Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle






2. Audit data must be captured and protected to enforce accountability






3. The Simple Security rule is refered to as______________.






4. Which uses Protection Profiles and Security Targets?






5. The total combination of protection mechanisms within a computer system






6. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.






7. In Access Control terms it means to be higher than or equal to. In the Bell-Lapadula Model - this is refered to as the dominance relation - which is the relationship of the subject's clearance to the object's classification

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


8. Access control labels must be associated properly with objects.






9. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.






10. Using TPs (Transformation Procedures) to modify CDIs (Constrained Data) items is refered to as Well-Formed transaction






11. Requires more stringent authentication mechanisms and well-defined interfaces among layers.






12. The Security Model Incorporates the ____________ that should be enforced in the system.






13. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.






14. Security Labels are not required until __________; thus C2 does not require security labels but B1 does






15. Discretionary protection






16. According to the Orange Book - trusted facility management is not required for which security levels?






17. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system






18. When a portion of primary memory is accessed by specifying the actual address of the memory location






19. An organization within the National Security Agency (NSA) is responsible for Evaluating computer systems and products. The Trusted Product Evaluation program (TPEP) oversees the testing by approved entities of commercial products against a specific s






20. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?






21. The assignment of a specific individual to administer the security-related functions of a system.






22. Data in Cache can be accessed much more quickly than Data






23. What does the * (star) property mean in the Bell-LaPadula model?






24. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.






25. The Bell-LaPadula Model is a _______________.






26. Certification is a Technical review that assesses the _____________ - where as Accreditation is management's Official acceptance of the information in the Certification process findings.






27. Which is an ISO standard product evaluation criteria that supersedes several different criteria






28. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.






29. Permits a database to have two records that are identical except for Their classifications






30. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.






31. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when






32. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?






33. The TCB is the ________________ within a computer system that work together to enforce a security policy.






34. In ______________ the subject must have: Need to Know for ALL the information contained within the system.






35. A type of memory used for High-speed writing and reading activities.






36. As per FDA data should be ______________________________.






37. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)






38. When the address location that is specified in the program instruction contains the address of the final desired location.






39. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.






40. What are the components of an object's sensitivity label?






41. A1 is also called "Verified Design" and requires formal verification of the design and specifications.






42. The *-Property rule is refered to as ____________.






43. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?






44. Trusted facility management is an assurance requirement only for ________________.






45. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.






46. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.






47. Which is a straightforward approach that provides access rights to subjects for objects?






48. Used by Windows systems to reserve the "Swap Space"






49. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.






50. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests