Test your basic knowledge |

CISSP Security Architecture And Design

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
Orange Book - B3
Access control to the objects by the subjects
'Dominate'
A Thread

2. The first mathematical model of a multi-level security policy used to define the concept of a secure state - the modes of access - and rules for granting access?
Bell-LaPadula Model
Clark-Wilson Model
attributability
Certification

3. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
The Red Book
Higher or equal to access class
Access Matrix model
Secondary Storage

4. Subjects and Objects cannot change their security levels once they have been instantiated (created)
Scalar processors
The Tranqulity principle (The Bell-LaPadula Model)
Security mechanisms and evalautes their effectivenes
Division B - Mandatory Protection Architecture

5. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
First evaluation class
Thrashing
Scalar processors
Prevent secret information from being accessed

6. Which would be designated as objects on a MAC system?
Accountability - Orange Book
Networks and Communications
Files - directories and devices
B3 - Rating

7. Execute one instruction at a time.
Security Policy is clearly defined and documented
Reduced Instruction Set Computers (RISC)
Scalar processors
Evaluated separately

8. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
Division B - Mandatory Protection Architecture
Process isolation
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Trusted Network Interpretation (TNI)

9. Which can be used as a covert channel?
Constrained
The TCSEC - Aka Orange Book
security protection mechanisms
Storage and timing

10. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
Multitasking
Invocation Property
A1 - Rating
Stored in Reak Memory

11. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.
The TCSEC - Aka Orange Book
C2 - Controlled Access Protection
A security kernel
Electrically Erasable and Programmable Read-Only Memory (EEPROM)

12. Verification Protection
Orange Book B
Basic Security Theorem (used in computer science) definition
The *-Property rule (Star property)
Orange Book A

13. When a vendor submits a product for evaluation - it submits it to the ____________.
NOT Integrity
The *-Property rule (Star property)
The National Computer Security Center (NCSC)
Isolate processes

14. Involves sharing the processor amoung all ready processes
Direct addressing
Be protected from modification
No write down
Multitasking

15. A subject at a given clearance may not read an object at a higher classification
Higher or equal to access class
The Simple Security Property
Its classification label (Top Secret - Secret or confidential)
The trustworthiness of an information system

16. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)
Execution Domain
'Dominate'
Labels - Orange Book
Firmware

17. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
A and B
Documentation - Orange Book
Fail safe
B3 - Security Domains

18. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.
Labels - Orange Book
Attributable data
First evaluation class
All Mandatory Access Control (MAC) systems

19. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.
Erasable and Programmable Read-Only Memory (EPROM)
First evaluation class
The Trusted Computing Base (TCB)
Documentation - Orange Book

20. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
Ring 2
Controls the checks
Life-cycle assurance - O/B
Dedicated Security Mode

21. The total combination of protection mechanisms within a computer system
Implement software or systems in a production environment
TCB (Trusted Computing Base)
C1 - Discrection Security Protection is a type of environment
B3 - Security Domains

22. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
An abstract machine
B3 - Security Domains
Integrity
In C2 - Controlled Access Protection environment

23. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards
C1 - Discretionary Security Protection
Division B - Mandatory Protection Architecture
Stored in Reak Memory
Administrative declaration

24. What does the simple security (ss) property mean in the Bell-LaPadula model?
Controls the checks
No read up
Thrashing
Physical security

25. Which Orange Book evaluation level is described as "Discretionary Security Protection"?
Basic Security Theorem (used in computer science) definition
Dedicated Security Mode
A1
C1

26. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use
C2
B2 - Structured Protection
Examples of Layered Operating Systems
Bell-LaPadula Model

27. The Policy must be explicit and well defined and enforced by the mechanisms within the system
Security Policy - Orange Book
C2
The "No write Down" Rule
Complex Instruction Set Computers (CISC)

28. The combination of RAM - Cache and the Processor Registers
Primary storage
Constrained
Real storage
In C2 - Controlled Access Protection environment

29. Operating System Kernel
Ring 3
Be protected from modification
Ring 0
Dominate the object's sensitivity label

30. Mandatory Protection
The security perimeter
Disclosure of residual data
Orange Book B
Government and military applications

31. Mandatory access control is enfored by the use of security labels.
Its Clearance Label (Top Secret - Secret - or Confidential)
Trusted Products Evaluation Program (TPEP)
Division B - Mandatory Protection
Higher or equal to access class

32. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.
The reference monitor
Security mechanisms and evalautes their effectivenes
Multiprocessing
The rule is talking about "Reading"

33. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.
A Layered Operating System Architecure
Basic Security Theorem (used in computer science) definition
Virtual storage
System High Security Mode

34. What is called the formal acceptance of the adequacy of a system's overall security by management?
Invocation Property
Ring 0
Be protected from modification
Accreditation

35. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
Division B - Mandatory Protection Architecture
Most commonly used approach
Overt channel
State machine model

36. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
C2
The reference monitor
A security domain
Trusted Distribution

37. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
Storage and timing
Execution Domain
The Clark Wilson integrity model
Division C - Discretionary Protection

38. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.
*-Integrity Axiom
security protection mechanisms
Multilevel Security Policies
The National Computer Security Center (NCSC)

39. What does the * (star) property mean in the Bell-LaPadula model?
Ring 1
Invocation Property
A lattice of Intergrity Levels
No write down

40. What does the Clark-Wilson security model focus on
Integrity
Need-to-know
Mandatory Access Control (MAC)
Trusted Network Interpretation (TNI)

41. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?
Certification
Disclosure of residual data
Identification - Orange Book
Life Cycle Assurance Requirement

42. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
Orange Book B
The Red Book
Be protected from modification
B2 rating

43. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?
Thrashing
Attributable - original - accurate - contemporaneous and legible
B3
Access Matrix model

44. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.
C1 - Discrection Security Protection is a type of environment
Dominate the object's sensitivity label
Trusted Network Interpretation (TNI)
C2 - Controlled Access Protection

45. A1 is also called "Verified Design" and requires formal verification of the design and specifications.
State machine model
Execution Domain
Orange Book - A1
The Strong star property rule

46. Users need to be Identified individually to provide more precise acces control and auditing functionality.
Prevent secret information from being accessed
C2 - Controlled Access Protection
The "No read Up" rule
Prohibits

47. Which TCSEC level first addresses object reuse?
Mandatory access control
Reduced Instruction Set Computers (RISC)
C2 - Controlled Access Protection
C2

48. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
No read up
Access Matrix model
Simple Security Rule
A1 - Rating

49. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.
Most commonly used approach
Trusted Distribution
Orange Book ratings
No read down

50. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
Erasable and Programmable Read-Only Memory (EPROM)
Trusted Distribution
Protection Rings Support
Secondary Storage

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Major Subjects
Tests & Exams AP CLEP DSST GRE SAT GMAT	Certifications CISSP go to https://www.isc2.org/ PMP ITIL RHCE MCTS More...	IT Skills Android Programming Data Modeling Objective C Programming Basic Python Programming Adobe Illustrator More...	Business Skills Advertising Techniques Business Accounting Basics Business Strategy Human Resource Management Marketing Basics More...
Soft Skills Body Language People Skills Public Speaking Persuasion Job Hunting And Resumes More...	Vocabulary GRE Vocab SAT Vocab TOEFL Essential Vocab Basic English Words For All Global Words You Should Know Business English More...	Languages AP German Vocab AP Latin Vocab SAT Subject Test: French Italian Survival Norwegian Survival More...	Engineering Audio Engineering Computer Science Engineering Aerospace Engineering Chemical Engineering Structural Engineering More...
Health Sciences Basic Nursing Skills Health Science Language Fundamentals Veterinary Technology Medical Language Cardiology Clinical Surgery More...	English Grammar Fundamentals Literary And Rhetorical Vocab Elements Of Style Vocab Introduction To English Major Complete Advanced Sentences Literature Homonyms More...	Math Algebra Formulas Basic Arithmetic: Measurements Metric Conversions Geometric Properties Important Math Facts Number Sense Vocab Business Math More...	Other Major Subjects Science Economics History Law Performing-arts Cooking Logic & Reasoning Trivia

Test your basic knowledge |

CISSP Security Architecture And Design

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests

Major Subjects

Tests & Exams

Certifications

IT Skills

Business Skills

Soft Skills

Vocabulary

Languages

Engineering

Health Sciences

English

Math

Other Major Subjects

Browse all subjects

Browse all tests

Most popular tests