Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.






2. Mandatory access control is enfored by the use of security labels.






3. The Bell-LaPadula model Subjects and Objects are ___________.






4. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity






5. Which Orange Book evaluation level is described as "Discretionary Security Protection"?






6. The Security Model Incorporates the ____________ that should be enforced in the system.






7. The group that oversees the processes of evaluation within TCSEC is?






8. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.






9. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m






10. Discretionary protection






11. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?






12. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.






13. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system






14. Individual subjects must be uniquely identified.






15. The assignment of a specific individual to administer the security-related functions of a system.






16. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.






17. When the address location that is specified in the program instruction contains the address of the final desired location.






18. What does the * (star) property mean in the Bell-LaPadula model?






19. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.






20. In the Bell-LaPadula Model the Object's Label contains ___________________.






21. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.






22. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system






23. What is called the formal acceptance of the adequacy of a system's overall security by management?






24. Requires more stringent authentication mechanisms and well-defined interfaces among layers.






25. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"






26. A Policy based control. All objects and systems have a sensitivity level assigned to them






27. When the contents of the address defined in the program's instruction is added to that of an index register.






28. In Access Control terms it means to be higher than or equal to. In the Bell-Lapadula Model - this is refered to as the dominance relation - which is the relationship of the subject's clearance to the object's classification

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


29. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards






30. The security kernel is the mechanism that _____________ of the reference monitor concept.






31. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.






32. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.






33. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.






34. Subjects and Objects cannot change their security levels once they have been instantiated (created)






35. Which can be used as a covert channel?






36. Succesfully Evaluated products are placed on?






37. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.






38. Which is an ISO standard product evaluation criteria that supersedes several different criteria






39. In access control terms - the word "dominate" refers to ___________.






40. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.






41. Simpler instructions that require fewer clock cycles to execute.






42. Audit data must be captured and protected to enforce accountability






43. The Simple Security rule is refered to as______________.






44. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.






45. When a computer uses more than one CPU in parallel to execute instructions is known as?






46. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.






47. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?






48. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.






49. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.






50. Contains the beginning address