Test your basic knowledge |

CISSP Security Architecture And Design

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. What does the simple integrity axiom mean in the Biba model?
No read down
Types of covert channels
A Limit Register (Memory Management)
An abstract machine

2. What access control technique is also known as multilevel security?
B1 - Labeled Security rating
Orange Book - A1
The security perimeter
Mandatory access control

3. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
Division B - Mandatory Protection
Fail safe
Division C - Discretionary Protection
Ring 0

4. The Simple Security rule is refered to as______________.
The "No read Up" rule
Security Policy is clearly defined and documented
Disclosure of residual data
Real storage

5. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.
A and B
The Common Criteria
NOT Integrity
Swap Space

6. In access control terms - the word "dominate" refers to ___________.
State machine model
B1 - Labeled Security
Higher or equal to access class
Polyinstantiation

7. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
D
B2 - Structured Protection
Orange Book - A1
Sensitivity labels

8. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Virtual storage
In C2 - Controlled Access Protection environment
A and B

9. Security Labels are not required until __________; thus C2 does not require security labels but B1 does
A security domain
Security rating B
Sensitivity labels
B3 - Security Domains

10. When the address location that is specified in the program instruction contains the address of the final desired location.
Thrashing
Trusted Distribution
Indirect addressing
Mandatory Access Control (MAC)

11. Bell-LaPadula model was proposed for enforcing access control in _____________________.
Security rating B
Relative Addresses
Government and military applications
Secondary Storage

12. What does the * (star) property mean in the Bell-LaPadula model?
C1 - Discretionary Security Protection
Clark-Wilson
Fail safe
No write down

13. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.
Orange Book - B1
Dedicated Security Mode
The Rule is talking about writing
Its classification label (Top Secret - Secret or confidential)

14. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
Types of covert channels
Reduced Instruction Set Computers (RISC)
Process isolation
Invocation Property

15. For a subject to have read access to an object in a Multi-Level Security Policy - it is necessary that the subject's sensitivity label must ____________________.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

16. Mandatory Protection
The security perimeter
Protection Rings Support
Orange Book - B3
Orange Book B

17. Which can be used as a covert channel?
Its Clearance Label (Top Secret - Secret - or Confidential)
The National Computer Security Center (NCSC)
C2
Storage and timing

18. Components considered as part of the Trusted Computing Base (from the Orange Book) are?
Trusted hardware - Software and Firmware
Execution Domain
Cache Memory
Covert channels

19. What does the simple security (ss) property mean in the Bell-LaPadula model?
No read up
Implement software or systems in a production environment
Highly secure systems (B2 - B3 and A1)
No read down

20. A Policy based control. All objects and systems have a sensitivity level assigned to them
Ring 2
Mandatory Access Control (MAC)
B3 - Rating
No read down

21. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
Need-to-know
A and B
Direct addressing
Orange Book B

22. The Indexed memory addresses that software uses
Logical addresses
The National Computer Security Center (NCSC)
A single classification and a Compartment Set
Attributable data

23. Individual subjects must be uniquely identified.
First evaluation class
The security perimeter
Direct addressing
Identification - Orange Book

24. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
'Dominate'
Accountability - Orange Book
Division D - Minimal Protection
A Thread

25. Which is an ISO standard product evaluation criteria that supersedes several different criteria
No read down
Bell-LaPadula Model
The Common Criteria
Enforces the rules

26. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.
Disclosure of residual data
State machine model
The Clark Wilson integrity model
C1 - Discrection Security Protection is a type of environment

27. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.
Real storage
The National Computer Security Center (NCSC)
The reference monitor
Execution Domain

28. The assignment of a specific individual to administer the security-related functions of a system.
Absolute addresses
Trusted facility management
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Trusted Network Interpretation (TNI)

29. A system uses the Reference Monitor to ___________________ of a subject and an object?
Compare the security labels
A single classification and a Compartment Set
Scalar processors
Virtual Memory

30. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.
Prohibits
Enforces the rules
B2 rating
Multilevel Security Policies

31. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma
Trusted Distribution
Ring 0
Evaluated separately
Discretionary Security Property (ds-property)

32. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle
C1
Its classification label (Top Secret - Secret or confidential)
Complex Instruction Set Computers (CISC)
Security Policy

33. Audit data must be captured and protected to enforce accountability
Division C - Discretionary Protection
Accountability - Orange Book
The Security Kernel
Dedicated Security Mode

34. Each data object must contain a classification label and each subject must have a clearance label.
B1 - Labeled Security
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Security mechanisms and evalautes their effectivenes
Most commonly used approach

35. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Buffer overflows
Files - directories and devices
B2 rating

36. In both the Bell-LaPadula and Biba Models if the word "* or Star is used - _______________.
The Rule is talking about writing
The Strong star property rule
The TCSEC - Aka Orange Book
Be protected from modification

37. In Access Control terms it means to be higher than or equal to. In the Bell-Lapadula Model - this is refered to as the dominance relation - which is the relationship of the subject's clearance to the object's classification

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

38. Verification Protection
B3 - Rating
Pipelining
Disclosure of residual data
Orange Book A

39. Which increases the performance in a computer by overlapping the steps of different instructions?
security protection mechanisms
Mandatory access control
Pipelining
Most commonly used approach

40. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.
Orange Book B
Covert channels
Clark-Wilson Model
Its classification label (Top Secret - Secret or confidential)

41. The Biba Model adresses _____________________.
C2 - Controlled Access Protection
Simple Security Rule
Covert channels
The Integrity of data within applications

42. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
The Integrity of data within applications
Subject to Object Model
The Tranqulity principle (The Bell-LaPadula Model)
Prevent secret information from being accessed

43. Trusted facility management is an assurance requirement only for ________________.
C2 - Controlled Access Protection
Need-to-know
Highly secure systems (B2 - B3 and A1)
Its Clearance Label (Top Secret - Secret - or Confidential)

44. The Red Book aka Trusted Network Interpretation (TNI) - provides _________________ for Trusted computer and communications network systems under the areas of assurance requirements
Orange Book interpretations
Dominate the object's sensitivity label
Be protected from modification
Relative Addresses

45. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
B2 - Structured Protection
Orange Book ratings
Labels - Orange Book
Implement software or systems in a production environment

46. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
Thrashing
'Dominate'
Accreditation
The reference monitor

47. All users have a clearance for and a formal need to know about - all data processed with the system.
The Common Criteria
C1 - Discretionary Security Protection
Operational assurance requirements
Dedicated Security Mode

48. The Availability - Integrity and confidentiality requirements of multitasking operating systems
Protection Rings Support
Mandatory Access Control (MAC)
Process isolation
Swap Space

49. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use
Examples of Layered Operating Systems
Complex Instruction Set Computers (CISC)
The *-Property rule (Star property)
Trusted hardware - Software and Firmware

50. The Orange book requires protection against two_____________ - which are these Timing and Storage
Swap Space
First evaluation class
Types of covert channels
Evaluated separately

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Major Subjects
Tests & Exams AP CLEP DSST GRE SAT GMAT	Certifications CISSP go to https://www.isc2.org/ PMP ITIL RHCE MCTS More...	IT Skills Android Programming Data Modeling Objective C Programming Basic Python Programming Adobe Illustrator More...	Business Skills Advertising Techniques Business Accounting Basics Business Strategy Human Resource Management Marketing Basics More...
Soft Skills Body Language People Skills Public Speaking Persuasion Job Hunting And Resumes More...	Vocabulary GRE Vocab SAT Vocab TOEFL Essential Vocab Basic English Words For All Global Words You Should Know Business English More...	Languages AP German Vocab AP Latin Vocab SAT Subject Test: French Italian Survival Norwegian Survival More...	Engineering Audio Engineering Computer Science Engineering Aerospace Engineering Chemical Engineering Structural Engineering More...
Health Sciences Basic Nursing Skills Health Science Language Fundamentals Veterinary Technology Medical Language Cardiology Clinical Surgery More...	English Grammar Fundamentals Literary And Rhetorical Vocab Elements Of Style Vocab Introduction To English Major Complete Advanced Sentences Literature Homonyms More...	Math Algebra Formulas Basic Arithmetic: Measurements Metric Conversions Geometric Properties Important Math Facts Number Sense Vocab Business Math More...	Other Major Subjects Science Economics History Law Performing-arts Cooking Logic & Reasoning Trivia

Test your basic knowledge |

CISSP Security Architecture And Design

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests

Major Subjects

Tests & Exams

Certifications

IT Skills

Business Skills

Soft Skills

Vocabulary

Languages

Engineering

Health Sciences

English

Math

Other Major Subjects

Browse all subjects

Browse all tests

Most popular tests