Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In both the Bell-LaPadula and Biba Models if the word "* or Star is used - _______________.






2. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.






3. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked






4. The first mathematical model of a multi-level security policy used to define the concept of a secure state - the modes of access - and rules for granting access?






5. In the Bell-LaPadula Model the Subject's Label contains ___________________.






6. A set of objects that a subject is able to access






7. A domain of trust that shares a single security policy and single management






8. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.






9. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.






10. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.






11. The total combination of protection mechanisms within a computer system






12. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"






13. Applications and user activity






14. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.






15. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?






16. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.






17. A type of memory used for High-speed writing and reading activities.






18. The Physical memory address that the CPU uses






19. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.






20. When a portion of primary memory is accessed by specifying the actual address of the memory location






21. The Indexed memory addresses that software uses






22. Can be erased - modified and upgraded.






23. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system






24. The combination of RAM - Cache and the Processor Registers






25. Happen because input data is not checked for appropriate length at time of input






26. The Red Book aka Trusted Network Interpretation (TNI) - provides _________________ for Trusted computer and communications network systems under the areas of assurance requirements






27. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards






28. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.






29. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.






30. Which uses Protection Profiles and Security Targets?






31. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.






32. System Architecture that separates system functionality into Hierarchical layers






33. What does the simple security (ss) property mean in the Bell-LaPadula model?






34. For a subject to have read access to an object in a Multi-Level Security Policy - it is necessary that the subject's sensitivity label must ____________________.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


35. When a computer uses more than one CPU in parallel to execute instructions is known as?






36. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.






37. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.






38. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.






39. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.






40. The TCB is the ________________ within a computer system that work together to enforce a security policy.






41. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.






42. The Orange book requires protection against two_____________ - which are these Timing and Storage






43. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)






44. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.






45. As per FDA data should be ______________________________.






46. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs






47. Components considered as part of the Trusted Computing Base (from the Orange Book) are?






48. Which TCSEC level first addresses object reuse?






49. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?






50. Requires more stringent authentication mechanisms and well-defined interfaces among layers.