SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. What does the simple integrity axiom mean in the Biba model?
No read down
Types of covert channels
A Limit Register (Memory Management)
An abstract machine
2. What access control technique is also known as multilevel security?
B1 - Labeled Security rating
Orange Book - A1
The security perimeter
Mandatory access control
3. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
Division B - Mandatory Protection
Fail safe
Division C - Discretionary Protection
Ring 0
4. The Simple Security rule is refered to as______________.
The "No read Up" rule
Security Policy is clearly defined and documented
Disclosure of residual data
Real storage
5. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.
A and B
The Common Criteria
NOT Integrity
Swap Space
6. In access control terms - the word "dominate" refers to ___________.
State machine model
B1 - Labeled Security
Higher or equal to access class
Polyinstantiation
7. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
D
B2 - Structured Protection
Orange Book - A1
Sensitivity labels
8. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Virtual storage
In C2 - Controlled Access Protection environment
A and B
9. Security Labels are not required until __________; thus C2 does not require security labels but B1 does
A security domain
Security rating B
Sensitivity labels
B3 - Security Domains
10. When the address location that is specified in the program instruction contains the address of the final desired location.
Thrashing
Trusted Distribution
Indirect addressing
Mandatory Access Control (MAC)
11. Bell-LaPadula model was proposed for enforcing access control in _____________________.
Security rating B
Relative Addresses
Government and military applications
Secondary Storage
12. What does the * (star) property mean in the Bell-LaPadula model?
C1 - Discretionary Security Protection
Clark-Wilson
Fail safe
No write down
13. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.
Orange Book - B1
Dedicated Security Mode
The Rule is talking about writing
Its classification label (Top Secret - Secret or confidential)
14. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
Types of covert channels
Reduced Instruction Set Computers (RISC)
Process isolation
Invocation Property
15. For a subject to have read access to an object in a Multi-Level Security Policy - it is necessary that the subject's sensitivity label must ____________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
16. Mandatory Protection
The security perimeter
Protection Rings Support
Orange Book - B3
Orange Book B
17. Which can be used as a covert channel?
Its Clearance Label (Top Secret - Secret - or Confidential)
The National Computer Security Center (NCSC)
C2
Storage and timing
18. Components considered as part of the Trusted Computing Base (from the Orange Book) are?
Trusted hardware - Software and Firmware
Execution Domain
Cache Memory
Covert channels
19. What does the simple security (ss) property mean in the Bell-LaPadula model?
No read up
Implement software or systems in a production environment
Highly secure systems (B2 - B3 and A1)
No read down
20. A Policy based control. All objects and systems have a sensitivity level assigned to them
Ring 2
Mandatory Access Control (MAC)
B3 - Rating
No read down
21. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
Need-to-know
A and B
Direct addressing
Orange Book B
22. The Indexed memory addresses that software uses
Logical addresses
The National Computer Security Center (NCSC)
A single classification and a Compartment Set
Attributable data
23. Individual subjects must be uniquely identified.
First evaluation class
The security perimeter
Direct addressing
Identification - Orange Book
24. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
'Dominate'
Accountability - Orange Book
Division D - Minimal Protection
A Thread
25. Which is an ISO standard product evaluation criteria that supersedes several different criteria
No read down
Bell-LaPadula Model
The Common Criteria
Enforces the rules
26. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.
Disclosure of residual data
State machine model
The Clark Wilson integrity model
C1 - Discrection Security Protection is a type of environment
27. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.
Real storage
The National Computer Security Center (NCSC)
The reference monitor
Execution Domain
28. The assignment of a specific individual to administer the security-related functions of a system.
Absolute addresses
Trusted facility management
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Trusted Network Interpretation (TNI)
29. A system uses the Reference Monitor to ___________________ of a subject and an object?
Compare the security labels
A single classification and a Compartment Set
Scalar processors
Virtual Memory
30. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.
Prohibits
Enforces the rules
B2 rating
Multilevel Security Policies
31. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma
Trusted Distribution
Ring 0
Evaluated separately
Discretionary Security Property (ds-property)
32. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle
C1
Its classification label (Top Secret - Secret or confidential)
Complex Instruction Set Computers (CISC)
Security Policy
33. Audit data must be captured and protected to enforce accountability
Division C - Discretionary Protection
Accountability - Orange Book
The Security Kernel
Dedicated Security Mode
34. Each data object must contain a classification label and each subject must have a clearance label.
B1 - Labeled Security
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Security mechanisms and evalautes their effectivenes
Most commonly used approach
35. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Buffer overflows
Files - directories and devices
B2 rating
36. In both the Bell-LaPadula and Biba Models if the word "* or Star is used - _______________.
The Rule is talking about writing
The Strong star property rule
The TCSEC - Aka Orange Book
Be protected from modification
37. In Access Control terms it means to be higher than or equal to. In the Bell-Lapadula Model - this is refered to as the dominance relation - which is the relationship of the subject's clearance to the object's classification
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
38. Verification Protection
B3 - Rating
Pipelining
Disclosure of residual data
Orange Book A
39. Which increases the performance in a computer by overlapping the steps of different instructions?
security protection mechanisms
Mandatory access control
Pipelining
Most commonly used approach
40. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.
Orange Book B
Covert channels
Clark-Wilson Model
Its classification label (Top Secret - Secret or confidential)
41. The Biba Model adresses _____________________.
C2 - Controlled Access Protection
Simple Security Rule
Covert channels
The Integrity of data within applications
42. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
The Integrity of data within applications
Subject to Object Model
The Tranqulity principle (The Bell-LaPadula Model)
Prevent secret information from being accessed
43. Trusted facility management is an assurance requirement only for ________________.
C2 - Controlled Access Protection
Need-to-know
Highly secure systems (B2 - B3 and A1)
Its Clearance Label (Top Secret - Secret - or Confidential)
44. The Red Book aka Trusted Network Interpretation (TNI) - provides _________________ for Trusted computer and communications network systems under the areas of assurance requirements
Orange Book interpretations
Dominate the object's sensitivity label
Be protected from modification
Relative Addresses
45. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
B2 - Structured Protection
Orange Book ratings
Labels - Orange Book
Implement software or systems in a production environment
46. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
Thrashing
'Dominate'
Accreditation
The reference monitor
47. All users have a clearance for and a formal need to know about - all data processed with the system.
The Common Criteria
C1 - Discretionary Security Protection
Operational assurance requirements
Dedicated Security Mode
48. The Availability - Integrity and confidentiality requirements of multitasking operating systems
Protection Rings Support
Mandatory Access Control (MAC)
Process isolation
Swap Space
49. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use
Examples of Layered Operating Systems
Complex Instruction Set Computers (CISC)
The *-Property rule (Star property)
Trusted hardware - Software and Firmware
50. The Orange book requires protection against two_____________ - which are these Timing and Storage
Swap Space
First evaluation class
Types of covert channels
Evaluated separately
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests