Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?






2. Discretionary protection






3. Applications and user activity






4. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.






5. Based on a known address with an offset value applied.






6. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?






7. Which can be used as a covert channel?






8. TCSEC provides a means to evaluate ______________________.






9. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.






10. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?






11. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.






12. When the contents of the address defined in the program's instruction is added to that of an index register.






13. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?






14. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.






15. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma






16. Individual subjects must be uniquely identified.






17. When a portion of primary memory is accessed by specifying the actual address of the memory location






18. System Architecture that separates system functionality into Hierarchical layers






19. Components considered as part of the Trusted Computing Base (from the Orange Book) are?






20. The Biba Model adresses _____________________.






21. The C2 evaluation class of the _________________ offers controlled access protection.






22. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards






23. Certification is a Technical review that assesses the _____________ - where as Accreditation is management's Official acceptance of the information in the Certification process findings.






24. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.






25. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?






26. The security kernel is the mechanism that _____________ of the reference monitor concept.






27. I/O drivers and utilities






28. A type of memory used for High-speed writing and reading activities.






29. Users need to be Identified individually to provide more precise acces control and auditing functionality.






30. Execute one instruction at a time.






31. Trusted facility management is an assurance requirement only for ________________.






32. Used by Windows systems to reserve the "Swap Space"






33. Bell-LaPadula model was proposed for enforcing access control in _____________________.






34. Each data object must contain a classification label and each subject must have a clearance label.






35. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?






36. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when






37. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.






38. Which Orange Book evaluation level is described as "Verified Design"?






39. A domain of trust that shares a single security policy and single management






40. The Policy must be explicit and well defined and enforced by the mechanisms within the system






41. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.






42. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?






43. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m






44. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system






45. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.






46. A1 is also called "Verified Design" and requires formal verification of the design and specifications.






47. According to the Orange Book - trusted facility management is not required for which security levels?






48. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?






49. Which is an ISO standard product evaluation criteria that supersedes several different criteria






50. The first mathematical model of a multi-level security policy used to define the concept of a secure state - the modes of access - and rules for granting access?