Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?






2. In both the Bell-LaPadula and Biba Models if the word "* or Star is used - _______________.






3. Documentation must be provided - including test - design - and specification document - user guides and manuals






4. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.






5. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu






6. When a vendor submits a product for evaluation - it submits it to the ____________.






7. Which increases the performance in a computer by overlapping the steps of different instructions?






8. Execute one instruction at a time.






9. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.






10. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle






11. The Indexed memory addresses that software uses






12. Contains an Address of where the instruction and dara reside that need to be processed.






13. The C2 evaluation class of the _________________ offers controlled access protection.






14. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"






15. I/O drivers and utilities






16. Audit data must be captured and protected to enforce accountability






17. Which can be used as a covert channel?






18. The total combination of protection mechanisms within a computer system






19. The Physical memory address that the CPU uses






20. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.






21. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.






22. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.






23. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)






24. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object






25. A Policy based control. All objects and systems have a sensitivity level assigned to them






26. Succesfully Evaluated products are placed on?






27. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.






28. The reserved hard drive space used to Extend RAM capabilities. Windows system use the pagefile.sys file to reserve this space






29. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked






30. Happen because input data is not checked for appropriate length at time of input






31. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.






32. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?






33. The Simple Security rule is refered to as______________.






34. TCSEC provides a means to evaluate ______________________.






35. The Bell-LaPadula model Subjects and Objects are ___________.






36. What access control technique is also known as multilevel security?






37. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.






38. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?






39. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?






40. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.






41. When the address location that is specified in the program instruction contains the address of the final desired location.






42. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.






43. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.






44. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.






45. Operating System Kernel






46. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.






47. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.






48. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.






49. Which Orange Book evaluation level is described as "Discretionary Security Protection"?






50. Which would be designated as objects on a MAC system?







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests