Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain






2. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.






3. A domain of trust that shares a single security policy and single management






4. A type of memory used for High-speed writing and reading activities.






5. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.






6. Applications and user activity






7. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.






8. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.






9. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.






10. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection






11. Mandatory access control is enfored by the use of security labels.






12. Mediates all access and Functions between subjects and objects.






13. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when






14. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.






15. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use






16. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.






17. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked






18. In the Bell-LaPadula Model the Subject's Label contains ___________________.






19. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.






20. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?






21. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.






22. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.






23. Certification is a Technical review that assesses the _____________ - where as Accreditation is management's Official acceptance of the information in the Certification process findings.






24. The Red Book aka Trusted Network Interpretation (TNI) - provides _________________ for Trusted computer and communications network systems under the areas of assurance requirements






25. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system






26. In the Bell-LaPadula Model the Object's Label contains ___________________.






27. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.






28. Contains the beginning address






29. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.






30. Audit data must be captured and protected to enforce accountability






31. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.






32. Used by Windows systems to reserve the "Swap Space"






33. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.






34. Which is an ISO standard product evaluation criteria that supersedes several different criteria






35. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.






36. Mandatory Protection






37. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.






38. System Architecture that separates system functionality into Hierarchical layers






39. Happen because input data is not checked for appropriate length at time of input






40. When the address location that is specified in the program instruction contains the address of the final desired location.






41. What prevents a process from accessing another process' data?






42. The Orange book requires protection against two_____________ - which are these Timing and Storage






43. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?






44. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)






45. Bell-LaPadula model was proposed for enforcing access control in _____________________.






46. Which increases the performance in a computer by overlapping the steps of different instructions?






47. Another word for Primary storage and distinguishes physical memory from virtual memory.






48. Contains the ending address






49. Which addresses a portion of the primary memory by specifying the actual address of the memory location?






50. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests