SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs
Secondary Storage
Attributable data
State machine model
'Dominate'
2. Users need to be Identified individually to provide more precise acces control and auditing functionality.
C2 - Controlled Access Protection
Buffer overflows
An abstract machine
B3 - Rating
3. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.
Polyinstantiation
A Layered Operating System Architecure
Buffer (temporary data storage area)
security protection mechanisms
4. Operating System Kernel
Ring 0
Clark-Wilson
Models concerned with integrity
Reduced Instruction Set Computers (RISC)
5. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma
The TCSEC - Aka Orange Book
Identification - Orange Book
Bell-LaPadula Model
Discretionary Security Property (ds-property)
6. In the Bell-LaPadula Model the Object's Label contains ___________________.
Reduced Instruction Set Computers (RISC)
Its classification label (Top Secret - Secret or confidential)
Direct Addressing
'Dominate'
7. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.
Real storage
Buffer (temporary data storage area)
The Biba Model
Stored in Reak Memory
8. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.
Process isolation
The Evaluated Products List (EPL) with their corresponding rating
Basic Security Theorem (used in computer science) definition
Assigned labels
9. Individual subjects must be uniquely identified.
Erasable and Programmable Read-Only Memory (EPROM)
Identification - Orange Book
The Simple Security Property
The Red Book
10. Based on a known address with an offset value applied.
Ring 1
Relative Addresses
B1
A and B
11. Mediates all access and Functions between subjects and objects.
Firmware
The Security Kernel
Erasable and Programmable Read-Only Memory (EPROM)
Simple Integrity Axiom
12. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use
Examples of Layered Operating Systems
The Security Kernel
Process isolation
The National Computer Security Center (NCSC)
13. The *-Property rule is refered to as ____________.
The "No write Down" Rule
Isolate processes
Swap Space
The security kernel
14. What does the simple security (ss) property mean in the Bell-LaPadula model?
The Red Book
The National Computer Security Center (NCSC)
The Evaluated Products List (EPL) with their corresponding rating
No read up
15. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
Certification
Files - directories and devices
C2
D
16. What model use an access control triples and requires that the system maintain separation of duty ?
Clark-Wilson
A Base Register (Memory Management)
Ring 1
The Red Book
17. Involves sharing the processor amoung all ready processes
Orange Book - B2
Division D - Minimal Protection
Multitasking
Be protected from modification
18. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
Its classification label (Top Secret - Secret or confidential)
The Clark Wilson integrity model
A Limit Register (Memory Management)
Security Policy is clearly defined and documented
19. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.
Accountability - Orange Book
The Biba Model
Continuous protection - O/B
The rule is talking about "Reading"
20. Which increases the performance in a computer by overlapping the steps of different instructions?
Pipelining
C1 - Discrection Security Protection is a type of environment
Files - directories and devices
Enforces the rules
21. The Biba Model adresses _____________________.
The Integrity of data within applications
Orange Book C
security protection mechanisms
Be protected from modification
22. The C2 evaluation class of the _________________ offers controlled access protection.
Direct Addressing
Multiprocessing
Simple Security Rule
Trusted Network Interpretation (TNI)
23. Remaining parts of the operating system
Security rating B
Ring 1
The rule is talking about "Reading"
Orange Book - B1
24. When a portion of primary memory is accessed by specifying the actual address of the memory location
Prevent secret information from being accessed
C2 - Controlled Access Protection
Direct addressing
B2
25. A domain of trust that shares a single security policy and single management
Thrashing
A1
A security domain
The Rule is talking about writing
26. Which is an ISO standard product evaluation criteria that supersedes several different criteria
The Common Criteria
Division C - Discretionary Protection
Ring 3
The Evaluated Products List (EPL) with their corresponding rating
27. Security Labels are not required until __________; thus C2 does not require security labels but B1 does
Division B - Mandatory Protection
Swap Space
Security rating B
B2 rating
28. The security kernel is the mechanism that _____________ of the reference monitor concept.
The security perimeter
Enforces the rules
C2 - Controlled Access Protection
Attributable - original - accurate - contemporaneous and legible
29. Bell-LaPadula Model -______________: A subject in a given security level can NOT WRITE information to a LOWER security level.
Assigned labels
Reduced Instruction Set Computers (RISC)
Indexed addressing
The *-Property rule (Star property)
30. What does the * (star) property mean in the Bell-LaPadula model?
No write down
Mandatory access control
Security Policy
Files - directories and devices
31. An organization within the National Security Agency (NSA) is responsible for Evaluating computer systems and products. The Trusted Product Evaluation program (TPEP) oversees the testing by approved entities of commercial products against a specific s
The National Computer Security Center (NCSC)
Labels - Orange Book
No read up
B3 - Rating
32. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
Reduced Instruction Set Computers (RISC)
Security rating B
Controls the checks
Orange Book A
33. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
Models concerned with integrity
Bell-LaPadula Model
Life Cycle Assurance Requirement
A1 - Rating
34. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
Life Cycle Assurance Requirement
A Layered Operating System Architecure
B3 - Security Domains
Absolute addresses
35. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
Its Clearance Label (Top Secret - Secret - or Confidential)
A Limit Register (Memory Management)
Controlling unauthorized downgrading of information
The Simple Security Property
36. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
Covert channels
Buffer overflows
Fail safe
The reference monitor
37. Certification is a Technical review that assesses the _____________ - where as Accreditation is management's Official acceptance of the information in the Certification process findings.
Clark-Wilson Model
Security mechanisms and evalautes their effectivenes
Attributable data
Orange Book - D
38. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
Division B - Mandatory Protection
Thrashing
Sensitivity labels
No read down
39. System Architecture that separates system functionality into Hierarchical layers
A1
A Layered Operating System Architecure
Attributable data
Orange Book B
40. The first mathematical model of a multi-level security policy used to define the concept of a secure state - the modes of access - and rules for granting access?
Types of covert channels
*-Integrity Axiom
Bell-LaPadula Model
Subject to Object Model
41. TCSEC provides a means to evaluate ______________________.
Enforces the rules
A and B
C2 - Controlled Access Protection
The trustworthiness of an information system
42. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle
No read down
Access Matrix model
Complex Instruction Set Computers (CISC)
Security mechanisms and evalautes their effectivenes
43. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
The Evaluated Products List (EPL) with their corresponding rating
All Mandatory Access Control (MAC) systems
Primary storage
Certification
44. What does the simple integrity axiom mean in the Biba model?
Complex Instruction Set Computers (CISC)
Dedicated Security Mode
Trusted Distribution
No read down
45. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.
Covert channels
C2
Orange Book - B3
Constrained
46. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
Buffer (temporary data storage area)
Complex Instruction Set Computers (CISC)
Assigned labels
Prohibits
47. A system uses the Reference Monitor to ___________________ of a subject and an object?
B3 - Rating
Orange Book B
Orange Book - A1
Compare the security labels
48. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
B2 rating
Storage and timing
Enforces the rules
No write down
49. Audit data must be captured and protected to enforce accountability
Absolute addresses
Accountability - Orange Book
Clark-Wilson
B3
50. Which is a straightforward approach that provides access rights to subjects for objects?
Access Matrix model
The security perimeter
Integrity
B3
