Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Contains the beginning address






2. Users need to be Identified individually to provide more precise acces control and auditing functionality.






3. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.






4. The Orange book does NOT Cover ________________ - And Database management systems






5. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when






6. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.






7. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?






8. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.






9. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data






10. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.






11. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.






12. When a vendor submits a product for evaluation - it submits it to the ____________.






13. What are the components of an object's sensitivity label?






14. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.






15. When the RAM and secondary storage are combined the result is __________.






16. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)






17. The combination of RAM - Cache and the Processor Registers






18. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.






19. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.






20. Another word for Primary storage and distinguishes physical memory from virtual memory.






21. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.






22. The Bell-LaPadula model Subjects and Objects are ___________.






23. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu






24. Which is a straightforward approach that provides access rights to subjects for objects?






25. Operating System Kernel






26. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.






27. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.






28. The Biba Model adresses _____________________.






29. Minimal Security






30. Access control labels must be associated properly with objects.






31. The Policy must be explicit and well defined and enforced by the mechanisms within the system






32. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?






33. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.






34. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.






35. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object






36. The *-Property rule is refered to as ____________.






37. The Reserved hard drive space used to to extend RAM capabilites.






38. Security Labels are not required until __________; thus C2 does not require security labels but B1 does






39. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m






40. Which in the Orange Book ratings represents the highest level of trust?






41. Mediates all access and Functions between subjects and objects.






42. TCSEC provides a means to evaluate ______________________.






43. What does the Clark-Wilson security model focus on






44. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.






45. Used by Windows systems to reserve the "Swap Space"






46. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.






47. When a portion of primary memory is accessed by specifying the actual address of the memory location






48. Should always trace to individuals responsible for observing and recording the data






49. A1 is also called "Verified Design" and requires formal verification of the design and specifications.






50. In the Bell-LaPadula Model the Object's Label contains ___________________.