SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The Physical memory address that the CPU uses
Absolute addresses
The Clark Wilson integrity model
B3
Its classification label (Top Secret - Secret or confidential)
2. The Policy must be explicit and well defined and enforced by the mechanisms within the system
B3 - Rating
Security Policy - Orange Book
C1 - Discrection Security Protection is a type of environment
Ring 2
3. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
Primary storage
All Mandatory Access Control (MAC) systems
The trustworthiness of an information system
Models concerned with integrity
4. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
The security perimeter
A Thread
A1
Thrashing
5. What is called the formal acceptance of the adequacy of a system's overall security by management?
Compare the security labels
Process isolation
Accreditation
Disclosure of residual data
6. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.
Identification - Orange Book
Physical security
Mandatory Access Control (MAC)
No read down
7. In ______________ the subject must have: Need to Know for ALL the information contained within the system.
The Clark Wilson integrity model
Dedicated Security Mode
The Strong star property rule
Mandatory Access Control (MAC)
8. Security Labels are not required until __________; thus C2 does not require security labels but B1 does
C2 - Controlled Access Protection
Security rating B
Labels - Orange Book
Integrity
9. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
Disclosure of residual data
D
Controls the checks
Orange Book - B1
10. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
Complex Instruction Set Computers (CISC)
B1 - Labeled Security rating
Controls the checks
Ring 0
11. The assignment of a specific individual to administer the security-related functions of a system.
Trusted facility management
Mandatory access control
B2
Administrative declaration
12. Which increases the performance in a computer by overlapping the steps of different instructions?
Highly secure systems (B2 - B3 and A1)
A Limit Register (Memory Management)
Operational assurance requirements
Pipelining
13. Which is a straightforward approach that provides access rights to subjects for objects?
The security kernel
Access Matrix model
Evaluated separately
No read down
14. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.
Security Policy
The Biba Model
B2 rating
Ring 2
15. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"
Simple Integrity Axiom
Absolute addresses
Compare the security labels
Division D - Minimal Protection
16. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system
Firmware
Ring 3
The Monolithic Operation system Architecture
B3 - Rating
17. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.
C1 - Discretionary Security Protection
NOT Integrity
Security rating B
Security Policy
18. In access control terms - the word "dominate" refers to ___________.
Accreditation
Higher or equal to access class
Multitasking
B3 - Security Domains
19. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
Real storage
An abstract machine
A security domain
Attributable - original - accurate - contemporaneous and legible
20. Documentation must be provided - including test - design - and specification document - user guides and manuals
Documentation - Orange Book
Trusted Network Interpretation (TNI)
Its Clearance Label (Top Secret - Secret - or Confidential)
Be protected from modification
21. In the Bell-LaPadula Model the Subject's Label contains ___________________.
Its Clearance Label (Top Secret - Secret - or Confidential)
The security perimeter
Isolate processes
Enforces the rules
22. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.
Direct addressing
Trusted Network Interpretation (TNI)
Most commonly used approach
Implement software or systems in a production environment
23. A set of objects that a subject is able to access
'Dominate'
Dominate the object's sensitivity label
A Domain
Relative Addresses
24. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.
The security perimeter
B1 - Labeled Security
Evaluated separately
Basic Security Theorem (used in computer science) definition
25. The combination of RAM - Cache and the Processor Registers
The Evaluated Products List (EPL) with their corresponding rating
Types of covert channels
Primary storage
Relative Addresses
26. Discretionary protection
Orange Book C
Direct addressing
Indexed addressing
B1 - Labeled Security
27. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.
The security perimeter
B3
The reference monitor
No write down
28. In the Bell-LaPadula Model the Object's Label contains ___________________.
A lattice of Intergrity Levels
Its classification label (Top Secret - Secret or confidential)
*-Integrity Axiom
A1 - Rating
29. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
A and B
C2
Indirect addressing
A1 - Rating
30. A domain of trust that shares a single security policy and single management
B2 - Structured Protection
Totality of protection mechanisms
The National Computer Security Center (NCSC)
A security domain
31. Remaining parts of the operating system
Complex Instruction Set Computers (CISC)
C2 - Controlled Access Protection
Security Policy
Ring 1
32. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.
Buffer (temporary data storage area)
Orange Book - A1
B2 - Structured Protection
The *-Property rule (Star property)
33. Which in the Orange Book ratings represents the highest level of trust?
B2
Trusted facility management
Disclosure of residual data
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
34. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object
Networks and Communications
Access control to the objects by the subjects
A lattice of Intergrity Levels
Mandatory Access Control (MAC)
35. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
Security Policy is clearly defined and documented
System High Security Mode
B3 - Security Domains
Relative Addresses
36. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
Multitasking
Execution Domain
Trusted Distribution
Higher or equal to access class
37. The security kernel is the mechanism that _____________ of the reference monitor concept.
Enforces the rules
The security kernel
C2
Thrashing
38. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.
C2 - Controlled Access Protection
Administrative declaration
C1 - Discretionary Security Protection
Buffer (temporary data storage area)
39. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.
Continuous protection - O/B
The rule is talking about "Reading"
Real storage
Dedicated Security Mode
40. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
A Thread
Buffer (temporary data storage area)
Buffer overflows
Certification
41. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.
C1 - Discrection Security Protection is a type of environment
Simple Security Rule
A lattice of Intergrity Levels
Trusted hardware - Software and Firmware
42. When a computer uses more than one CPU in parallel to execute instructions is known as?
Division B - Mandatory Protection Architecture
The Strong star property rule
A Domain
Multiprocessing
43. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
A1
State machine model
Division B - Mandatory Protection Architecture
Trusted facility management
44. What are the components of an object's sensitivity label?
A single classification and a Compartment Set
The Biba Model
Access control to the objects by the subjects
D
45. Access control labels must be associated properly with objects.
Labels - Orange Book
Orange Book A
Real storage
All Mandatory Access Control (MAC) systems
46. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.
B3 - Rating
D
Its classification label (Top Secret - Secret or confidential)
The Monolithic Operation system Architecture
47. Which Orange Book evaluation level is described as "Discretionary Security Protection"?
Ring 3
C1
Trusted Network Interpretation (TNI)
Indirect addressing
48. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
Division B - Mandatory Protection Architecture
Security Policy is clearly defined and documented
Division D - Minimal Protection
A single classification and a Compartment Set
49. Mandatory Access requires that _____________ be attached to all objects.
B1 - Labeled Security
Trusted Network Interpretation (TNI)
Sensitivity labels
A Limit Register (Memory Management)
50. Succesfully Evaluated products are placed on?
The Evaluated Products List (EPL) with their corresponding rating
Division C - Discretionary Protection
C1 - Discrection Security Protection is a type of environment
The security perimeter
