and Communications
A Domain
C2 - Controlled Access Protection
Attributable - original - accurate - contemporaneous and legible
13. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.
Thrashing
The TCSEC - Aka Orange Book
C1 - Discretionary Security Protection
C2 - Controlled Access Protection
14. The Reserved hard drive space used to to extend RAM capabilites.
Operational assurance requirements
Swap Space
Orange Book interpretations
C2
15. The security kernel is the mechanism that _____________ of the reference monitor concept.
Access Matrix model
Clark-Wilson Model
Enforces the rules
Simple Security Rule
16. Mandatory Access requires that _____________ be attached to all objects.
A Limit Register (Memory Management)
Absolute addresses
Sensitivity labels
Its Clearance Label (Top Secret - Secret - or Confidential)
17. What model use an access control triples and requires that the system maintain separation of duty ?
Storage and timing
Clark-Wilson
Cache Memory
No read down
18. Which uses Protection Profiles and Security Targets?
Multitasking
Division D - Minimal Protection
Assigned labels
International Standard 15408
19. Contains the ending address
Totality of protection mechanisms
Trusted Distribution
A Limit Register (Memory Management)
Clark-Wilson
20. The Physical memory address that the CPU uses
C2
Absolute addresses
The Common Criteria
Networks and Communications
21. Users need to be Identified individually to provide more precise acces control and auditing functionality.
The TCSEC - Aka Orange Book
C2 - Controlled Access Protection
Security Policy
Its classification label (Top Secret - Secret or confidential)
22. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
Programmable Read-Only Memory (PROM)
The Red Book
Controls the checks
Sensitivity labels
23. Can be erased - modified and upgraded.
Security mechanisms and evalautes their effectivenes
The security kernel
Need-to-know
Erasable and Programmable Read-Only Memory (EPROM)
24. The Bell-LaPadula Model is a _______________.
Compare the security labels
Networks and Communications
Multiprocessing
Subject to Object Model
25. Documentation must be provided - including test - design - and specification document - user guides and manuals
Division B - Mandatory Protection Architecture
Documentation - Orange Book
Examples of Layered Operating Systems
The Strong star property rule
26. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
An abstract machine
Its Clearance Label (Top Secret - Secret - or Confidential)
The reference monitor
Security Policy - Orange Book
27. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
In C2 - Controlled Access Protection environment
Documentation - Orange Book
Logical addresses
Virtual storage
28. The Biba Model adresses _____________________.
No write down
The Integrity of data within applications
Simple Integrity Axiom
Assigned labels
29. What are the components of an object's sensitivity label?
A single classification and a Compartment Set
Erasable and Programmable Read-Only Memory (EPROM)
Accountability - Orange Book
The Trusted Computing Base (TCB)
30. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
D
Enforces the rules
Thrashing
The Simple Security Property
31. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.
Continuous protection - O/B
Dominate the object's sensitivity label
The security perimeter
The "No read Up" rule
32. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs
C2
B3
Secondary Storage
Ring 2
33. Each data object must contain a classification label and each subject must have a clearance label.
B2
Primary storage
Clark-Wilson
B1 - Labeled Security
34. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.
Dedicated Security Mode
C2
Orange Book - B1
Indirect addressing
35. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.
Primary storage
The trustworthiness of an information system
Multilevel Security Policies
A lattice of Intergrity Levels
36. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
Certification
Physical security
Compare the security labels
B2 rating
37. Used by Windows systems to reserve the "Swap Space"
Pagefile.sys file
Direct addressing
Implement software or systems in a production environment
A security kernel
38. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system
Real storage
Isolate processes
Simple Security Rule
Direct addressing
39. Which Orange Book evaluation level is described as "Verified Design"?
A1
Stored in Reak Memory
attributability
An abstract machine
40. Access control labels must be associated properly with objects.
A single classification and a Compartment Set
Labels - Orange Book
Storage and timing
Its Clearance Label (Top Secret - Secret - or Confidential)
41. Security Labels are not required until __________; thus C2 does not require security labels but B1 does
Labels - Orange Book
State machine model
Logical addresses
Security rating B
42. A system uses the Reference Monitor to ___________________ of a subject and an object?
The "No read Up" rule
The Monolithic Operation system Architecture
Multilevel Security Policies
Compare the security labels
43. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
security protection mechanisms
Ring 0
Life-cycle assurance - O/B
Identification - Orange Book
44. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
Real storage
Swap Space
Controlling unauthorized downgrading of information
Basic Security Theorem (used in computer science) definition
45. The Red Book aka Trusted Network Interpretation (TNI) - provides _________________ for Trusted computer and communications network systems under the areas of assurance requirements
Orange Book C
Scalar processors
Orange Book interpretations
C2 - Controlled Access Protection
46. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
Complex Instruction Set Computers (CISC)
Secondary Storage
C2 - Controlled Access Protection
B3 - Security Domains
47. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
Compare the security labels
Operational assurance requirements
Bell-LaPadula Model
Models concerned with integrity
48. Components considered as part of the Trusted Computing Base (from the Orange Book) are?
The Security Kernel
Trusted hardware - Software and Firmware
B1 - Labeled Security
Isolate processes
49. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use
The TCSEC - Aka Orange Book
Be protected from modification
The security perimeter
Examples of Layered Operating Systems
50. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.
The security perimeter
Trusted facility management
First evaluation class
The Biba Model
