SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.
Orange Book - A1
NOT Integrity
Access control to the objects by the subjects
Orange Book - D
2. The first mathematical model of a multi-level security policy used to define the concept of a secure state - the modes of access - and rules for granting access?
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Bell-LaPadula Model
The Biba Model
Compare the security labels
3. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
Programmable Read-Only Memory (PROM)
A1
B2 - Structured Protection
Orange Book - B3
4. Security Labels are not required until __________; thus C2 does not require security labels but B1 does
Security rating B
C2
The "No write Down" Rule
The Evaluated Products List (EPL) with their corresponding rating
5. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.
Buffer (temporary data storage area)
The security kernel
Need-to-know
The security perimeter
6. Trusted facility management is an assurance requirement only for ________________.
Highly secure systems (B2 - B3 and A1)
First evaluation class
Bell-LaPadula Model
Dedicated Security Mode
7. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.
No read up
The Thread (memory Management)
Continuous protection - O/B
A lattice of Intergrity Levels
8. Bell-LaPadula Model -______________: A subject in a given security level can NOT WRITE information to a LOWER security level.
Dedicated Security Mode
The Biba Model
Erasable and Programmable Read-Only Memory (EPROM)
The *-Property rule (Star property)
9. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.
Orange Book - B2
System High Security Mode
A security kernel
An abstract machine
10. What prevents a process from accessing another process' data?
Ring 1
Clark-Wilson Model
Mandatory Access Control (MAC)
Process isolation
11. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
C1 - Discretionary Security Protection
The Common Criteria
Highly secure systems (B2 - B3 and A1)
The security perimeter
12. Which increases the performance in a computer by overlapping the steps of different instructions?
A single classification and a Compartment Set
Its Clearance Label (Top Secret - Secret - or Confidential)
Pipelining
Disclosure of residual data
13. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?
The TCSEC - Aka Orange Book
Higher or equal to access class
Stored in Reak Memory
Disclosure of residual data
14. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
The Simple Security Property
B1 - Labeled Security rating
Trusted hardware - Software and Firmware
Invocation Property
15. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use
B2 rating
Examples of Layered Operating Systems
B3
Direct Addressing
16. What model use an access control triples and requires that the system maintain separation of duty ?
No write down
Clark-Wilson
The Red Book
Trusted Products Evaluation Program (TPEP)
17. Should always trace to individuals responsible for observing and recording the data
The Biba Model
Orange Book - B2
Attributable data
Access control to the objects by the subjects
18. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
Orange Book B
A Base Register (Memory Management)
Implement software or systems in a production environment
A Thread
19. The Orange book requires protection against two_____________ - which are these Timing and Storage
Indexed addressing
Life Cycle Assurance Requirement
B1 - Labeled Security rating
Types of covert channels
20. System Architecture that separates system functionality into Hierarchical layers
Physical security
A Layered Operating System Architecure
The Thread (memory Management)
Constrained
21. Execute one instruction at a time.
Multitasking
Dominate the object's sensitivity label
The Biba Model
Scalar processors
22. Which TCSEC level first addresses object reuse?
Simple Integrity Axiom
Process isolation
C2
Multiprocessing
23. The Simple Security rule is refered to as______________.
The "No read Up" rule
Files - directories and devices
First evaluation class
Stored in Reak Memory
24. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?
Models concerned with integrity
Accreditation
Ring 0
Fail safe
25. Minimal Security
Orange Book - D
Security rating B
B3
Stored in Reak Memory
26. The security kernel is the mechanism that _____________ of the reference monitor concept.
Simple Integrity Axiom
Most commonly used approach
Trusted Network Interpretation (TNI)
Enforces the rules
27. Permits a database to have two records that are identical except for Their classifications
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Access control to the objects by the subjects
Covert channels
Polyinstantiation
28. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.
Programmable Read-Only Memory (PROM)
B1 - Labeled Security rating
A lattice of Intergrity Levels
The Simple Security Property
29. Which Orange Book evaluation level is described as "Verified Design"?
Ring 0
Documentation - Orange Book
A1
Accreditation
30. The subject must have Need to Know for ONLY the information they are trying to access.
Access Matrix model
security protection mechanisms
Direct Addressing
System High Security Mode
31. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.
Covert channels
B2
Orange Book C
Implement software or systems in a production environment
32. Contains the ending address
A Limit Register (Memory Management)
The National Computer Security Center (NCSC)
Trusted hardware - Software and Firmware
No read up
33. What is called the formal acceptance of the adequacy of a system's overall security by management?
Prohibits
Accreditation
Constrained
The security perimeter
34. What does the * (star) property mean in the Bell-LaPadula model?
No write down
The Tranqulity principle (The Bell-LaPadula Model)
Security rating B
A1 - Rating
35. When a portion of primary memory is accessed by specifying the actual address of the memory location
Identification - Orange Book
Process isolation
Security Policy
Direct addressing
36. The group that oversees the processes of evaluation within TCSEC is?
Trusted Products Evaluation Program (TPEP)
A security kernel
Orange Book - D
Controls the checks
37. When a computer uses more than one CPU in parallel to execute instructions is known as?
Multiprocessing
Sensitivity labels
Controls the checks
Storage and timing
38. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"
The Integrity of data within applications
Buffer overflows
Highly secure systems (B2 - B3 and A1)
Simple Integrity Axiom
39. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu
Security Policy is clearly defined and documented
Dominate the object's sensitivity label
Orange Book - B3
Examples of Layered Operating Systems
40. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
Integrity
Indirect addressing
Prohibits
The security kernel
41. Which describe a condition when RAM and Secondary storage are used together?
Complex Instruction Set Computers (CISC)
Thrashing
Virtual storage
Certification
42. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
In C2 - Controlled Access Protection environment
Orange Book A
Its classification label (Top Secret - Secret or confidential)
Dominate the object's sensitivity label
43. Subjects and Objects cannot change their security levels once they have been instantiated (created)
Prevent secret information from being accessed
B3
Orange Book A
The Tranqulity principle (The Bell-LaPadula Model)
44. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
Administrative declaration
The Biba Model
B3 - Security Domains
Programmable Read-Only Memory (PROM)
45. A domain of trust that shares a single security policy and single management
Buffer (temporary data storage area)
Division B - Mandatory Protection
Networks and Communications
A security domain
46. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.
attributability
C1 - Discrection Security Protection is a type of environment
No read up
Prohibits
47. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
Attributable data
Trusted Distribution
The reference monitor
The Evaluated Products List (EPL) with their corresponding rating
48. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
A1
Certification
Implement software or systems in a production environment
Programmable Read-Only Memory (PROM)
49. In access control terms - the word "dominate" refers to ___________.
Higher or equal to access class
No write down
A1 - Rating
Its Clearance Label (Top Secret - Secret - or Confidential)
50. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
Controlling unauthorized downgrading of information
NOT Integrity
A security kernel
Ring 3