SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
Orange Book B
Controls the checks
C2
The Red Book
2. Levels of Security and Levels of Trust Lower Letters of the alphabet represent higher levels of security. Higher numbers indicate a greater level of trust.
Prevent secret information from being accessed
Prohibits
Orange Book ratings
Attributable data
3. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
C1
C2 - Controlled Access Protection
Invocation Property
A and B
4. Bell-LaPadula Model -______________: A subject in a given security level can NOT WRITE information to a LOWER security level.
Trusted facility management
The *-Property rule (Star property)
C2 - Controlled Access Protection
Simple Integrity Axiom
5. Discretionary protection
Scalar processors
Orange Book C
Invocation Property
International Standard 15408
6. Data in Cache can be accessed much more quickly than Data
Stored in Reak Memory
Dedicated Security Mode
D
C2 - Controlled Access Protection
7. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.
The security perimeter
Orange Book B
The Simple Security Property
Orange Book ratings
8. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Multilevel Security Policies
Disclosure of residual data
B3
Evaluated separately
9. Audit data must be captured and protected to enforce accountability
Reduced Instruction Set Computers (RISC)
Accountability - Orange Book
Indirect addressing
All Mandatory Access Control (MAC) systems
10. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
The Tranqulity principle (The Bell-LaPadula Model)
The Clark Wilson integrity model
A Domain
An abstract machine
11. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
The "No read Up" rule
The security kernel
Orange Book - B1
Its classification label (Top Secret - Secret or confidential)
12. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
Implement software or systems in a production environment
Trusted Network Interpretation (TNI)
B3 - Security Domains
Thrashing
13. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
Types of covert channels
The Clark Wilson integrity model
Ring 3
Process isolation
14. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)
Firmware
The Biba Model
B3
Mandatory Access Control (MAC)
15. Which can be used as a covert channel?
The trustworthiness of an information system
Storage and timing
Thrashing
Multiprocessing
16. Which is an ISO standard product evaluation criteria that supersedes several different criteria
Thrashing
The Common Criteria
Invocation Property
In C2 - Controlled Access Protection environment
17. System Architecture that separates system functionality into Hierarchical layers
The Common Criteria
A Thread
A Base Register (Memory Management)
A Layered Operating System Architecure
18. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.
Administrative declaration
Security rating B
Execution Domain
Erasable and Programmable Read-Only Memory (EPROM)
19. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
C2
Dedicated Security Mode
Government and military applications
Be protected from modification
20. Contains an Address of where the instruction and dara reside that need to be processed.
Disclosure of residual data
The Thread (memory Management)
Execution Domain
Higher or equal to access class
21. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
In C2 - Controlled Access Protection environment
A1
Prohibits
Basic Security Theorem (used in computer science) definition
22. Users need to be Identified individually to provide more precise acces control and auditing functionality.
Networks and Communications
Attributable data
The National Computer Security Center (NCSC)
C2 - Controlled Access Protection
23. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
The reference monitor
A Thread
B1 - Labeled Security rating
Programmable Read-Only Memory (PROM)
24. The Security Model Incorporates the ____________ that should be enforced in the system.
Be protected from modification
Implement software or systems in a production environment
Orange Book - D
Security Policy
25. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
The Thread (memory Management)
Evaluated separately
Models concerned with integrity
The National Computer Security Center (NCSC)
26. Each data object must contain a classification label and each subject must have a clearance label.
System High Security Mode
Ring 3
Clark-Wilson
B1 - Labeled Security
27. Contains the ending address
The "No write Down" Rule
A Limit Register (Memory Management)
Multilevel Security Policies
Examples of Layered Operating Systems
28. Minimal Security
Swap Space
Mandatory Access Control (MAC)
Orange Book - D
Invocation Property
29. The subject must have Need to Know for ONLY the information they are trying to access.
Fail safe
System High Security Mode
Disclosure of residual data
The reference monitor
30. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
Certification
The Tranqulity principle (The Bell-LaPadula Model)
Overt channel
System High Security Mode
31. According to the Orange Book - trusted facility management is not required for which security levels?
B1
B3 - Rating
Enforces the rules
The Evaluated Products List (EPL) with their corresponding rating
32. Subjects and Objects cannot change their security levels once they have been instantiated (created)
The Tranqulity principle (The Bell-LaPadula Model)
Continuous protection - O/B
Ring 2
*-Integrity Axiom
33. Permits a database to have two records that are identical except for Their classifications
A and B
Polyinstantiation
Swap Space
Access control to the objects by the subjects
34. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"
The Security Kernel
Documentation - Orange Book
Integrity
Simple Integrity Axiom
35. When the address location that is specified in the program instruction contains the address of the final desired location.
Accreditation
Indirect addressing
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Direct addressing
36. When a portion of primary memory is accessed by specifying the actual address of the memory location
Higher or equal to access class
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Pipelining
Direct addressing
37. Should always trace to individuals responsible for observing and recording the data
Swap Space
Attributable data
Documentation - Orange Book
Dominate the object's sensitivity label
38. A domain of trust that shares a single security policy and single management
A security domain
A Layered Operating System Architecure
Certification
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
39. Bell-LaPadula model was proposed for enforcing access control in _____________________.
Government and military applications
The security perimeter
Orange Book - B1
Physical security
40. The combination of RAM - Cache and the Processor Registers
Primary storage
B1 - Labeled Security rating
Most commonly used approach
Access Matrix model
41. What does the Clark-Wilson security model focus on
Integrity
Labels - Orange Book
Mandatory Access Control (MAC)
B2 - Structured Protection
42. The *-Property rule is refered to as ____________.
Storage and timing
The "No write Down" Rule
No write down
Direct Addressing
43. Operating System Kernel
Ring 0
Identification - Orange Book
Life-cycle assurance - O/B
Simple Security Rule
44. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.
Protection Rings Support
C2
First evaluation class
attributability
45. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
Clark-Wilson Model
The TCSEC - Aka Orange Book
The "No write Down" Rule
Division C - Discretionary Protection
46. Happen because input data is not checked for appropriate length at time of input
Buffer overflows
Covert channels
The Monolithic Operation system Architecture
attributability
47. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.
The reference monitor
Direct addressing
Programmable Read-Only Memory (PROM)
C2 - Controlled Access Protection
48. Contains the beginning address
A Base Register (Memory Management)
Identification - Orange Book
International Standard 15408
Invocation Property
49. The C2 evaluation class of the _________________ offers controlled access protection.
Security rating B
Simple Integrity Axiom
Orange Book C
Trusted Network Interpretation (TNI)
50. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.
Operational assurance requirements
Examples of Layered Operating Systems
International Standard 15408
Prohibits