SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The Biba Model adresses _____________________.
Accreditation
The Common Criteria
The Integrity of data within applications
An abstract machine
2. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m
Division C - Discretionary Protection
C2 - Controlled Access Protection
B3 - Rating
Bell-LaPadula Model
3. What does the Clark-Wilson security model focus on
Multitasking
Integrity
Secondary Storage
Stored in Reak Memory
4. Which TCSEC level first addresses object reuse?
Assigned labels
C2
Administrative declaration
Relative Addresses
5. All users have a clearance for and a formal need to know about - all data processed with the system.
Accountability - Orange Book
Dedicated Security Mode
The Security Kernel
Complex Instruction Set Computers (CISC)
6. The first mathematical model of a multi-level security policy used to define the concept of a secure state - the modes of access - and rules for granting access?
Access control to the objects by the subjects
Bell-LaPadula Model
The National Computer Security Center (NCSC)
B3
7. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?
The Integrity of data within applications
C2
Security Policy is clearly defined and documented
Disclosure of residual data
8. The Availability - Integrity and confidentiality requirements of multitasking operating systems
Prohibits
The Red Book
Protection Rings Support
Ring 0
9. Permits a database to have two records that are identical except for Their classifications
A security kernel
Sensitivity labels
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Polyinstantiation
10. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.
Direct Addressing
The Thread (memory Management)
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Security Policy - Orange Book
11. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
Dominate the object's sensitivity label
NOT Integrity
Multilevel Security Policies
The reference monitor
12. Audit data must be captured and protected to enforce accountability
Security Policy
Primary storage
Accountability - Orange Book
Orange Book - B3
13. A1 is also called "Verified Design" and requires formal verification of the design and specifications.
Complex Instruction Set Computers (CISC)
Clark-Wilson Model
Orange Book - A1
Attributable - original - accurate - contemporaneous and legible
14. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
The reference monitor
Orange Book ratings
Multiprocessing
Overt channel
15. In both the Bell-LaPadula and Biba Models if the word "* or Star is used - _______________.
All Mandatory Access Control (MAC) systems
The Integrity of data within applications
The Rule is talking about writing
Evaluated separately
16. Contains the beginning address
A Base Register (Memory Management)
Types of covert channels
Mandatory Access Control (MAC)
The trustworthiness of an information system
17. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.
Basic Security Theorem (used in computer science) definition
Direct Addressing
Orange Book - B2
Programmable Read-Only Memory (PROM)
18. Should always trace to individuals responsible for observing and recording the data
Security Policy is clearly defined and documented
Fail safe
Dedicated Security Mode
Attributable data
19. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)
*-Integrity Axiom
A Base Register (Memory Management)
Orange Book - D
Orange Book - B1
20. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
C2
C1 - Discrection Security Protection is a type of environment
Ring 3
Certification
21. A type of memory used for High-speed writing and reading activities.
Its Clearance Label (Top Secret - Secret - or Confidential)
Security mechanisms and evalautes their effectivenes
Cache Memory
Storage and timing
22. The Bell-LaPadula model Subjects and Objects are ___________.
Attributable data
Assigned labels
Mandatory Access Control (MAC)
The National Computer Security Center (NCSC)
23. Which is a straightforward approach that provides access rights to subjects for objects?
Assigned labels
Access Matrix model
C2 - Controlled Access Protection
Highly secure systems (B2 - B3 and A1)
24. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.
Covert channels
A1 - Rating
Division C - Discretionary Protection
Clark-Wilson
25. Trusted facility management is an assurance requirement only for ________________.
C2 - Controlled Access Protection
Highly secure systems (B2 - B3 and A1)
Complex Instruction Set Computers (CISC)
State machine model
26. Another word for Primary storage and distinguishes physical memory from virtual memory.
NOT Integrity
C2 - Controlled Access Protection
Real storage
Physical security
27. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
Prohibits
Division C - Discretionary Protection
Secondary Storage
Invocation Property
28. System Architecture that separates system functionality into Hierarchical layers
Files - directories and devices
A Layered Operating System Architecure
A security kernel
Simple Integrity Axiom
29. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
Controlling unauthorized downgrading of information
Enforces the rules
B1
Access control to the objects by the subjects
30. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs
International Standard 15408
Need-to-know
C1 - Discrection Security Protection is a type of environment
Secondary Storage
31. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.
Integrity
Trusted Distribution
C2 - Controlled Access Protection
The Strong star property rule
32. The reserved hard drive space used to Extend RAM capabilities. Windows system use the pagefile.sys file to reserve this space
Attributable data
Orange Book - B1
The Strong star property rule
Swap Space
33. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
Prevent secret information from being accessed
Dedicated Security Mode
Bell-LaPadula Model
Access control to the objects by the subjects
34. Using TPs (Transformation Procedures) to modify CDIs (Constrained Data) items is refered to as Well-Formed transaction
Orange Book interpretations
Firmware
Physical security
Clark-Wilson Model
35. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.
Continuous protection - O/B
Primary storage
Access Matrix model
No read down
36. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
In C2 - Controlled Access Protection environment
security protection mechanisms
Prevent secret information from being accessed
B1 - Labeled Security
37. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
B3
Models concerned with integrity
The National Computer Security Center (NCSC)
Labels - Orange Book
38. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain
Thrashing
Constrained
Prohibits
The *-Property rule (Star property)
39. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
Continuous protection - O/B
Clark-Wilson
An abstract machine
Ring 2
40. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
Be protected from modification
An abstract machine
Totality of protection mechanisms
A lattice of Intergrity Levels
41. Discretionary protection
The trustworthiness of an information system
Orange Book C
C1 - Discretionary Security Protection
B2 rating
42. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
Attributable - original - accurate - contemporaneous and legible
Most commonly used approach
Virtual Memory
Orange Book - B3
43. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
No read up
Evaluated separately
Pipelining
International Standard 15408
44. Remaining parts of the operating system
Integrity
Ring 1
Ring 3
Secondary Storage
45. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.
Relative Addresses
Simple Security Rule
The Red Book
A Thread
46. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
Thrashing
Multiprocessing
Logical addresses
Pagefile.sys file
47. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
C2
Models concerned with integrity
Virtual Memory
Indirect addressing
48. What access control technique is also known as multilevel security?
'Dominate'
The security perimeter
attributability
Mandatory access control
49. Which uses Protection Profiles and Security Targets?
Files - directories and devices
security protection mechanisms
Protection Rings Support
International Standard 15408
50. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
The National Computer Security Center (NCSC)
The security perimeter
Virtual Memory
The "No read Up" rule
