Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?






2. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?






3. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked






4. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.






5. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.






6. Documentation must be provided - including test - design - and specification document - user guides and manuals






7. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu






8. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.






9. What model use an access control triples and requires that the system maintain separation of duty ?






10. In the Bell-LaPadula Model the Object's Label contains ___________________.






11. The first mathematical model of a multi-level security policy used to define the concept of a secure state - the modes of access - and rules for granting access?






12. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.






13. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.






14. The group that oversees the processes of evaluation within TCSEC is?






15. The security kernel is the mechanism that _____________ of the reference monitor concept.






16. Which describe a condition when RAM and Secondary storage are used together?






17. Requires more stringent authentication mechanisms and well-defined interfaces among layers.






18. As per FDA data should be ______________________________.






19. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.






20. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system






21. Which in the Orange Book ratings represents the highest level of trust?






22. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.






23. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m






24. The Biba Model adresses _____________________.






25. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.






26. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.






27. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)






28. The subject must have Need to Know for ONLY the information they are trying to access.






29. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.






30. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection






31. Which Orange Book evaluation level is described as "Verified Design"?






32. The *-Property rule is refered to as ____________.






33. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.






34. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.






35. Permits a database to have two records that are identical except for Their classifications






36. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.






37. Users need to be Identified individually to provide more precise acces control and auditing functionality.






38. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.






39. Access control labels must be associated properly with objects.






40. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.






41. In access control terms - the word "dominate" refers to ___________.






42. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.






43. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use






44. In ______________ the subject must have: Need to Know for ALL the information contained within the system.






45. Levels of Security and Levels of Trust Lower Letters of the alphabet represent higher levels of security. Higher numbers indicate a greater level of trust.






46. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)






47. Mandatory access control is enfored by the use of security labels.






48. The Reserved hard drive space used to to extend RAM capabilites.






49. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.






50. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data