Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In both the Bell-LaPadula and Biba Models if the word "* or Star is used - _______________.






2. Levels of Security and Levels of Trust Lower Letters of the alphabet represent higher levels of security. Higher numbers indicate a greater level of trust.






3. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when






4. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.






5. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.






6. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise






7. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?






8. Subjects and Objects cannot change their security levels once they have been instantiated (created)






9. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain






10. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system






11. When the address location that is specified in the program instruction contains the address of the final desired location.






12. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.






13. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.






14. Which increases the performance in a computer by overlapping the steps of different instructions?






15. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection






16. According to the Orange Book - trusted facility management is not required for which security levels?






17. The first mathematical model of a multi-level security policy used to define the concept of a secure state - the modes of access - and rules for granting access?






18. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.






19. In ______________ the subject must have: Need to Know for ALL the information contained within the system.






20. Involves sharing the processor amoung all ready processes






21. Users need to be Identified individually to provide more precise acces control and auditing functionality.






22. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.






23. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.






24. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.






25. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.






26. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.






27. Applications and user activity






28. Which describe a condition when RAM and Secondary storage are used together?






29. Can be erased - modified and upgraded.






30. TCSEC provides a means to evaluate ______________________.






31. Security Labels are not required until __________; thus C2 does not require security labels but B1 does






32. Happen because input data is not checked for appropriate length at time of input






33. As per FDA data should be ______________________________.






34. The Orange book requires protection against two_____________ - which are these Timing and Storage






35. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.






36. Intended for environments that require systems to handle classified data.






37. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.






38. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?






39. When a computer uses more than one CPU in parallel to execute instructions is known as?






40. Used by Windows systems to reserve the "Swap Space"






41. The TCB is the ________________ within a computer system that work together to enforce a security policy.






42. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs






43. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"






44. Another word for Primary storage and distinguishes physical memory from virtual memory.






45. Should always trace to individuals responsible for observing and recording the data






46. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?






47. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.






48. The assignment of a specific individual to administer the security-related functions of a system.






49. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu






50. Based on a known address with an offset value applied.







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests