Test your basic knowledge |

CISSP Security Architecture And Design

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.
The Trusted Computing Base (TCB)
Dedicated Security Mode
Access control to the objects by the subjects
Attributable data

2. A set of objects that a subject is able to access
The Simple Security Property
No read down
A Domain
Security Policy

3. Which TCSEC level first addresses object reuse?
A security kernel
Division B - Mandatory Protection Architecture
C2
The rule is talking about "Reading"

4. Operating System Kernel
Ring 0
Networks and Communications
Higher or equal to access class
Isolate processes

5. Trusted facility management is an assurance requirement only for ________________.
Primary storage
Isolate processes
Highly secure systems (B2 - B3 and A1)
Secondary Storage

6. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.
Most commonly used approach
Fail safe
State machine model
Swap Space

7. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system
Isolate processes
Accreditation
Basic Security Theorem (used in computer science) definition
Models concerned with integrity

8. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
NOT Integrity
A and B
Direct Addressing
Division C - Discretionary Protection

9. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.
Controlling unauthorized downgrading of information
A Domain
Simple Security Rule
Documentation - Orange Book

10. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.
D
Programmable Read-Only Memory (PROM)
Subject to Object Model
Scalar processors

11. A type of memory used for High-speed writing and reading activities.
Cache Memory
security protection mechanisms
Indexed addressing
Life-cycle assurance - O/B

12. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.
First evaluation class
B3 - Security Domains
Primary storage
Orange Book - A1

13. When a vendor submits a product for evaluation - it submits it to the ____________.
A1 - Rating
A Domain
The Biba Model
The National Computer Security Center (NCSC)

14. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.
Pagefile.sys file
Trusted Products Evaluation Program (TPEP)
Process isolation
NOT Integrity

15. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
Mandatory Access Control (MAC)
Types of covert channels
The Red Book
Virtual Memory

16. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
The Red Book
Attributable - original - accurate - contemporaneous and legible
All Mandatory Access Control (MAC) systems
The "No write Down" Rule

17. The Availability - Integrity and confidentiality requirements of multitasking operating systems
Dedicated Security Mode
Protection Rings Support
A and B
The Red Book

18. Documentation must be provided - including test - design - and specification document - user guides and manuals
Documentation - Orange Book
Real storage
The National Computer Security Center (NCSC)
B3 - Security Domains

19. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma
Life Cycle Assurance Requirement
B3
Discretionary Security Property (ds-property)
The Simple Security Property

20. A subject at a given clearance may not read an object at a higher classification
The "No write Down" Rule
A Thread
B1
The Simple Security Property

21. TCB contains The Security Kernel and all ______________.
C2
Relative Addresses
security protection mechanisms
The *-Property rule (Star property)

22. Certification is a Technical review that assesses the _____________ - where as Accreditation is management's Official acceptance of the information in the Certification process findings.
Security mechanisms and evalautes their effectivenes
Documentation - Orange Book
Buffer (temporary data storage area)
Indirect addressing

23. Based on a known address with an offset value applied.
System High Security Mode
Logical addresses
Relative Addresses
security protection mechanisms

24. When the contents of the address defined in the program's instruction is added to that of an index register.
Indexed addressing
The National Computer Security Center (NCSC)
Need-to-know
Trusted Distribution

25. Simpler instructions that require fewer clock cycles to execute.
Scalar processors
Reduced Instruction Set Computers (RISC)
The Thread (memory Management)
Orange Book ratings

26. Verification Protection
Orange Book - D
Complex Instruction Set Computers (CISC)
B3 - Security Domains
Orange Book A

27. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.
security protection mechanisms
Orange Book - B2
Orange Book C
Clark-Wilson

28. What does the Clark-Wilson security model focus on
Integrity
Storage and timing
Mandatory Access Control (MAC)
The Tranqulity principle (The Bell-LaPadula Model)

29. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Its Clearance Label (Top Secret - Secret - or Confidential)
B2
The Common Criteria

30. Which Orange Book evaluation level is described as "Verified Design"?
Trusted facility management
Controlling unauthorized downgrading of information
A1
Assigned labels

31. Which would be designated as objects on a MAC system?
C1 - Discretionary Security Protection
Disclosure of residual data
Files - directories and devices
A single classification and a Compartment Set

32. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.
Orange Book C
Division B - Mandatory Protection
Execution Domain
Physical security

33. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.
Division B - Mandatory Protection Architecture
Trusted hardware - Software and Firmware
C1 - Discrection Security Protection is a type of environment
'Dominate'

34. Access control labels must be associated properly with objects.
Totality of protection mechanisms
Labels - Orange Book
attributability
Higher or equal to access class

35. Involves sharing the processor amoung all ready processes
Access control to the objects by the subjects
B1
Process isolation
Multitasking

36. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
Integrity
System High Security Mode
Prevent secret information from being accessed
Government and military applications

37. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
B3
Access control to the objects by the subjects
Trusted Products Evaluation Program (TPEP)
Secondary Storage

38. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
NOT Integrity
A1
C1 - Discrection Security Protection is a type of environment
B3 - Security Domains

39. Mandatory access control is enfored by the use of security labels.
Division B - Mandatory Protection
The "No write Down" Rule
TCB (Trusted Computing Base)
Higher or equal to access class

40. Security Labels are not required until __________; thus C2 does not require security labels but B1 does
Overt channel
The "No write Down" Rule
Security rating B
Protection Rings Support

41. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
Controlling unauthorized downgrading of information
Polyinstantiation
Life-cycle assurance - O/B
Need-to-know

42. The reserved hard drive space used to Extend RAM capabilities. Windows system use the pagefile.sys file to reserve this space
A Domain
Swap Space
Trusted Distribution
Certification

43. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
Orange Book interpretations
Orange Book - D
A security kernel
Pipelining

44. Contains the beginning address
Secondary Storage
Trusted Distribution
'Dominate'
A Base Register (Memory Management)

45. Can be erased - modified and upgraded.
Trusted facility management
C2 - Controlled Access Protection
Access control to the objects by the subjects
Erasable and Programmable Read-Only Memory (EPROM)

46. Bell-LaPadula model was proposed for enforcing access control in _____________________.
The Evaluated Products List (EPL) with their corresponding rating
Government and military applications
System High Security Mode
A1

47. The subject must have Need to Know for ONLY the information they are trying to access.
A lattice of Intergrity Levels
The Evaluated Products List (EPL) with their corresponding rating
System High Security Mode
Life Cycle Assurance Requirement

48. Minimal Security
Orange Book - D
Pipelining
Attributable - original - accurate - contemporaneous and legible
Orange Book interpretations

49. The Bell-LaPadula Model is a _______________.
*-Integrity Axiom
International Standard 15408
Bell-LaPadula Model
Subject to Object Model

50. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
NOT Integrity
A1 - Rating
Dedicated Security Mode
The security perimeter

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Major Subjects
Tests & Exams AP CLEP DSST GRE SAT GMAT	Certifications CISSP go to https://www.isc2.org/ PMP ITIL RHCE MCTS More...	IT Skills Android Programming Data Modeling Objective C Programming Basic Python Programming Adobe Illustrator More...	Business Skills Advertising Techniques Business Accounting Basics Business Strategy Human Resource Management Marketing Basics More...
Soft Skills Body Language People Skills Public Speaking Persuasion Job Hunting And Resumes More...	Vocabulary GRE Vocab SAT Vocab TOEFL Essential Vocab Basic English Words For All Global Words You Should Know Business English More...	Languages AP German Vocab AP Latin Vocab SAT Subject Test: French Italian Survival Norwegian Survival More...	Engineering Audio Engineering Computer Science Engineering Aerospace Engineering Chemical Engineering Structural Engineering More...
Health Sciences Basic Nursing Skills Health Science Language Fundamentals Veterinary Technology Medical Language Cardiology Clinical Surgery More...	English Grammar Fundamentals Literary And Rhetorical Vocab Elements Of Style Vocab Introduction To English Major Complete Advanced Sentences Literature Homonyms More...	Math Algebra Formulas Basic Arithmetic: Measurements Metric Conversions Geometric Properties Important Math Facts Number Sense Vocab Business Math More...	Other Major Subjects Science Economics History Law Performing-arts Cooking Logic & Reasoning Trivia

Test your basic knowledge |

CISSP Security Architecture And Design

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests

Major Subjects

Tests & Exams

Certifications

IT Skills

Business Skills

Soft Skills

Vocabulary

Languages

Engineering

Health Sciences

English

Math

Other Major Subjects

Browse all subjects

Browse all tests

Most popular tests