SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.
Evaluated separately
security protection mechanisms
Multiprocessing
Need-to-know
2. Which in the Orange Book ratings represents the highest level of trust?
Clark-Wilson
Division B - Mandatory Protection
security protection mechanisms
B2
3. Permits a database to have two records that are identical except for Their classifications
A Base Register (Memory Management)
Orange Book C
Polyinstantiation
Be protected from modification
4. When a portion of primary memory is accessed by specifying the actual address of the memory location
Direct addressing
A lattice of Intergrity Levels
The National Computer Security Center (NCSC)
State machine model
5. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system
Buffer overflows
Logical addresses
Isolate processes
Trusted Products Evaluation Program (TPEP)
6. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
D
Orange Book - B3
Cache Memory
Security Policy - Orange Book
7. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
Life-cycle assurance - O/B
Controls the checks
Ring 1
Orange Book A
8. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.
Accreditation
Pagefile.sys file
B3 - Rating
C1 - Discrection Security Protection is a type of environment
9. The Availability - Integrity and confidentiality requirements of multitasking operating systems
Certification
Protection Rings Support
Assigned labels
The security perimeter
10. Mediates all access and Functions between subjects and objects.
The National Computer Security Center (NCSC)
Overt channel
The Security Kernel
Buffer overflows
11. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object
Most commonly used approach
A Base Register (Memory Management)
Division D - Minimal Protection
Access control to the objects by the subjects
12. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
Assigned labels
Controls the checks
Pipelining
The Common Criteria
13. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
The security perimeter
Implement software or systems in a production environment
Certification
The National Computer Security Center (NCSC)
14. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.
Mandatory access control
Most commonly used approach
Compare the security labels
NOT Integrity
15. The Bell-LaPadula model Subjects and Objects are ___________.
Implement software or systems in a production environment
Integrity
Examples of Layered Operating Systems
Assigned labels
16. In Access Control terms it means to be higher than or equal to. In the Bell-Lapadula Model - this is refered to as the dominance relation - which is the relationship of the subject's clearance to the object's classification
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
17. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu
Attributable data
C2 - Controlled Access Protection
Security Policy is clearly defined and documented
Division C - Discretionary Protection
18. In access control terms - the word "dominate" refers to ___________.
Isolate processes
Higher or equal to access class
The security perimeter
TCB (Trusted Computing Base)
19. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
Absolute addresses
Constrained
The Clark Wilson integrity model
Reduced Instruction Set Computers (RISC)
20. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.
A Thread
First evaluation class
Life Cycle Assurance Requirement
Its Clearance Label (Top Secret - Secret - or Confidential)
21. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
The security perimeter
A Thread
Cache Memory
Be protected from modification
22. A Policy based control. All objects and systems have a sensitivity level assigned to them
D
Security rating B
Accountability - Orange Book
Mandatory Access Control (MAC)
23. In ______________ the subject must have: Need to Know for ALL the information contained within the system.
D
Orange Book - A1
Dedicated Security Mode
Covert channels
24. Simpler instructions that require fewer clock cycles to execute.
B1 - Labeled Security rating
Reduced Instruction Set Computers (RISC)
Mandatory Access Control (MAC)
Secondary Storage
25. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.
B2 - Structured Protection
Dedicated Security Mode
Isolate processes
Multilevel Security Policies
26. Can be erased - modified and upgraded.
C2 - Controlled Access Protection
A Thread
Most commonly used approach
Erasable and Programmable Read-Only Memory (EPROM)
27. What are the components of an object's sensitivity label?
Compare the security labels
A single classification and a Compartment Set
B3
Its classification label (Top Secret - Secret or confidential)
28. A system uses the Reference Monitor to ___________________ of a subject and an object?
'Dominate'
Compare the security labels
A Base Register (Memory Management)
C1
29. The Reserved hard drive space used to to extend RAM capabilites.
Protection Rings Support
Continuous protection - O/B
Swap Space
Accountability - Orange Book
30. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.
Simple Security Rule
Networks and Communications
Security Policy is clearly defined and documented
B3 - Rating
31. What access control technique is also known as multilevel security?
Access Matrix model
Discretionary Security Property (ds-property)
Mandatory access control
B2 - Structured Protection
32. Documentation must be provided - including test - design - and specification document - user guides and manuals
Documentation - Orange Book
The "No read Up" rule
B1 - Labeled Security rating
Mandatory Access Control (MAC)
33. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m
C2 - Controlled Access Protection
The Clark Wilson integrity model
Its classification label (Top Secret - Secret or confidential)
Multilevel Security Policies
34. The assignment of a specific individual to administer the security-related functions of a system.
Mandatory access control
Trusted facility management
B2 - Structured Protection
A1
35. The Physical memory address that the CPU uses
Absolute addresses
Enforces the rules
Basic Security Theorem (used in computer science) definition
Security rating B
36. Verification Protection
B1 - Labeled Security rating
Indexed addressing
Orange Book A
Evaluated separately
37. The Policy must be explicit and well defined and enforced by the mechanisms within the system
Security Policy - Orange Book
Process isolation
Relative Addresses
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
38. When the address location that is specified in the program instruction contains the address of the final desired location.
'Dominate'
Cache Memory
Indirect addressing
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
39. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
Thrashing
The security perimeter
B3 - Security Domains
The TCSEC - Aka Orange Book
40. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
Dedicated Security Mode
Division C - Discretionary Protection
Examples of Layered Operating Systems
An abstract machine
41. A1 is also called "Verified Design" and requires formal verification of the design and specifications.
Polyinstantiation
Direct addressing
Orange Book - A1
Discretionary Security Property (ds-property)
42. Trusted facility management is an assurance requirement only for ________________.
Dedicated Security Mode
Highly secure systems (B2 - B3 and A1)
Prevent secret information from being accessed
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
43. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
An abstract machine
C1 - Discretionary Security Protection
Orange Book - A1
Simple Security Rule
44. What prevents a process from accessing another process' data?
Physical security
Simple Integrity Axiom
The Thread (memory Management)
Process isolation
45. Mandatory access control is enfored by the use of security labels.
Division B - Mandatory Protection
The Monolithic Operation system Architecture
Basic Security Theorem (used in computer science) definition
Labels - Orange Book
46. The TCB is the ________________ within a computer system that work together to enforce a security policy.
The Clark Wilson integrity model
A Layered Operating System Architecure
B1 - Labeled Security rating
Totality of protection mechanisms
47. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)
Dominate the object's sensitivity label
*-Integrity Axiom
B3 - Security Domains
Division D - Minimal Protection
48. Using TPs (Transformation Procedures) to modify CDIs (Constrained Data) items is refered to as Well-Formed transaction
Clark-Wilson Model
Division B - Mandatory Protection Architecture
Documentation - Orange Book
A1
49. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
TCB (Trusted Computing Base)
International Standard 15408
Be protected from modification
Controlling unauthorized downgrading of information
50. Which uses Protection Profiles and Security Targets?
Controls the checks
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Process isolation
International Standard 15408