SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.
Simple Security Rule
B2
Process isolation
Enforces the rules
2. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
Orange Book - B3
B3 - Security Domains
A Thread
Controlling unauthorized downgrading of information
3. Operating System Kernel
attributability
An abstract machine
The Evaluated Products List (EPL) with their corresponding rating
Ring 0
4. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
Real storage
Pipelining
A security kernel
Protection Rings Support
5. The total combination of protection mechanisms within a computer system
TCB (Trusted Computing Base)
Security mechanisms and evalautes their effectivenes
The rule is talking about "Reading"
Compare the security labels
6. In access control terms - the word "dominate" refers to ___________.
Higher or equal to access class
security protection mechanisms
The National Computer Security Center (NCSC)
Evaluated separately
7. Happen because input data is not checked for appropriate length at time of input
Controls the checks
A single classification and a Compartment Set
Simple Integrity Axiom
Buffer overflows
8. The combination of RAM - Cache and the Processor Registers
NOT Integrity
Primary storage
B1 - Labeled Security rating
A1
9. The Indexed memory addresses that software uses
Life Cycle Assurance Requirement
A lattice of Intergrity Levels
Logical addresses
Stored in Reak Memory
10. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.
The Strong star property rule
A security kernel
Its Clearance Label (Top Secret - Secret - or Confidential)
Ring 3
11. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)
The Evaluated Products List (EPL) with their corresponding rating
Enforces the rules
Dedicated Security Mode
*-Integrity Axiom
12. A domain of trust that shares a single security policy and single management
B1
C2
A security domain
Physical security
13. The Bell-LaPadula Model is a _______________.
The Trusted Computing Base (TCB)
Enforces the rules
Orange Book - B3
Subject to Object Model
14. When the contents of the address defined in the program's instruction is added to that of an index register.
B3 - Rating
Relative Addresses
Multitasking
Indexed addressing
15. Execute one instruction at a time.
No read down
Controlling unauthorized downgrading of information
TCB (Trusted Computing Base)
Scalar processors
16. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
The Evaluated Products List (EPL) with their corresponding rating
Physical security
A1 - Rating
B2 rating
17. Can be erased - modified and upgraded.
Clark-Wilson Model
Erasable and Programmable Read-Only Memory (EPROM)
Simple Security Rule
The Tranqulity principle (The Bell-LaPadula Model)
18. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
A and B
Logical addresses
The Strong star property rule
A Base Register (Memory Management)
19. What does the * (star) property mean in the Bell-LaPadula model?
Storage and timing
A security domain
No write down
Complex Instruction Set Computers (CISC)
20. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
Isolate processes
The Red Book
B1
Multilevel Security Policies
21. I/O drivers and utilities
Ring 2
A Domain
Isolate processes
State machine model
22. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain
Constrained
B3
Orange Book C
Pagefile.sys file
23. When the RAM and secondary storage are combined the result is __________.
Implement software or systems in a production environment
Security mechanisms and evalautes their effectivenes
Virtual Memory
Orange Book - A1
24. What does the Clark-Wilson security model focus on
*-Integrity Axiom
Multilevel Security Policies
Basic Security Theorem (used in computer science) definition
Integrity
25. Mediates all access and Functions between subjects and objects.
The Security Kernel
A Layered Operating System Architecure
Stored in Reak Memory
Accreditation
26. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
B1
B3
Firmware
'Dominate'
27. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
Enforces the rules
A Thread
C2 - Controlled Access Protection
No read down
28. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle
Multilevel Security Policies
Complex Instruction Set Computers (CISC)
Need-to-know
Evaluated separately
29. Used by Windows systems to reserve the "Swap Space"
Logical addresses
C1 - Discrection Security Protection is a type of environment
Pagefile.sys file
The Monolithic Operation system Architecture
30. For a subject to have read access to an object in a Multi-Level Security Policy - it is necessary that the subject's sensitivity label must ____________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
31. The subject must have Need to Know for ONLY the information they are trying to access.
Firmware
System High Security Mode
Sensitivity labels
Dominate the object's sensitivity label
32. The group that oversees the processes of evaluation within TCSEC is?
Prohibits
C2 - Controlled Access Protection
Trusted Products Evaluation Program (TPEP)
Bell-LaPadula Model
33. Another word for Primary storage and distinguishes physical memory from virtual memory.
Real storage
Be protected from modification
No write down
Division B - Mandatory Protection
34. What access control technique is also known as multilevel security?
Primary storage
Life-cycle assurance - O/B
Pipelining
Mandatory access control
35. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
International Standard 15408
Execution Domain
A security kernel
Certification
36. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
Clark-Wilson
B2 - Structured Protection
Accountability - Orange Book
Cache Memory
37. Mandatory access control is enfored by the use of security labels.
Division B - Mandatory Protection
Direct Addressing
Accountability - Orange Book
Orange Book - A1
38. What does the simple security (ss) property mean in the Bell-LaPadula model?
Accreditation
Attributable data
Continuous protection - O/B
No read up
39. System Architecture that separates system functionality into Hierarchical layers
Its Clearance Label (Top Secret - Secret - or Confidential)
A1 - Rating
Erasable and Programmable Read-Only Memory (EPROM)
A Layered Operating System Architecure
40. In the Bell-LaPadula Model the Subject's Label contains ___________________.
Its Clearance Label (Top Secret - Secret - or Confidential)
Orange Book C
Orange Book - B2
Polyinstantiation
41. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?
No write down
B3
B2 rating
International Standard 15408
42. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system
Pipelining
Indexed addressing
NOT Integrity
Isolate processes
43. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.
C2
Documentation - Orange Book
Attributable - original - accurate - contemporaneous and legible
Operational assurance requirements
44. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
The Security Kernel
C1 - Discretionary Security Protection
Models concerned with integrity
All Mandatory Access Control (MAC) systems
45. An organization within the National Security Agency (NSA) is responsible for Evaluating computer systems and products. The Trusted Product Evaluation program (TPEP) oversees the testing by approved entities of commercial products against a specific s
Ring 3
The National Computer Security Center (NCSC)
B2 - Structured Protection
Its classification label (Top Secret - Secret or confidential)
46. Based on a known address with an offset value applied.
Networks and Communications
Thrashing
Clark-Wilson
Relative Addresses
47. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system
Discretionary Security Property (ds-property)
The Monolithic Operation system Architecture
Networks and Communications
Files - directories and devices
48. Permits a database to have two records that are identical except for Their classifications
Be protected from modification
A security domain
Polyinstantiation
Disclosure of residual data
49. Which Orange Book evaluation level is described as "Discretionary Security Protection"?
C1
Primary storage
D
Life Cycle Assurance Requirement
50. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.
Its Clearance Label (Top Secret - Secret - or Confidential)
The Biba Model
Identification - Orange Book
Ring 1