SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
Orange Book - B3
TCB (Trusted Computing Base)
No read down
Clark-Wilson
2. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.
Invocation Property
security protection mechanisms
C1 - Discrection Security Protection is a type of environment
The security perimeter
3. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
C2 - Controlled Access Protection
Orange Book B
attributability
Overt channel
4. Another word for Primary storage and distinguishes physical memory from virtual memory.
Invocation Property
Division D - Minimal Protection
Real storage
The security kernel
5. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m
Government and military applications
C2 - Controlled Access Protection
Ring 1
Security Policy is clearly defined and documented
6. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.
Protection Rings Support
Operational assurance requirements
NOT Integrity
Attributable - original - accurate - contemporaneous and legible
7. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.
A lattice of Intergrity Levels
Attributable - original - accurate - contemporaneous and legible
Process isolation
Ring 2
8. The Security Model Incorporates the ____________ that should be enforced in the system.
Security Policy
Mandatory Access Control (MAC)
Pipelining
No write down
9. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
Trusted Distribution
B2 rating
Documentation - Orange Book
The security kernel
10. In access control terms - the word "dominate" refers to ___________.
Higher or equal to access class
The security kernel
Operational assurance requirements
The security perimeter
11. The Physical memory address that the CPU uses
An abstract machine
Absolute addresses
A Layered Operating System Architecure
Trusted Products Evaluation Program (TPEP)
12. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
Basic Security Theorem (used in computer science) definition
B3 - Security Domains
Invocation Property
D
13. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.
The Rule is talking about writing
Orange Book - B1
Orange Book ratings
B1 - Labeled Security rating
14. The C2 evaluation class of the _________________ offers controlled access protection.
Multiprocessing
Trusted Network Interpretation (TNI)
Protection Rings Support
Invocation Property
15. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
Isolate processes
Clark-Wilson
The Clark Wilson integrity model
Prohibits
16. The *-Property rule is refered to as ____________.
The "No write Down" Rule
attributability
B2 rating
The rule is talking about "Reading"
17. A Policy based control. All objects and systems have a sensitivity level assigned to them
The security perimeter
C2 - Controlled Access Protection
The Security Kernel
Mandatory Access Control (MAC)
18. According to the Orange Book - trusted facility management is not required for which security levels?
B3
Attributable data
B1
Pagefile.sys file
19. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
Buffer overflows
C1 - Discretionary Security Protection
State machine model
C2
20. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain
Operational assurance requirements
Dominate the object's sensitivity label
Constrained
Attributable - original - accurate - contemporaneous and legible
21. What model use an access control triples and requires that the system maintain separation of duty ?
Clark-Wilson
Orange Book C
Virtual storage
The Biba Model
22. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
Compare the security labels
Division B - Mandatory Protection Architecture
Security Policy is clearly defined and documented
Dedicated Security Mode
23. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.
State machine model
Polyinstantiation
Trusted facility management
Be protected from modification
24. What access control technique is also known as multilevel security?
C2
Pipelining
Mandatory access control
Subject to Object Model
25. A1 is also called "Verified Design" and requires formal verification of the design and specifications.
Programmable Read-Only Memory (PROM)
B1 - Labeled Security rating
C1 - Discretionary Security Protection
Orange Book - A1
26. System Architecture that separates system functionality into Hierarchical layers
TCB (Trusted Computing Base)
Swap Space
Most commonly used approach
A Layered Operating System Architecure
27. When a portion of primary memory is accessed by specifying the actual address of the memory location
A Domain
Direct addressing
Networks and Communications
A and B
28. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Process isolation
Subject to Object Model
B2
Evaluated separately
29. Intended for environments that require systems to handle classified data.
Trusted Network Interpretation (TNI)
Pipelining
Constrained
B1 - Labeled Security rating
30. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
Life Cycle Assurance Requirement
Administrative declaration
The "No write Down" Rule
A1 - Rating
31. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"
Simple Integrity Axiom
Implement software or systems in a production environment
The Integrity of data within applications
The security kernel
32. Which would be designated as objects on a MAC system?
A Thread
Files - directories and devices
Implement software or systems in a production environment
Swap Space
33. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.
Totality of protection mechanisms
Direct Addressing
Documentation - Orange Book
C2 - Controlled Access Protection
34. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use
The Trusted Computing Base (TCB)
Examples of Layered Operating Systems
Protection Rings Support
Sensitivity labels
35. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object
Orange Book ratings
Pipelining
Access control to the objects by the subjects
The Trusted Computing Base (TCB)
36. In both the Bell-LaPadula and Biba Models if the word "* or Star is used - _______________.
C2
The Tranqulity principle (The Bell-LaPadula Model)
The Rule is talking about writing
Physical security
37. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
B1
Orange Book - D
No write down
B2 rating
38. Which can be used as a covert channel?
Storage and timing
Protection Rings Support
Multitasking
Labels - Orange Book
39. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.
Covert channels
Security Policy - Orange Book
Multilevel Security Policies
*-Integrity Axiom
40. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.
Discretionary Security Property (ds-property)
Complex Instruction Set Computers (CISC)
Need-to-know
Execution Domain
41. Access control labels must be associated properly with objects.
Orange Book - D
Networks and Communications
Clark-Wilson
Labels - Orange Book
42. The reserved hard drive space used to Extend RAM capabilities. Windows system use the pagefile.sys file to reserve this space
Swap Space
B3
Be protected from modification
Pipelining
43. The Reserved hard drive space used to to extend RAM capabilites.
Most commonly used approach
Files - directories and devices
Swap Space
TCB (Trusted Computing Base)
44. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.
Direct Addressing
Most commonly used approach
*-Integrity Axiom
Prevent secret information from being accessed
45. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
All Mandatory Access Control (MAC) systems
No read up
C2 - Controlled Access Protection
The security perimeter
46. A subject at a given clearance may not read an object at a higher classification
Orange Book C
The Simple Security Property
The Biba Model
The security perimeter
47. Certification is a Technical review that assesses the _____________ - where as Accreditation is management's Official acceptance of the information in the Certification process findings.
Mandatory Access Control (MAC)
A1 - Rating
Buffer (temporary data storage area)
Security mechanisms and evalautes their effectivenes
48. What does the Clark-Wilson security model focus on
Multitasking
Trusted Distribution
Integrity
No read down
49. A system uses the Reference Monitor to ___________________ of a subject and an object?
Operational assurance requirements
C1
Prohibits
Compare the security labels
50. What does the simple integrity axiom mean in the Biba model?
Swap Space
No read down
Firmware
Its classification label (Top Secret - Secret or confidential)
