SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu
B2 rating
Security Policy is clearly defined and documented
Orange Book - B3
Its classification label (Top Secret - Secret or confidential)
2. A Policy based control. All objects and systems have a sensitivity level assigned to them
Mandatory Access Control (MAC)
Process isolation
Buffer overflows
Direct addressing
3. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?
Disclosure of residual data
Isolate processes
Files - directories and devices
Compare the security labels
4. Applications and user activity
Pagefile.sys file
Ring 3
State machine model
B2 rating
5. What does the * (star) property mean in the Bell-LaPadula model?
No write down
A and B
No read down
C1 - Discrection Security Protection is a type of environment
6. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.
Secondary Storage
Higher or equal to access class
The TCSEC - Aka Orange Book
NOT Integrity
7. When a portion of primary memory is accessed by specifying the actual address of the memory location
Dedicated Security Mode
TCB (Trusted Computing Base)
Pagefile.sys file
Direct addressing
8. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m
Continuous protection - O/B
Integrity
Trusted hardware - Software and Firmware
C2 - Controlled Access Protection
9. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
Prohibits
Multitasking
Models concerned with integrity
Buffer (temporary data storage area)
10. Can be erased - modified and upgraded.
Erasable and Programmable Read-Only Memory (EPROM)
Division B - Mandatory Protection
Secondary Storage
Totality of protection mechanisms
11. The Biba Model adresses _____________________.
No read up
A security kernel
The Integrity of data within applications
Division B - Mandatory Protection
12. Another word for Primary storage and distinguishes physical memory from virtual memory.
An abstract machine
C2
Real storage
Security rating B
13. The total combination of protection mechanisms within a computer system
Invocation Property
D
B3 - Rating
TCB (Trusted Computing Base)
14. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain
Real storage
Constrained
Firmware
Integrity
15. Minimal Security
Sensitivity labels
Indexed addressing
A Thread
Orange Book - D
16. Which would be designated as objects on a MAC system?
Division D - Minimal Protection
Sensitivity labels
The security perimeter
Files - directories and devices
17. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
No read up
The Rule is talking about writing
Prevent secret information from being accessed
Access Matrix model
18. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.
Erasable and Programmable Read-Only Memory (EPROM)
Simple Security Rule
Ring 3
In C2 - Controlled Access Protection environment
19. Audit data must be captured and protected to enforce accountability
Accountability - Orange Book
Accreditation
Disclosure of residual data
Invocation Property
20. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
Implement software or systems in a production environment
Controlling unauthorized downgrading of information
The Tranqulity principle (The Bell-LaPadula Model)
Types of covert channels
21. Simpler instructions that require fewer clock cycles to execute.
Reduced Instruction Set Computers (RISC)
Prevent secret information from being accessed
Security Policy - Orange Book
B1 - Labeled Security
22. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.
Buffer overflows
Life Cycle Assurance Requirement
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Virtual storage
23. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?
Trusted Products Evaluation Program (TPEP)
Protection Rings Support
The Tranqulity principle (The Bell-LaPadula Model)
Fail safe
24. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
Orange Book A
Security rating B
TCB (Trusted Computing Base)
A1 - Rating
25. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
System High Security Mode
Controlling unauthorized downgrading of information
Swap Space
Orange Book ratings
26. Contains the beginning address
Implement software or systems in a production environment
Pipelining
Its Clearance Label (Top Secret - Secret - or Confidential)
A Base Register (Memory Management)
27. Using TPs (Transformation Procedures) to modify CDIs (Constrained Data) items is refered to as Well-Formed transaction
Clark-Wilson Model
Dedicated Security Mode
Life Cycle Assurance Requirement
Its Clearance Label (Top Secret - Secret - or Confidential)
28. Intended for environments that require systems to handle classified data.
Direct addressing
B1 - Labeled Security rating
Its Clearance Label (Top Secret - Secret - or Confidential)
Direct Addressing
29. Based on a known address with an offset value applied.
Protection Rings Support
The National Computer Security Center (NCSC)
Relative Addresses
A single classification and a Compartment Set
30. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
Virtual Memory
D
Life Cycle Assurance Requirement
The Rule is talking about writing
31. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
Certification
The Security Kernel
Trusted hardware - Software and Firmware
Orange Book - B3
32. Documentation must be provided - including test - design - and specification document - user guides and manuals
Need-to-know
Constrained
Attributable data
Documentation - Orange Book
33. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
Orange Book B
Orange Book - B3
Identification - Orange Book
Division D - Minimal Protection
34. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.
Buffer (temporary data storage area)
Security Policy - Orange Book
Primary storage
Dedicated Security Mode
35. I/O drivers and utilities
Its classification label (Top Secret - Secret or confidential)
B3
Ring 2
Attributable - original - accurate - contemporaneous and legible
36. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
No read up
B3 - Rating
Overt channel
Storage and timing
37. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?
Security rating B
The Thread (memory Management)
The TCSEC - Aka Orange Book
Integrity
38. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
The Red Book
Mandatory Access Control (MAC)
A Thread
Indirect addressing
39. A1 is also called "Verified Design" and requires formal verification of the design and specifications.
Process isolation
Orange Book - A1
Physical security
B2 rating
40. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
Division B - Mandatory Protection Architecture
The reference monitor
The security kernel
Multilevel Security Policies
41. Which describe a condition when RAM and Secondary storage are used together?
Integrity
Storage and timing
Virtual storage
Trusted hardware - Software and Firmware
42. The Physical memory address that the CPU uses
The Clark Wilson integrity model
B2 - Structured Protection
Absolute addresses
Real storage
43. A type of memory used for High-speed writing and reading activities.
In C2 - Controlled Access Protection environment
Stored in Reak Memory
Cache Memory
A Limit Register (Memory Management)
44. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
The Biba Model
The National Computer Security Center (NCSC)
Integrity
The reference monitor
45. Mandatory access control is enfored by the use of security labels.
Division B - Mandatory Protection
The Monolithic Operation system Architecture
Buffer overflows
Ring 0
46. A set of objects that a subject is able to access
A Domain
Fail safe
The Tranqulity principle (The Bell-LaPadula Model)
The security perimeter
47. TCB contains The Security Kernel and all ______________.
The "No read Up" rule
The Red Book
System High Security Mode
security protection mechanisms
48. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
The security kernel
Execution Domain
Sensitivity labels
Its classification label (Top Secret - Secret or confidential)
49. The reserved hard drive space used to Extend RAM capabilities. Windows system use the pagefile.sys file to reserve this space
Swap Space
Highly secure systems (B2 - B3 and A1)
C2 - Controlled Access Protection
Disclosure of residual data
50. A system uses the Reference Monitor to ___________________ of a subject and an object?
A Domain
Compare the security labels
Reduced Instruction Set Computers (RISC)
Access control to the objects by the subjects
