SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Used by Windows systems to reserve the "Swap Space"
A Thread
Ring 3
Pagefile.sys file
Disclosure of residual data
2. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.
Division C - Discretionary Protection
Buffer (temporary data storage area)
Security rating B
C1 - Discretionary Security Protection
3. Audit data must be captured and protected to enforce accountability
Certification
Trusted Network Interpretation (TNI)
Accountability - Orange Book
The TCSEC - Aka Orange Book
4. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Division B - Mandatory Protection Architecture
B3
B3 - Security Domains
5. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Evaluated separately
Division B - Mandatory Protection
The Rule is talking about writing
C2
6. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
An abstract machine
Simple Security Rule
Orange Book - B1
Logical addresses
7. Subjects and Objects cannot change their security levels once they have been instantiated (created)
The Tranqulity principle (The Bell-LaPadula Model)
No read down
Direct addressing
Access Matrix model
8. Happen because input data is not checked for appropriate length at time of input
Buffer overflows
A single classification and a Compartment Set
The "No read Up" rule
Division B - Mandatory Protection
9. Based on a known address with an offset value applied.
Pipelining
Mandatory Access Control (MAC)
Life Cycle Assurance Requirement
Relative Addresses
10. Can be erased - modified and upgraded.
Erasable and Programmable Read-Only Memory (EPROM)
B1 - Labeled Security rating
A Limit Register (Memory Management)
Division C - Discretionary Protection
11. In the Bell-LaPadula Model the Object's Label contains ___________________.
Enforces the rules
Its classification label (Top Secret - Secret or confidential)
Multitasking
The Monolithic Operation system Architecture
12. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
Orange Book - B2
The Clark Wilson integrity model
security protection mechanisms
Trusted Distribution
13. The combination of RAM - Cache and the Processor Registers
Orange Book - A1
Primary storage
Most commonly used approach
Subject to Object Model
14. The Policy must be explicit and well defined and enforced by the mechanisms within the system
Implement software or systems in a production environment
The Rule is talking about writing
Indirect addressing
Security Policy - Orange Book
15. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
All Mandatory Access Control (MAC) systems
Ring 3
Labels - Orange Book
Orange Book ratings
16. Certification is a Technical review that assesses the _____________ - where as Accreditation is management's Official acceptance of the information in the Certification process findings.
Covert channels
Security mechanisms and evalautes their effectivenes
Administrative declaration
Implement software or systems in a production environment
17. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
The reference monitor
Relative Addresses
The Simple Security Property
A Limit Register (Memory Management)
18. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle
Integrity
Complex Instruction Set Computers (CISC)
Firmware
A lattice of Intergrity Levels
19. In the Bell-LaPadula Model the Subject's Label contains ___________________.
Orange Book B
Division B - Mandatory Protection
Its Clearance Label (Top Secret - Secret - or Confidential)
Orange Book A
20. What does the * (star) property mean in the Bell-LaPadula model?
No write down
Scalar processors
State machine model
C2
21. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
Overt channel
Dominate the object's sensitivity label
Invocation Property
C2 - Controlled Access Protection
22. Mandatory access control is enfored by the use of security labels.
Access control to the objects by the subjects
A security domain
Division B - Mandatory Protection
A Layered Operating System Architecure
23. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.
Covert channels
Stored in Reak Memory
Most commonly used approach
B1 - Labeled Security rating
24. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
Attributable data
B2 - Structured Protection
D
Dedicated Security Mode
25. What does the simple integrity axiom mean in the Biba model?
A Domain
Life-cycle assurance - O/B
No read down
Dedicated Security Mode
26. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.
Need-to-know
NOT Integrity
A Limit Register (Memory Management)
The "No read Up" rule
27. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.
Division D - Minimal Protection
Life Cycle Assurance Requirement
Multilevel Security Policies
A Thread
28. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
Certification
Reduced Instruction Set Computers (RISC)
B2 rating
The Thread (memory Management)
29. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
Access Matrix model
A security kernel
Prevent secret information from being accessed
Scalar processors
30. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
Division C - Discretionary Protection
The Evaluated Products List (EPL) with their corresponding rating
B3 - Security Domains
Direct Addressing
31. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
Division B - Mandatory Protection
Thrashing
The rule is talking about "Reading"
security protection mechanisms
32. The Availability - Integrity and confidentiality requirements of multitasking operating systems
Fail safe
Orange Book ratings
Protection Rings Support
Division B - Mandatory Protection Architecture
33. A type of memory used for High-speed writing and reading activities.
Accountability - Orange Book
No read down
Cache Memory
Simple Integrity Axiom
34. Contains the ending address
First evaluation class
Direct addressing
Orange Book B
A Limit Register (Memory Management)
35. Contains the beginning address
A Base Register (Memory Management)
Life Cycle Assurance Requirement
B3 - Security Domains
Trusted Network Interpretation (TNI)
36. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.
Subject to Object Model
Orange Book - B1
Administrative declaration
The rule is talking about "Reading"
37. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.
Life-cycle assurance - O/B
Trusted Distribution
Multilevel Security Policies
Covert channels
38. Access control labels must be associated properly with objects.
Orange Book ratings
Mandatory access control
Labels - Orange Book
Storage and timing
39. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
Trusted hardware - Software and Firmware
Ring 1
Models concerned with integrity
Access Matrix model
40. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
C1 - Discretionary Security Protection
NOT Integrity
Security rating B
Programmable Read-Only Memory (PROM)
41. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.
A Layered Operating System Architecure
Orange Book A
The Trusted Computing Base (TCB)
Orange Book interpretations
42. The Orange book does NOT Cover ________________ - And Database management systems
Networks and Communications
An abstract machine
Firmware
Compare the security labels
43. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
The Common Criteria
A1
Division B - Mandatory Protection Architecture
Highly secure systems (B2 - B3 and A1)
44. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
A Thread
D
Orange Book - B2
First evaluation class
45. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.
State machine model
Invocation Property
The Evaluated Products List (EPL) with their corresponding rating
*-Integrity Axiom
46. Data in Cache can be accessed much more quickly than Data
Basic Security Theorem (used in computer science) definition
Overt channel
The security perimeter
Stored in Reak Memory
47. When a portion of primary memory is accessed by specifying the actual address of the memory location
Covert channels
Direct addressing
Controls the checks
B1 - Labeled Security rating
48. System Architecture that separates system functionality into Hierarchical layers
Pipelining
Isolate processes
A Layered Operating System Architecure
An abstract machine
49. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use
Clark-Wilson
Dedicated Security Mode
Examples of Layered Operating Systems
Life-cycle assurance - O/B
50. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.
Dominate the object's sensitivity label
Multiprocessing
Basic Security Theorem (used in computer science) definition
B3 - Rating
