Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)






2. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs






3. Individual subjects must be uniquely identified.






4. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.






5. Based on a known address with an offset value applied.






6. Which Orange Book evaluation level is described as "Verified Design"?






7. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.






8. Execute one instruction at a time.






9. What prevents a process from accessing another process' data?






10. The Indexed memory addresses that software uses






11. Which TCSEC level first addresses object reuse?






12. Contains the beginning address






13. The Policy must be explicit and well defined and enforced by the mechanisms within the system






14. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?






15. Verification Protection






16. The group that oversees the processes of evaluation within TCSEC is?






17. Security Labels are not required until __________; thus C2 does not require security labels but B1 does






18. The Orange book does NOT Cover ________________ - And Database management systems






19. In access control terms - the word "dominate" refers to ___________.






20. When the contents of the address defined in the program's instruction is added to that of an index register.






21. A system uses the Reference Monitor to ___________________ of a subject and an object?






22. The first mathematical model of a multi-level security policy used to define the concept of a secure state - the modes of access - and rules for granting access?






23. What does the * (star) property mean in the Bell-LaPadula model?






24. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.






25. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?






26. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"






27. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.






28. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when






29. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?






30. Requires more stringent authentication mechanisms and well-defined interfaces among layers.






31. Bell-LaPadula Model -______________: A subject in a given security level can NOT WRITE information to a LOWER security level.






32. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system






33. The Availability - Integrity and confidentiality requirements of multitasking operating systems






34. Which is an ISO standard product evaluation criteria that supersedes several different criteria






35. In both the Bell-LaPadula and Biba Models if the word "* or Star is used - _______________.






36. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.






37. In the Bell-LaPadula Model the Subject's Label contains ___________________.






38. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.






39. As per FDA data should be ______________________________.






40. The Security Model Incorporates the ____________ that should be enforced in the system.






41. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.






42. System Architecture that separates system functionality into Hierarchical layers






43. A type of memory used for High-speed writing and reading activities.






44. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked






45. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards






46. Mandatory Access requires that _____________ be attached to all objects.






47. A1 is also called "Verified Design" and requires formal verification of the design and specifications.






48. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.






49. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.






50. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.