SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Based on a known address with an offset value applied.
Programmable Read-Only Memory (PROM)
Orange Book B
Relative Addresses
Accreditation
2. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
Evaluated separately
State machine model
All Mandatory Access Control (MAC) systems
A and B
3. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system
Isolate processes
Orange Book A
Buffer (temporary data storage area)
The National Computer Security Center (NCSC)
4. The Biba Model adresses _____________________.
The Integrity of data within applications
Identification - Orange Book
Need-to-know
Polyinstantiation
5. The *-Property rule is refered to as ____________.
The "No write Down" Rule
A Limit Register (Memory Management)
C2 - Controlled Access Protection
Execution Domain
6. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
Enforces the rules
A Thread
Prevent secret information from being accessed
Orange Book B
7. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs
Direct addressing
Ring 1
Secondary Storage
Access Matrix model
8. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
A1 - Rating
Attributable data
Multitasking
In C2 - Controlled Access Protection environment
9. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.
Need-to-know
Mandatory access control
Life Cycle Assurance Requirement
Physical security
10. The Availability - Integrity and confidentiality requirements of multitasking operating systems
C2
B2 rating
C1 - Discrection Security Protection is a type of environment
Protection Rings Support
11. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.
Swap Space
Buffer (temporary data storage area)
Need-to-know
B2 - Structured Protection
12. Contains an Address of where the instruction and dara reside that need to be processed.
The Thread (memory Management)
The security kernel
Virtual Memory
'Dominate'
13. Subjects and Objects cannot change their security levels once they have been instantiated (created)
Multitasking
Buffer (temporary data storage area)
The Tranqulity principle (The Bell-LaPadula Model)
Totality of protection mechanisms
14. A set of objects that a subject is able to access
Fail safe
Cache Memory
Secondary Storage
A Domain
15. When the address location that is specified in the program instruction contains the address of the final desired location.
Indirect addressing
Indexed addressing
The Red Book
Firmware
16. Which can be used as a covert channel?
Storage and timing
Integrity
Be protected from modification
Pipelining
17. What does the * (star) property mean in the Bell-LaPadula model?
The "No write Down" Rule
No write down
Orange Book interpretations
Prohibits
18. What are the components of an object's sensitivity label?
C2 - Controlled Access Protection
Orange Book ratings
A single classification and a Compartment Set
First evaluation class
19. TCSEC provides a means to evaluate ______________________.
Files - directories and devices
Orange Book B
C2 - Controlled Access Protection
The trustworthiness of an information system
20. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.
The security perimeter
The "No read Up" rule
attributability
Reduced Instruction Set Computers (RISC)
21. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
The National Computer Security Center (NCSC)
Orange Book - B3
All Mandatory Access Control (MAC) systems
B3
22. When the RAM and secondary storage are combined the result is __________.
Orange Book - A1
Orange Book B
Division C - Discretionary Protection
Virtual Memory
23. Access control labels must be associated properly with objects.
Orange Book A
Identification - Orange Book
Covert channels
Labels - Orange Book
24. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
B2 rating
Continuous protection - O/B
Polyinstantiation
Buffer (temporary data storage area)
25. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
All Mandatory Access Control (MAC) systems
A1
The security perimeter
Orange Book - B3
26. Which is an ISO standard product evaluation criteria that supersedes several different criteria
Compare the security labels
A Base Register (Memory Management)
B2 - Structured Protection
The Common Criteria
27. What prevents a process from accessing another process' data?
Subject to Object Model
Relative Addresses
The Tranqulity principle (The Bell-LaPadula Model)
Process isolation
28. Mediates all access and Functions between subjects and objects.
Higher or equal to access class
The Security Kernel
In C2 - Controlled Access Protection environment
C2
29. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.
The Thread (memory Management)
Accountability - Orange Book
C2 - Controlled Access Protection
A Base Register (Memory Management)
30. The Red Book aka Trusted Network Interpretation (TNI) - provides _________________ for Trusted computer and communications network systems under the areas of assurance requirements
TCB (Trusted Computing Base)
Orange Book interpretations
Mandatory access control
C1 - Discrection Security Protection is a type of environment
31. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.
B3 - Rating
The Tranqulity principle (The Bell-LaPadula Model)
Controls the checks
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
32. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
A Base Register (Memory Management)
Operational assurance requirements
Overt channel
Certification
33. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.
Indexed addressing
The Trusted Computing Base (TCB)
Division B - Mandatory Protection
A security kernel
34. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
Attributable - original - accurate - contemporaneous and legible
Identification - Orange Book
First evaluation class
The security kernel
35. A Policy based control. All objects and systems have a sensitivity level assigned to them
The Clark Wilson integrity model
In C2 - Controlled Access Protection environment
Access control to the objects by the subjects
Mandatory Access Control (MAC)
36. Certification is a Technical review that assesses the _____________ - where as Accreditation is management's Official acceptance of the information in the Certification process findings.
The Trusted Computing Base (TCB)
Security mechanisms and evalautes their effectivenes
Operational assurance requirements
In C2 - Controlled Access Protection environment
37. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
Highly secure systems (B2 - B3 and A1)
Orange Book - B2
Prevent secret information from being accessed
The rule is talking about "Reading"
38. When a portion of primary memory is accessed by specifying the actual address of the memory location
Direct addressing
Relative Addresses
Security mechanisms and evalautes their effectivenes
The security kernel
39. The Security Model Incorporates the ____________ that should be enforced in the system.
Assigned labels
Security Policy
The trustworthiness of an information system
Physical security
40. Intended for environments that require systems to handle classified data.
The Evaluated Products List (EPL) with their corresponding rating
B1 - Labeled Security rating
The Strong star property rule
Complex Instruction Set Computers (CISC)
41. The Simple Security rule is refered to as______________.
The "No read Up" rule
Clark-Wilson
The Integrity of data within applications
A1 - Rating
42. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
Reduced Instruction Set Computers (RISC)
Constrained
Networks and Communications
Invocation Property
43. Operating System Kernel
Ring 0
Enforces the rules
Constrained
Assigned labels
44. Which TCSEC level first addresses object reuse?
Controls the checks
Stored in Reak Memory
C2
Protection Rings Support
45. The Policy must be explicit and well defined and enforced by the mechanisms within the system
Security Policy - Orange Book
Assigned labels
A Limit Register (Memory Management)
Relative Addresses
46. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
Multilevel Security Policies
A security kernel
C2 - Controlled Access Protection
Absolute addresses
47. The Bell-LaPadula model Subjects and Objects are ___________.
Assigned labels
Access control to the objects by the subjects
In C2 - Controlled Access Protection environment
Models concerned with integrity
48. Each data object must contain a classification label and each subject must have a clearance label.
Division B - Mandatory Protection Architecture
Security Policy
Sensitivity labels
B1 - Labeled Security
49. Bell-LaPadula model was proposed for enforcing access control in _____________________.
A Limit Register (Memory Management)
The security perimeter
B1 - Labeled Security rating
Government and military applications
50. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
Primary storage
Trusted Distribution
Clark-Wilson
Security rating B
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests