SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
The Simple Security Property
Compare the security labels
The Rule is talking about writing
In C2 - Controlled Access Protection environment
2. Bell-LaPadula Model -______________: A subject in a given security level can NOT WRITE information to a LOWER security level.
C2 - Controlled Access Protection
The *-Property rule (Star property)
Covert channels
B1 - Labeled Security rating
3. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
Prevent secret information from being accessed
Pagefile.sys file
Covert channels
Ring 0
4. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
The Biba Model
Attributable data
Be protected from modification
5. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)
*-Integrity Axiom
Disclosure of residual data
B2
attributability
6. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.
Networks and Communications
Security Policy
Simple Security Rule
Pagefile.sys file
7. What prevents a process from accessing another process' data?
Buffer (temporary data storage area)
Security Policy - Orange Book
security protection mechanisms
Process isolation
8. The Availability - Integrity and confidentiality requirements of multitasking operating systems
Mandatory Access Control (MAC)
Pipelining
Protection Rings Support
The Common Criteria
9. Individual subjects must be uniquely identified.
Assigned labels
Identification - Orange Book
Evaluated separately
C2 - Controlled Access Protection
10. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
Be protected from modification
Pagefile.sys file
Prevent secret information from being accessed
Clark-Wilson Model
11. In both the Bell-LaPadula and Biba Models if the word "* or Star is used - _______________.
The Integrity of data within applications
Division B - Mandatory Protection
Enforces the rules
The Rule is talking about writing
12. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
Orange Book A
Attributable - original - accurate - contemporaneous and legible
Controlling unauthorized downgrading of information
The Security Kernel
13. Audit data must be captured and protected to enforce accountability
Types of covert channels
The security perimeter
Accountability - Orange Book
Stored in Reak Memory
14. The subject must have Need to Know for ONLY the information they are trying to access.
Prohibits
Physical security
System High Security Mode
Complex Instruction Set Computers (CISC)
15. As per FDA data should be ______________________________.
Ring 1
Division B - Mandatory Protection Architecture
The Clark Wilson integrity model
Attributable - original - accurate - contemporaneous and legible
16. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
A security kernel
C1 - Discretionary Security Protection
Logical addresses
Storage and timing
17. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
C1 - Discrection Security Protection is a type of environment
Implement software or systems in a production environment
Security mechanisms and evalautes their effectivenes
The security kernel
18. A1 is also called "Verified Design" and requires formal verification of the design and specifications.
The *-Property rule (Star property)
Orange Book - A1
Covert channels
'Dominate'
19. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object
Compare the security labels
Direct addressing
Orange Book - B1
Access control to the objects by the subjects
20. The reserved hard drive space used to Extend RAM capabilities. Windows system use the pagefile.sys file to reserve this space
Swap Space
Mandatory Access Control (MAC)
Relative Addresses
Firmware
21. In ______________ the subject must have: Need to Know for ALL the information contained within the system.
The Rule is talking about writing
Controlling unauthorized downgrading of information
Dedicated Security Mode
The "No read Up" rule
22. The Policy must be explicit and well defined and enforced by the mechanisms within the system
Documentation - Orange Book
A Limit Register (Memory Management)
Security Policy - Orange Book
Subject to Object Model
23. What does the * (star) property mean in the Bell-LaPadula model?
No read up
No write down
Controlling unauthorized downgrading of information
Orange Book interpretations
24. Components considered as part of the Trusted Computing Base (from the Orange Book) are?
Trusted hardware - Software and Firmware
Attributable - original - accurate - contemporaneous and legible
The Red Book
No read down
25. Which addresses a portion of the primary memory by specifying the actual address of the memory location?
Swap Space
Implement software or systems in a production environment
Direct Addressing
The security kernel
26. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.
Simple Integrity Axiom
Sensitivity labels
Orange Book - B2
Thrashing
27. Which is a straightforward approach that provides access rights to subjects for objects?
Absolute addresses
Clark-Wilson
Access Matrix model
Need-to-know
28. Should always trace to individuals responsible for observing and recording the data
Attributable data
Types of covert channels
B1 - Labeled Security rating
Thrashing
29. Mediates all access and Functions between subjects and objects.
The Security Kernel
A Domain
Multitasking
Division B - Mandatory Protection Architecture
30. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
Need-to-know
B2 rating
Division C - Discretionary Protection
Dedicated Security Mode
31. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain
A Domain
Constrained
Complex Instruction Set Computers (CISC)
Physical security
32. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.
State machine model
The Strong star property rule
C1 - Discretionary Security Protection
Physical security
33. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
Be protected from modification
A and B
Trusted Distribution
Attributable - original - accurate - contemporaneous and legible
34. Security Labels are not required until __________; thus C2 does not require security labels but B1 does
Subject to Object Model
The Simple Security Property
Stored in Reak Memory
Security rating B
35. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"
A Thread
Simple Integrity Axiom
A security kernel
The *-Property rule (Star property)
36. Which TCSEC level first addresses object reuse?
C2
The Evaluated Products List (EPL) with their corresponding rating
Access Matrix model
The TCSEC - Aka Orange Book
37. A domain of trust that shares a single security policy and single management
A security domain
No read up
Most commonly used approach
C1 - Discretionary Security Protection
38. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
Constrained
Prohibits
The National Computer Security Center (NCSC)
A security kernel
39. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
Access control to the objects by the subjects
Orange Book A
In C2 - Controlled Access Protection environment
Division B - Mandatory Protection Architecture
40. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m
C2 - Controlled Access Protection
Trusted Network Interpretation (TNI)
B1
NOT Integrity
41. The Bell-LaPadula model Subjects and Objects are ___________.
Assigned labels
Virtual storage
Overt channel
C2 - Controlled Access Protection
42. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
The TCSEC - Aka Orange Book
The Simple Security Property
The Clark Wilson integrity model
Dominate the object's sensitivity label
43. Mandatory Protection
Orange Book B
C2 - Controlled Access Protection
attributability
International Standard 15408
44. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
Its classification label (Top Secret - Secret or confidential)
The trustworthiness of an information system
Clark-Wilson
Life-cycle assurance - O/B
45. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
B3 - Rating
A security domain
B2 - Structured Protection
An abstract machine
46. When a computer uses more than one CPU in parallel to execute instructions is known as?
Operational assurance requirements
Orange Book - B2
Multiprocessing
Access control to the objects by the subjects
47. Permits a database to have two records that are identical except for Their classifications
The trustworthiness of an information system
The *-Property rule (Star property)
Polyinstantiation
Bell-LaPadula Model
48. Which uses Protection Profiles and Security Targets?
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Division B - Mandatory Protection
International Standard 15408
The *-Property rule (Star property)
49. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
The security perimeter
Prevent secret information from being accessed
Documentation - Orange Book
No read down
50. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?
A Base Register (Memory Management)
Enforces the rules
B3
Clark-Wilson Model
