SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The Physical memory address that the CPU uses
Absolute addresses
Division D - Minimal Protection
Implement software or systems in a production environment
Prohibits
2. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
In C2 - Controlled Access Protection environment
Absolute addresses
The National Computer Security Center (NCSC)
Security Policy is clearly defined and documented
3. The Policy must be explicit and well defined and enforced by the mechanisms within the system
No read down
Security Policy - Orange Book
Security Policy is clearly defined and documented
A Base Register (Memory Management)
4. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.
The Security Kernel
C2 - Controlled Access Protection
Continuous protection - O/B
NOT Integrity
5. A system uses the Reference Monitor to ___________________ of a subject and an object?
Compare the security labels
C1 - Discrection Security Protection is a type of environment
Bell-LaPadula Model
Trusted Network Interpretation (TNI)
6. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object
Logical addresses
Access control to the objects by the subjects
Trusted hardware - Software and Firmware
Simple Integrity Axiom
7. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
Protection Rings Support
Security Policy - Orange Book
Orange Book B
C2
8. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
B2 - Structured Protection
C2 - Controlled Access Protection
The Clark Wilson integrity model
The security perimeter
9. What is called the formal acceptance of the adequacy of a system's overall security by management?
Prevent secret information from being accessed
Most commonly used approach
Accreditation
All Mandatory Access Control (MAC) systems
10. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
Dedicated Security Mode
The security perimeter
A1
Division C - Discretionary Protection
11. Security Labels are not required until __________; thus C2 does not require security labels but B1 does
Primary storage
Orange Book B
Complex Instruction Set Computers (CISC)
Security rating B
12. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
The Security Kernel
An abstract machine
Security mechanisms and evalautes their effectivenes
The Red Book
13. Mediates all access and Functions between subjects and objects.
A Layered Operating System Architecure
Basic Security Theorem (used in computer science) definition
Ring 2
The Security Kernel
14. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.
Indirect addressing
The rule is talking about "Reading"
Thrashing
Constrained
15. Operating System Kernel
Ring 0
The *-Property rule (Star property)
Accountability - Orange Book
D
16. Which is a straightforward approach that provides access rights to subjects for objects?
NOT Integrity
Orange Book C
Ring 1
Access Matrix model
17. When the contents of the address defined in the program's instruction is added to that of an index register.
The Rule is talking about writing
Ring 1
Indexed addressing
The National Computer Security Center (NCSC)
18. What does the simple integrity axiom mean in the Biba model?
The Strong star property rule
A and B
No read down
Real storage
19. Which increases the performance in a computer by overlapping the steps of different instructions?
Division B - Mandatory Protection
Pipelining
The security perimeter
Programmable Read-Only Memory (PROM)
20. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
Division C - Discretionary Protection
Orange Book B
'Dominate'
A and B
21. Can be erased - modified and upgraded.
No read up
Erasable and Programmable Read-Only Memory (EPROM)
Execution Domain
The Monolithic Operation system Architecture
22. In access control terms - the word "dominate" refers to ___________.
Higher or equal to access class
Implement software or systems in a production environment
B3 - Rating
B3 - Security Domains
23. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.
Bell-LaPadula Model
Division C - Discretionary Protection
B1 - Labeled Security rating
Execution Domain
24. Used by Windows systems to reserve the "Swap Space"
Prohibits
Pagefile.sys file
Security rating B
B2 - Structured Protection
25. The TCB is the ________________ within a computer system that work together to enforce a security policy.
'Dominate'
Mandatory Access Control (MAC)
Totality of protection mechanisms
Orange Book - B2
26. A subject at a given clearance may not read an object at a higher classification
Multitasking
Basic Security Theorem (used in computer science) definition
The Simple Security Property
Logical addresses
27. Which TCSEC level first addresses object reuse?
Orange Book - B3
The Strong star property rule
C2
B2 - Structured Protection
28. Users need to be Identified individually to provide more precise acces control and auditing functionality.
C2 - Controlled Access Protection
A and B
Scalar processors
Logical addresses
29. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
The security perimeter
No write down
Mandatory Access Control (MAC)
Models concerned with integrity
30. For a subject to have read access to an object in a Multi-Level Security Policy - it is necessary that the subject's sensitivity label must ____________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
31. Succesfully Evaluated products are placed on?
The Evaluated Products List (EPL) with their corresponding rating
Dominate the object's sensitivity label
The security kernel
B3
32. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.
Orange Book interpretations
Buffer (temporary data storage area)
Enforces the rules
B1 - Labeled Security
33. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.
Orange Book - A1
Absolute addresses
Programmable Read-Only Memory (PROM)
The Security Kernel
34. Which describe a condition when RAM and Secondary storage are used together?
Virtual storage
Files - directories and devices
Indirect addressing
D
35. Mandatory access control is enfored by the use of security labels.
Files - directories and devices
Ring 2
Division B - Mandatory Protection
The Biba Model
36. A1 is also called "Verified Design" and requires formal verification of the design and specifications.
Orange Book - A1
Access Matrix model
B3
Polyinstantiation
37. The C2 evaluation class of the _________________ offers controlled access protection.
System High Security Mode
C2 - Controlled Access Protection
Attributable - original - accurate - contemporaneous and legible
Trusted Network Interpretation (TNI)
38. TCB contains The Security Kernel and all ______________.
The Security Kernel
Implement software or systems in a production environment
B2 rating
security protection mechanisms
39. Components considered as part of the Trusted Computing Base (from the Orange Book) are?
Trusted hardware - Software and Firmware
Division B - Mandatory Protection Architecture
Constrained
C2
40. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
The security perimeter
The Integrity of data within applications
Fail safe
A lattice of Intergrity Levels
41. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs
Secondary Storage
Division B - Mandatory Protection
C2 - Controlled Access Protection
The Thread (memory Management)
42. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
Absolute addresses
Controls the checks
Be protected from modification
Direct Addressing
43. When a portion of primary memory is accessed by specifying the actual address of the memory location
Need-to-know
Disclosure of residual data
A lattice of Intergrity Levels
Direct addressing
44. Which can be used as a covert channel?
Orange Book - A1
A Limit Register (Memory Management)
Covert channels
Storage and timing
45. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system
Life Cycle Assurance Requirement
Multitasking
Isolate processes
Labels - Orange Book
46. Based on a known address with an offset value applied.
Relative Addresses
Cache Memory
Pipelining
Multiprocessing
47. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.
The "No write Down" Rule
Swap Space
A lattice of Intergrity Levels
C1 - Discrection Security Protection is a type of environment
48. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.
Documentation - Orange Book
Administrative declaration
Physical security
No read up
49. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
Scalar processors
The Integrity of data within applications
Overt channel
Security Policy is clearly defined and documented
50. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
Administrative declaration
The Rule is talking about writing
Invocation Property
Thrashing
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests