Test your basic knowledge |

CISSP Security Architecture And Design

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
Security Policy
Its Clearance Label (Top Secret - Secret - or Confidential)
B2 - Structured Protection
Logical addresses

2. The Physical memory address that the CPU uses
Life Cycle Assurance Requirement
Absolute addresses
A Layered Operating System Architecure
B1 - Labeled Security

3. According to the Orange Book - trusted facility management is not required for which security levels?
The security perimeter
Multiprocessing
B1
Orange Book interpretations

4. Which addresses a portion of the primary memory by specifying the actual address of the memory location?
Direct Addressing
The Thread (memory Management)
The Rule is talking about writing
Orange Book B

5. System Architecture that separates system functionality into Hierarchical layers
Networks and Communications
A Layered Operating System Architecure
'Dominate'
Life Cycle Assurance Requirement

6. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
C1 - Discrection Security Protection is a type of environment
Bell-LaPadula Model
Controlling unauthorized downgrading of information
Attributable - original - accurate - contemporaneous and legible

7. The Security Model Incorporates the ____________ that should be enforced in the system.
Process isolation
The Thread (memory Management)
Security Policy
attributability

8. The Bell-LaPadula model Subjects and Objects are ___________.
Assigned labels
B3 - Rating
Primary storage
Thrashing

9. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?
Disclosure of residual data
Discretionary Security Property (ds-property)
Examples of Layered Operating Systems
Orange Book - A1

10. TCSEC provides a means to evaluate ______________________.
A Base Register (Memory Management)
The Tranqulity principle (The Bell-LaPadula Model)
No write down
The trustworthiness of an information system

11. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.
Primary storage
attributability
Models concerned with integrity
Protection Rings Support

12. Users need to be Identified individually to provide more precise acces control and auditing functionality.
C2 - Controlled Access Protection
Enforces the rules
Attributable data
Attributable - original - accurate - contemporaneous and legible

13. What model use an access control triples and requires that the system maintain separation of duty ?
Clark-Wilson
Higher or equal to access class
Disclosure of residual data
The trustworthiness of an information system

14. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.
Sensitivity labels
Swap Space
The rule is talking about "Reading"
Programmable Read-Only Memory (PROM)

15. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.
Accountability - Orange Book
First evaluation class
The National Computer Security Center (NCSC)
A Layered Operating System Architecure

16. When the RAM and secondary storage are combined the result is __________.
Orange Book - D
Accreditation
Reduced Instruction Set Computers (RISC)
Virtual Memory

17. The Availability - Integrity and confidentiality requirements of multitasking operating systems
Orange Book A
Prohibits
Protection Rings Support
Subject to Object Model

18. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
A security kernel
Security mechanisms and evalautes their effectivenes
The Simple Security Property
B1 - Labeled Security

19. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
A Base Register (Memory Management)
The security kernel
Models concerned with integrity
The Strong star property rule

20. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
A Thread
Highly secure systems (B2 - B3 and A1)
Swap Space
Virtual storage

21. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.
Files - directories and devices
Indexed addressing
C2 - Controlled Access Protection
Direct addressing

22. Access control labels must be associated properly with objects.
Prevent secret information from being accessed
The TCSEC - Aka Orange Book
No read down
Labels - Orange Book

23. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
Trusted Products Evaluation Program (TPEP)
Security Policy is clearly defined and documented
A Limit Register (Memory Management)
Prevent secret information from being accessed

24. What does the * (star) property mean in the Bell-LaPadula model?
No write down
Orange Book - B3
The Common Criteria
Integrity

25. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.
Multiprocessing
Execution Domain
Clark-Wilson Model
Division B - Mandatory Protection

26. The Bell-LaPadula Model is a _______________.
Orange Book - A1
Subject to Object Model
Security mechanisms and evalautes their effectivenes
D

27. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
Security Policy - Orange Book
Administrative declaration
A1 - Rating
Bell-LaPadula Model

28. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
Thrashing
Ring 3
Covert channels
Division B - Mandatory Protection

29. In both the Bell-LaPadula and Biba Models if the word "* or Star is used - _______________.
C2 - Controlled Access Protection
Documentation - Orange Book
Relative Addresses
The Rule is talking about writing

30. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
The trustworthiness of an information system
Indirect addressing
Division C - Discretionary Protection
Electrically Erasable and Programmable Read-Only Memory (EEPROM)

31. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.
Subject to Object Model
attributability
The Strong star property rule
Access Matrix model

32. Data in Cache can be accessed much more quickly than Data
Examples of Layered Operating Systems
State machine model
Stored in Reak Memory
C1

33. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)
*-Integrity Axiom
The Monolithic Operation system Architecture
A Thread
Networks and Communications

34. Discretionary protection
Assigned labels
Division B - Mandatory Protection
The *-Property rule (Star property)
Orange Book C

35. Permits a database to have two records that are identical except for Their classifications
Polyinstantiation
The trustworthiness of an information system
Life-cycle assurance - O/B
A security domain

36. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Be protected from modification
Disclosure of residual data
Evaluated separately
Security rating B

37. Which is an ISO standard product evaluation criteria that supersedes several different criteria
B2 - Structured Protection
The Common Criteria
Isolate processes
Division B - Mandatory Protection Architecture

38. A domain of trust that shares a single security policy and single management
C2
Dominate the object's sensitivity label
A security domain
Reduced Instruction Set Computers (RISC)

39. A Policy based control. All objects and systems have a sensitivity level assigned to them
Mandatory Access Control (MAC)
Attributable - original - accurate - contemporaneous and legible
Erasable and Programmable Read-Only Memory (EPROM)
Division D - Minimal Protection

40. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.
The Evaluated Products List (EPL) with their corresponding rating
Networks and Communications
The Trusted Computing Base (TCB)
Life Cycle Assurance Requirement

41. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.
Security Policy is clearly defined and documented
The Biba Model
Physical security
The Red Book

42. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
The Common Criteria
The security perimeter
Division B - Mandatory Protection
The Red Book

43. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.
Most commonly used approach
Orange Book interpretations
Files - directories and devices
Pipelining

44. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
Life Cycle Assurance Requirement
Documentation - Orange Book
D
The Clark Wilson integrity model

45. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
The Thread (memory Management)
Life-cycle assurance - O/B
Sensitivity labels
Operational assurance requirements

46. When a portion of primary memory is accessed by specifying the actual address of the memory location
Direct addressing
A Base Register (Memory Management)
Access Matrix model
C2

47. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system
Multilevel Security Policies
First evaluation class
Ring 2
The Monolithic Operation system Architecture

48. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
Scalar processors
Erasable and Programmable Read-Only Memory (EPROM)
Trusted Distribution
A Layered Operating System Architecure

49. When the contents of the address defined in the program's instruction is added to that of an index register.
C2 - Controlled Access Protection
Indexed addressing
Thrashing
The National Computer Security Center (NCSC)

50. Minimal Security
Polyinstantiation
Orange Book - D
B3 - Security Domains
Isolate processes

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Major Subjects
Tests & Exams AP CLEP DSST GRE SAT GMAT	Certifications CISSP go to https://www.isc2.org/ PMP ITIL RHCE MCTS More...	IT Skills Android Programming Data Modeling Objective C Programming Basic Python Programming Adobe Illustrator More...	Business Skills Advertising Techniques Business Accounting Basics Business Strategy Human Resource Management Marketing Basics More...
Soft Skills Body Language People Skills Public Speaking Persuasion Job Hunting And Resumes More...	Vocabulary GRE Vocab SAT Vocab TOEFL Essential Vocab Basic English Words For All Global Words You Should Know Business English More...	Languages AP German Vocab AP Latin Vocab SAT Subject Test: French Italian Survival Norwegian Survival More...	Engineering Audio Engineering Computer Science Engineering Aerospace Engineering Chemical Engineering Structural Engineering More...
Health Sciences Basic Nursing Skills Health Science Language Fundamentals Veterinary Technology Medical Language Cardiology Clinical Surgery More...	English Grammar Fundamentals Literary And Rhetorical Vocab Elements Of Style Vocab Introduction To English Major Complete Advanced Sentences Literature Homonyms More...	Math Algebra Formulas Basic Arithmetic: Measurements Metric Conversions Geometric Properties Important Math Facts Number Sense Vocab Business Math More...	Other Major Subjects Science Economics History Law Performing-arts Cooking Logic & Reasoning Trivia

Test your basic knowledge |

CISSP Security Architecture And Design

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests

Major Subjects

Tests & Exams

Certifications

IT Skills

Business Skills

Soft Skills

Vocabulary

Languages

Engineering

Health Sciences

English

Math

Other Major Subjects

Browse all subjects

Browse all tests

Most popular tests