Test your basic knowledge |

CISSP Security Architecture And Design

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The Bell-LaPadula Model is a _______________.
Need-to-know
Enforces the rules
In C2 - Controlled Access Protection environment
Subject to Object Model

2. Discretionary protection
Absolute addresses
Real storage
C2 - Controlled Access Protection
Orange Book C

3. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object
Security mechanisms and evalautes their effectivenes
Access control to the objects by the subjects
B3 - Rating
Bell-LaPadula Model

4. Happen because input data is not checked for appropriate length at time of input
Multilevel Security Policies
Clark-Wilson Model
Buffer overflows
Secondary Storage

5. In the Bell-LaPadula Model the Object's Label contains ___________________.
Ring 3
Physical security
Its classification label (Top Secret - Secret or confidential)
Constrained

6. Permits a database to have two records that are identical except for Their classifications
Be protected from modification
Polyinstantiation
System High Security Mode
Accountability - Orange Book

7. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
Orange Book - B2
In C2 - Controlled Access Protection environment
B3
Ring 2

8. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
A security kernel
The security kernel
Higher or equal to access class
Orange Book interpretations

9. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system
A and B
Dominate the object's sensitivity label
The Monolithic Operation system Architecture
Access Matrix model

10. Which is an ISO standard product evaluation criteria that supersedes several different criteria
The Common Criteria
Swap Space
'Dominate'
Dedicated Security Mode

11. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
The "No write Down" Rule
Prohibits
B1
B3 - Rating

12. According to the Orange Book - trusted facility management is not required for which security levels?
attributability
B1
Secondary Storage
Multilevel Security Policies

13. Which in the Orange Book ratings represents the highest level of trust?
B2
A and B
Higher or equal to access class
Basic Security Theorem (used in computer science) definition

14. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use
A Thread
Buffer (temporary data storage area)
Identification - Orange Book
Examples of Layered Operating Systems

15. In both the Bell-LaPadula and Biba Models if the word "* or Star is used - _______________.
The Rule is talking about writing
Multitasking
Ring 1
Ring 2

16. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.
Compare the security labels
B3 - Security Domains
A Domain
attributability

17. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
security protection mechanisms
Division D - Minimal Protection
The Thread (memory Management)
The *-Property rule (Star property)

18. What is called the formal acceptance of the adequacy of a system's overall security by management?
Scalar processors
Accreditation
The Tranqulity principle (The Bell-LaPadula Model)
The Thread (memory Management)

19. Each data object must contain a classification label and each subject must have a clearance label.
B1 - Labeled Security
Bell-LaPadula Model
State machine model
B2 - Structured Protection

20. The Biba Model adresses _____________________.
The Integrity of data within applications
Multitasking
Attributable data
The security kernel

21. The Policy must be explicit and well defined and enforced by the mechanisms within the system
The reference monitor
attributability
Security Policy - Orange Book
Indirect addressing

22. When a portion of primary memory is accessed by specifying the actual address of the memory location
Direct addressing
Complex Instruction Set Computers (CISC)
Documentation - Orange Book
Dedicated Security Mode

23. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
C2
A security kernel
NOT Integrity
C1 - Discrection Security Protection is a type of environment

24. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.
A Domain
A lattice of Intergrity Levels
An abstract machine
The "No write Down" Rule

25. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
Security rating B
The Rule is talking about writing
Disclosure of residual data
All Mandatory Access Control (MAC) systems

26. Based on a known address with an offset value applied.
Security mechanisms and evalautes their effectivenes
Relative Addresses
A Domain
A Base Register (Memory Management)

27. The assignment of a specific individual to administer the security-related functions of a system.
Covert channels
The security perimeter
Identification - Orange Book
Trusted facility management

28. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
Bell-LaPadula Model
The Clark Wilson integrity model
B3
A Limit Register (Memory Management)

29. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
Bell-LaPadula Model
No read down
The Red Book
The Simple Security Property

30. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
Prevent secret information from being accessed
Dominate the object's sensitivity label
A1 - Rating
Access Matrix model

31. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
C1 - Discretionary Security Protection
Orange Book C
Labels - Orange Book
Logical addresses

32. Bell-LaPadula model was proposed for enforcing access control in _____________________.
Government and military applications
First evaluation class
The "No write Down" Rule
Continuous protection - O/B

33. What are the components of an object's sensitivity label?
A single classification and a Compartment Set
Administrative declaration
Subject to Object Model
Ring 3

34. The Reserved hard drive space used to to extend RAM capabilites.
Swap Space
Division D - Minimal Protection
Clark-Wilson
Highly secure systems (B2 - B3 and A1)

35. Which increases the performance in a computer by overlapping the steps of different instructions?
The reference monitor
Compare the security labels
Pipelining
Prevent secret information from being accessed

36. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?
D
Fail safe
The Trusted Computing Base (TCB)
attributability

37. TCB contains The Security Kernel and all ______________.
Simple Integrity Axiom
Orange Book - A1
security protection mechanisms
Models concerned with integrity

38. In the Bell-LaPadula Model the Subject's Label contains ___________________.
Orange Book ratings
The Biba Model
Its Clearance Label (Top Secret - Secret - or Confidential)
Polyinstantiation

39. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.
Programmable Read-Only Memory (PROM)
Need-to-know
The TCSEC - Aka Orange Book
Most commonly used approach

40. Which can be used as a covert channel?
Storage and timing
Need-to-know
Execution Domain
A security kernel

41. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.
Trusted Network Interpretation (TNI)
Basic Security Theorem (used in computer science) definition
The Security Kernel
NOT Integrity

42. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
B3
C2
B3 - Security Domains
C1 - Discrection Security Protection is a type of environment

43. Operating System Kernel
C1 - Discretionary Security Protection
Trusted Distribution
Ring 0
B3 - Rating

44. What does the * (star) property mean in the Bell-LaPadula model?
Be protected from modification
No write down
Controls the checks
C1 - Discrection Security Protection is a type of environment

45. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Division D - Minimal Protection
Evaluated separately
C2 - Controlled Access Protection
Orange Book - B1

46. In access control terms - the word "dominate" refers to ___________.
Compare the security labels
Higher or equal to access class
Its classification label (Top Secret - Secret or confidential)
Mandatory Access Control (MAC)

47. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu
Division B - Mandatory Protection Architecture
Enforces the rules
Security Policy is clearly defined and documented
Trusted hardware - Software and Firmware

48. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs
An abstract machine
Secondary Storage
B3
C2 - Controlled Access Protection

49. What prevents a process from accessing another process' data?
Process isolation
The Integrity of data within applications
Thrashing
Orange Book - B3

50. Contains the ending address
Security rating B
A Limit Register (Memory Management)
B2
Orange Book ratings

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Major Subjects
Tests & Exams AP CLEP DSST GRE SAT GMAT	Certifications CISSP go to https://www.isc2.org/ PMP ITIL RHCE MCTS More...	IT Skills Android Programming Data Modeling Objective C Programming Basic Python Programming Adobe Illustrator More...	Business Skills Advertising Techniques Business Accounting Basics Business Strategy Human Resource Management Marketing Basics More...
Soft Skills Body Language People Skills Public Speaking Persuasion Job Hunting And Resumes More...	Vocabulary GRE Vocab SAT Vocab TOEFL Essential Vocab Basic English Words For All Global Words You Should Know Business English More...	Languages AP German Vocab AP Latin Vocab SAT Subject Test: French Italian Survival Norwegian Survival More...	Engineering Audio Engineering Computer Science Engineering Aerospace Engineering Chemical Engineering Structural Engineering More...
Health Sciences Basic Nursing Skills Health Science Language Fundamentals Veterinary Technology Medical Language Cardiology Clinical Surgery More...	English Grammar Fundamentals Literary And Rhetorical Vocab Elements Of Style Vocab Introduction To English Major Complete Advanced Sentences Literature Homonyms More...	Math Algebra Formulas Basic Arithmetic: Measurements Metric Conversions Geometric Properties Important Math Facts Number Sense Vocab Business Math More...	Other Major Subjects Science Economics History Law Performing-arts Cooking Logic & Reasoning Trivia

Test your basic knowledge |

CISSP Security Architecture And Design

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests

Major Subjects

Tests & Exams

Certifications

IT Skills

Business Skills

Soft Skills

Vocabulary

Languages

Engineering

Health Sciences

English

Math

Other Major Subjects

Browse all subjects

Browse all tests

Most popular tests