SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
Thrashing
C2
TCB (Trusted Computing Base)
All Mandatory Access Control (MAC) systems
2. The Availability - Integrity and confidentiality requirements of multitasking operating systems
Protection Rings Support
All Mandatory Access Control (MAC) systems
Files - directories and devices
The Biba Model
3. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
A1 - Rating
The Thread (memory Management)
B2
Controlling unauthorized downgrading of information
4. Which uses Protection Profiles and Security Targets?
Scalar processors
Multiprocessing
International Standard 15408
Attributable data
5. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
The National Computer Security Center (NCSC)
The Simple Security Property
B3
The Security Kernel
6. The total combination of protection mechanisms within a computer system
Files - directories and devices
Orange Book - A1
Trusted Network Interpretation (TNI)
TCB (Trusted Computing Base)
7. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.
The Evaluated Products List (EPL) with their corresponding rating
First evaluation class
Direct Addressing
Models concerned with integrity
8. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
NOT Integrity
Labels - Orange Book
Models concerned with integrity
The security kernel
9. Levels of Security and Levels of Trust Lower Letters of the alphabet represent higher levels of security. Higher numbers indicate a greater level of trust.
Buffer (temporary data storage area)
Process isolation
Mandatory Access Control (MAC)
Orange Book ratings
10. Which is a straightforward approach that provides access rights to subjects for objects?
Accreditation
Dominate the object's sensitivity label
Access Matrix model
Higher or equal to access class
11. A subject at a given clearance may not read an object at a higher classification
Orange Book - A1
Primary storage
The TCSEC - Aka Orange Book
The Simple Security Property
12. The Reserved hard drive space used to to extend RAM capabilites.
Swap Space
The Clark Wilson integrity model
Its classification label (Top Secret - Secret or confidential)
C1 - Discretionary Security Protection
13. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
Ring 1
Invocation Property
NOT Integrity
Division C - Discretionary Protection
14. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m
C2 - Controlled Access Protection
Firmware
Trusted Distribution
Programmable Read-Only Memory (PROM)
15. The Indexed memory addresses that software uses
The security perimeter
Pipelining
Totality of protection mechanisms
Logical addresses
16. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
Types of covert channels
Networks and Communications
Sensitivity labels
Life-cycle assurance - O/B
17. Audit data must be captured and protected to enforce accountability
The Security Kernel
C2
C2
Accountability - Orange Book
18. Succesfully Evaluated products are placed on?
Pagefile.sys file
The Evaluated Products List (EPL) with their corresponding rating
Files - directories and devices
Its Clearance Label (Top Secret - Secret - or Confidential)
19. What does the simple integrity axiom mean in the Biba model?
Simple Security Rule
Access control to the objects by the subjects
Orange Book interpretations
No read down
20. Intended for environments that require systems to handle classified data.
Subject to Object Model
Discretionary Security Property (ds-property)
C1
B1 - Labeled Security rating
21. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
*-Integrity Axiom
A Base Register (Memory Management)
The Simple Security Property
Evaluated separately
22. Documentation must be provided - including test - design - and specification document - user guides and manuals
The Tranqulity principle (The Bell-LaPadula Model)
Simple Integrity Axiom
Documentation - Orange Book
Erasable and Programmable Read-Only Memory (EPROM)
23. In the Bell-LaPadula Model the Object's Label contains ___________________.
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
The security perimeter
Its classification label (Top Secret - Secret or confidential)
A Domain
24. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.
Multiprocessing
Need-to-know
Reduced Instruction Set Computers (RISC)
A Domain
25. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
Scalar processors
A Limit Register (Memory Management)
B2 - Structured Protection
Government and military applications
26. Which is an ISO standard product evaluation criteria that supersedes several different criteria
The Common Criteria
A1 - Rating
Absolute addresses
TCB (Trusted Computing Base)
27. The first mathematical model of a multi-level security policy used to define the concept of a secure state - the modes of access - and rules for granting access?
Complex Instruction Set Computers (CISC)
Bell-LaPadula Model
Programmable Read-Only Memory (PROM)
Ring 3
28. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
Swap Space
In C2 - Controlled Access Protection environment
The Common Criteria
The Evaluated Products List (EPL) with their corresponding rating
29. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object
Ring 0
Access control to the objects by the subjects
The National Computer Security Center (NCSC)
Disclosure of residual data
30. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.
State machine model
C1 - Discretionary Security Protection
Protection Rings Support
Security Policy
31. When the contents of the address defined in the program's instruction is added to that of an index register.
Covert channels
Indexed addressing
security protection mechanisms
Certification
32. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)
Firmware
The Common Criteria
Trusted Network Interpretation (TNI)
Buffer (temporary data storage area)
33. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.
Continuous protection - O/B
A and B
Division B - Mandatory Protection
Subject to Object Model
34. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle
Security Policy is clearly defined and documented
Security mechanisms and evalautes their effectivenes
The Common Criteria
Complex Instruction Set Computers (CISC)
35. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.
Simple Security Rule
Orange Book ratings
Ring 2
B1 - Labeled Security rating
36. Users need to be Identified individually to provide more precise acces control and auditing functionality.
The Red Book
Multiprocessing
C2 - Controlled Access Protection
A security domain
37. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.
Trusted Products Evaluation Program (TPEP)
All Mandatory Access Control (MAC) systems
NOT Integrity
Operational assurance requirements
38. Verification Protection
'Dominate'
Orange Book A
Orange Book - B3
Programmable Read-Only Memory (PROM)
39. In ______________ the subject must have: Need to Know for ALL the information contained within the system.
Dedicated Security Mode
Direct Addressing
The "No write Down" Rule
The Security Kernel
40. TCSEC provides a means to evaluate ______________________.
Logical addresses
The Integrity of data within applications
Mandatory Access Control (MAC)
The trustworthiness of an information system
41. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
The Trusted Computing Base (TCB)
B1
B1 - Labeled Security rating
Division B - Mandatory Protection Architecture
42. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.
B3
Division B - Mandatory Protection
Be protected from modification
Programmable Read-Only Memory (PROM)
43. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
Orange Book - B2
B3
B3 - Security Domains
Logical addresses
44. Execute one instruction at a time.
Process isolation
Scalar processors
Identification - Orange Book
Direct addressing
45. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
Indirect addressing
Virtual Memory
Division D - Minimal Protection
A security kernel
46. When the RAM and secondary storage are combined the result is __________.
Buffer overflows
Virtual Memory
Dominate the object's sensitivity label
Security rating B
47. Applications and user activity
Ring 0
Complex Instruction Set Computers (CISC)
Indexed addressing
Ring 3
48. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
Labels - Orange Book
Administrative declaration
The reference monitor
The Security Kernel
49. Which can be used as a covert channel?
Types of covert channels
B1
Storage and timing
Accreditation
50. Discretionary protection
Life-cycle assurance - O/B
B2
Orange Book C
A Base Register (Memory Management)