SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A subject at a given clearance may not read an object at a higher classification
Accreditation
B3 - Security Domains
Division D - Minimal Protection
The Simple Security Property
2. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards
Administrative declaration
The Common Criteria
The Monolithic Operation system Architecture
Orange Book - B2
3. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
The trustworthiness of an information system
Ring 2
Accountability - Orange Book
D
4. Happen because input data is not checked for appropriate length at time of input
State machine model
Buffer (temporary data storage area)
Trusted Products Evaluation Program (TPEP)
Buffer overflows
5. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.
Execution Domain
C2 - Controlled Access Protection
Covert channels
D
6. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
C2
C2
Orange Book - B1
Overt channel
7. System Architecture that separates system functionality into Hierarchical layers
A Layered Operating System Architecure
Mandatory Access Control (MAC)
Process isolation
Security Policy is clearly defined and documented
8. The Security Model Incorporates the ____________ that should be enforced in the system.
The Evaluated Products List (EPL) with their corresponding rating
Examples of Layered Operating Systems
Security Policy
The Biba Model
9. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain
security protection mechanisms
Isolate processes
Constrained
B1
10. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?
Prohibits
The TCSEC - Aka Orange Book
The Thread (memory Management)
All Mandatory Access Control (MAC) systems
11. Contains the ending address
Prevent secret information from being accessed
Prohibits
A Limit Register (Memory Management)
Real storage
12. The reserved hard drive space used to Extend RAM capabilities. Windows system use the pagefile.sys file to reserve this space
Swap Space
The Rule is talking about writing
First evaluation class
The Monolithic Operation system Architecture
13. Bell-LaPadula Model -______________: A subject in a given security level can NOT WRITE information to a LOWER security level.
The *-Property rule (Star property)
D
security protection mechanisms
The Rule is talking about writing
14. What model use an access control triples and requires that the system maintain separation of duty ?
D
Clark-Wilson
Prevent secret information from being accessed
An abstract machine
15. The subject must have Need to Know for ONLY the information they are trying to access.
System High Security Mode
Indirect addressing
Trusted hardware - Software and Firmware
A Base Register (Memory Management)
16. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Security rating B
Dedicated Security Mode
Evaluated separately
security protection mechanisms
17. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.
All Mandatory Access Control (MAC) systems
Bell-LaPadula Model
No read up
Simple Security Rule
18. Succesfully Evaluated products are placed on?
The Evaluated Products List (EPL) with their corresponding rating
The Common Criteria
The Rule is talking about writing
Division B - Mandatory Protection Architecture
19. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.
Higher or equal to access class
*-Integrity Axiom
The reference monitor
The Trusted Computing Base (TCB)
20. Which uses Protection Profiles and Security Targets?
International Standard 15408
A lattice of Intergrity Levels
Stored in Reak Memory
Identification - Orange Book
21. What are the components of an object's sensitivity label?
A single classification and a Compartment Set
The security perimeter
Execution Domain
Orange Book - D
22. Involves sharing the processor amoung all ready processes
C1 - Discretionary Security Protection
Ring 2
The security kernel
Multitasking
23. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs
The Security Kernel
State machine model
Secondary Storage
Orange Book - B1
24. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.
Prohibits
The Strong star property rule
Division C - Discretionary Protection
Simple Integrity Axiom
25. The TCB is the ________________ within a computer system that work together to enforce a security policy.
Totality of protection mechanisms
Multitasking
The National Computer Security Center (NCSC)
Virtual storage
26. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.
Programmable Read-Only Memory (PROM)
B1 - Labeled Security
Trusted hardware - Software and Firmware
Storage and timing
27. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)
The Strong star property rule
Dominate the object's sensitivity label
*-Integrity Axiom
Prohibits
28. The *-Property rule is refered to as ____________.
Orange Book - B2
The "No write Down" Rule
Prevent secret information from being accessed
C1
29. The Bell-LaPadula Model is a _______________.
Simple Security Rule
The Monolithic Operation system Architecture
Subject to Object Model
Ring 3
30. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
Prohibits
Discretionary Security Property (ds-property)
Prevent secret information from being accessed
Invocation Property
31. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
Higher or equal to access class
Complex Instruction Set Computers (CISC)
Models concerned with integrity
In C2 - Controlled Access Protection environment
32. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.
C1 - Discrection Security Protection is a type of environment
The trustworthiness of an information system
Government and military applications
Real storage
33. The group that oversees the processes of evaluation within TCSEC is?
Trusted Products Evaluation Program (TPEP)
The Rule is talking about writing
Security rating B
Need-to-know
34. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu
Subject to Object Model
International Standard 15408
Trusted hardware - Software and Firmware
Security Policy is clearly defined and documented
35. The first mathematical model of a multi-level security policy used to define the concept of a secure state - the modes of access - and rules for granting access?
Bell-LaPadula Model
No write down
Protection Rings Support
C2
36. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
State machine model
Orange Book - A1
Controlling unauthorized downgrading of information
A1 - Rating
37. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
Accreditation
Security mechanisms and evalautes their effectivenes
Certification
Orange Book - D
38. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.
Continuous protection - O/B
State machine model
Multilevel Security Policies
Orange Book - B2
39. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m
C2 - Controlled Access Protection
Life Cycle Assurance Requirement
First evaluation class
The *-Property rule (Star property)
40. A system uses the Reference Monitor to ___________________ of a subject and an object?
TCB (Trusted Computing Base)
Compare the security labels
Indirect addressing
Division C - Discretionary Protection
41. Which is an ISO standard product evaluation criteria that supersedes several different criteria
Multiprocessing
The Common Criteria
Erasable and Programmable Read-Only Memory (EPROM)
Thrashing
42. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system
Simple Integrity Axiom
C2
The Monolithic Operation system Architecture
State machine model
43. Levels of Security and Levels of Trust Lower Letters of the alphabet represent higher levels of security. Higher numbers indicate a greater level of trust.
Be protected from modification
Types of covert channels
Orange Book ratings
Prohibits
44. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
*-Integrity Axiom
A Thread
Accreditation
Overt channel
45. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
The security kernel
The *-Property rule (Star property)
International Standard 15408
Ring 1
46. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
Prevent secret information from being accessed
B2 - Structured Protection
Division B - Mandatory Protection Architecture
'Dominate'
47. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
Models concerned with integrity
Simple Security Rule
Buffer (temporary data storage area)
The reference monitor
48. Each data object must contain a classification label and each subject must have a clearance label.
B1 - Labeled Security
Life-cycle assurance - O/B
Evaluated separately
The TCSEC - Aka Orange Book
49. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.
A Domain
Cache Memory
NOT Integrity
Protection Rings Support
50. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.
Life Cycle Assurance Requirement
The trustworthiness of an information system
Invocation Property
Clark-Wilson Model