SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m
C2 - Controlled Access Protection
The "No write Down" Rule
C2
Direct addressing
2. Which addresses a portion of the primary memory by specifying the actual address of the memory location?
The National Computer Security Center (NCSC)
Models concerned with integrity
Direct Addressing
The Simple Security Property
3. What is called the formal acceptance of the adequacy of a system's overall security by management?
Files - directories and devices
Overt channel
Complex Instruction Set Computers (CISC)
Accreditation
4. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.
The National Computer Security Center (NCSC)
The Biba Model
The Clark Wilson integrity model
The rule is talking about "Reading"
5. A1 is also called "Verified Design" and requires formal verification of the design and specifications.
NOT Integrity
Dedicated Security Mode
Pagefile.sys file
Orange Book - A1
6. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.
Erasable and Programmable Read-Only Memory (EPROM)
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Bell-LaPadula Model
Life-cycle assurance - O/B
7. A subject at a given clearance may not read an object at a higher classification
Cache Memory
The Simple Security Property
Orange Book interpretations
Identification - Orange Book
8. According to the Orange Book - trusted facility management is not required for which security levels?
B1
C1 - Discretionary Security Protection
Prohibits
Orange Book - B3
9. Individual subjects must be uniquely identified.
Identification - Orange Book
Discretionary Security Property (ds-property)
Physical security
Indirect addressing
10. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
Division D - Minimal Protection
TCB (Trusted Computing Base)
State machine model
Enforces the rules
11. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
The Red Book
The security kernel
attributability
D
12. The assignment of a specific individual to administer the security-related functions of a system.
Administrative declaration
Secondary Storage
Trusted facility management
Orange Book - D
13. Documentation must be provided - including test - design - and specification document - user guides and manuals
The Monolithic Operation system Architecture
Documentation - Orange Book
Overt channel
The *-Property rule (Star property)
14. The total combination of protection mechanisms within a computer system
The Rule is talking about writing
Buffer overflows
A Layered Operating System Architecure
TCB (Trusted Computing Base)
15. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)
Firmware
C2 - Controlled Access Protection
Isolate processes
The Monolithic Operation system Architecture
16. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
Orange Book A
C2
D
Disclosure of residual data
17. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.
Division B - Mandatory Protection
Physical security
Security mechanisms and evalautes their effectivenes
C2 - Controlled Access Protection
18. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
Orange Book - B3
A single classification and a Compartment Set
Models concerned with integrity
Protection Rings Support
19. A domain of trust that shares a single security policy and single management
A Layered Operating System Architecure
Accreditation
NOT Integrity
A security domain
20. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
Be protected from modification
C1 - Discretionary Security Protection
Security mechanisms and evalautes their effectivenes
Simple Integrity Axiom
21. In ______________ the subject must have: Need to Know for ALL the information contained within the system.
Life Cycle Assurance Requirement
Labels - Orange Book
Dedicated Security Mode
Trusted hardware - Software and Firmware
22. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
Compare the security labels
The Biba Model
Controlling unauthorized downgrading of information
The security perimeter
23. The Biba Model adresses _____________________.
The Monolithic Operation system Architecture
Controls the checks
Operational assurance requirements
The Integrity of data within applications
24. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.
B3
Assigned labels
The Biba Model
Dedicated Security Mode
25. When the contents of the address defined in the program's instruction is added to that of an index register.
International Standard 15408
Prevent secret information from being accessed
Indexed addressing
Virtual storage
26. Involves sharing the processor amoung all ready processes
D
Accountability - Orange Book
Multitasking
Orange Book - B3
27. Certification is a Technical review that assesses the _____________ - where as Accreditation is management's Official acceptance of the information in the Certification process findings.
Erasable and Programmable Read-Only Memory (EPROM)
The trustworthiness of an information system
The Simple Security Property
Security mechanisms and evalautes their effectivenes
28. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.
The Strong star property rule
Cache Memory
An abstract machine
Continuous protection - O/B
29. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.
Need-to-know
Orange Book - B1
TCB (Trusted Computing Base)
Trusted Network Interpretation (TNI)
30. I/O drivers and utilities
A security domain
No read up
Ring 2
Trusted Network Interpretation (TNI)
31. What prevents a process from accessing another process' data?
Absolute addresses
Virtual storage
Evaluated separately
Process isolation
32. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma
Discretionary Security Property (ds-property)
*-Integrity Axiom
Orange Book - B1
Identification - Orange Book
33. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.
State machine model
Process isolation
Need-to-know
Dedicated Security Mode
34. The Bell-LaPadula Model is a _______________.
The Evaluated Products List (EPL) with their corresponding rating
Subject to Object Model
Programmable Read-Only Memory (PROM)
Its classification label (Top Secret - Secret or confidential)
35. Mandatory access control is enfored by the use of security labels.
Execution Domain
Division B - Mandatory Protection
Continuous protection - O/B
The "No write Down" Rule
36. A set of objects that a subject is able to access
Dominate the object's sensitivity label
A Domain
C1 - Discretionary Security Protection
A Thread
37. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.
A lattice of Intergrity Levels
C2
The Security Kernel
Orange Book - D
38. Trusted facility management is an assurance requirement only for ________________.
Programmable Read-Only Memory (PROM)
Highly secure systems (B2 - B3 and A1)
NOT Integrity
Virtual storage
39. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.
Orange Book - B1
The Red Book
Models concerned with integrity
Thrashing
40. A type of memory used for High-speed writing and reading activities.
Cache Memory
System High Security Mode
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Security rating B
41. Components considered as part of the Trusted Computing Base (from the Orange Book) are?
All Mandatory Access Control (MAC) systems
Trusted hardware - Software and Firmware
Virtual storage
A1
42. Bell-LaPadula Model -______________: A subject in a given security level can NOT WRITE information to a LOWER security level.
Relative Addresses
Clark-Wilson
Orange Book - B1
The *-Property rule (Star property)
43. When a computer uses more than one CPU in parallel to execute instructions is known as?
Orange Book interpretations
The "No write Down" Rule
A1 - Rating
Multiprocessing
44. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
The Red Book
The "No read Up" rule
Higher or equal to access class
A1
45. Operating System Kernel
Certification
Ring 0
Orange Book - A1
C1 - Discrection Security Protection is a type of environment
46. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
B3
Disclosure of residual data
Firmware
First evaluation class
47. Access control labels must be associated properly with objects.
Labels - Orange Book
B3
The Tranqulity principle (The Bell-LaPadula Model)
C2
48. A Policy based control. All objects and systems have a sensitivity level assigned to them
The Monolithic Operation system Architecture
Continuous protection - O/B
Relative Addresses
Mandatory Access Control (MAC)
49. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
All Mandatory Access Control (MAC) systems
Indexed addressing
Invocation Property
C2 - Controlled Access Protection
50. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
All Mandatory Access Control (MAC) systems
Orange Book A
Direct Addressing
C2 - Controlled Access Protection
