SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
Buffer overflows
B2 - Structured Protection
Access control to the objects by the subjects
Security Policy
2. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.
Access Matrix model
A single classification and a Compartment Set
Isolate processes
Simple Security Rule
3. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.
A Domain
Most commonly used approach
In C2 - Controlled Access Protection environment
Operational assurance requirements
4. What does the * (star) property mean in the Bell-LaPadula model?
Operational assurance requirements
No write down
Trusted Products Evaluation Program (TPEP)
Assigned labels
5. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.
Totality of protection mechanisms
Covert channels
B2 rating
B3 - Rating
6. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.
B2 - Structured Protection
C1 - Discrection Security Protection is a type of environment
Polyinstantiation
C2 - Controlled Access Protection
7. What model use an access control triples and requires that the system maintain separation of duty ?
Need-to-know
Thrashing
Clark-Wilson
Accountability - Orange Book
8. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
Access control to the objects by the subjects
No read up
Evaluated separately
Certification
9. Access control labels must be associated properly with objects.
Direct Addressing
First evaluation class
A Thread
Labels - Orange Book
10. TCSEC provides a means to evaluate ______________________.
The security perimeter
Execution Domain
First evaluation class
The trustworthiness of an information system
11. What does the simple security (ss) property mean in the Bell-LaPadula model?
Attributable data
Dominate the object's sensitivity label
C2 - Controlled Access Protection
No read up
12. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.
Multiprocessing
Storage and timing
The Security Kernel
NOT Integrity
13. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?
Higher or equal to access class
Fail safe
The TCSEC - Aka Orange Book
Controls the checks
14. Mandatory Protection
Covert channels
Orange Book B
The "No read Up" rule
Thrashing
15. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use
B3 - Rating
The National Computer Security Center (NCSC)
C2 - Controlled Access Protection
Examples of Layered Operating Systems
16. Data in Cache can be accessed much more quickly than Data
Accountability - Orange Book
Ring 1
Division B - Mandatory Protection
Stored in Reak Memory
17. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
The Rule is talking about writing
The security perimeter
Administrative declaration
Access control to the objects by the subjects
18. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.
Disclosure of residual data
First evaluation class
Sensitivity labels
International Standard 15408
19. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
Compare the security labels
Division D - Minimal Protection
The TCSEC - Aka Orange Book
The security kernel
20. Involves sharing the processor amoung all ready processes
Networks and Communications
Multitasking
Subject to Object Model
Division B - Mandatory Protection Architecture
21. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system
A1 - Rating
Isolate processes
Swap Space
Highly secure systems (B2 - B3 and A1)
22. Which would be designated as objects on a MAC system?
Orange Book - B1
Files - directories and devices
Division C - Discretionary Protection
Prevent secret information from being accessed
23. Another word for Primary storage and distinguishes physical memory from virtual memory.
Assigned labels
Firmware
Controls the checks
Real storage
24. All users have a clearance for and a formal need to know about - all data processed with the system.
Simple Integrity Axiom
A Thread
Examples of Layered Operating Systems
Dedicated Security Mode
25. Which in the Orange Book ratings represents the highest level of trust?
Evaluated separately
Accreditation
B2
A Base Register (Memory Management)
26. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)
Its Clearance Label (Top Secret - Secret - or Confidential)
Firmware
Mandatory Access Control (MAC)
Orange Book - B3
27. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
B2 - Structured Protection
A security kernel
Higher or equal to access class
A Thread
28. The Indexed memory addresses that software uses
Examples of Layered Operating Systems
Logical addresses
C1 - Discretionary Security Protection
Trusted facility management
29. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.
The Tranqulity principle (The Bell-LaPadula Model)
Buffer overflows
Life Cycle Assurance Requirement
The rule is talking about "Reading"
30. The reserved hard drive space used to Extend RAM capabilities. Windows system use the pagefile.sys file to reserve this space
Primary storage
The Trusted Computing Base (TCB)
Division B - Mandatory Protection Architecture
Swap Space
31. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m
Accreditation
The *-Property rule (Star property)
International Standard 15408
C2 - Controlled Access Protection
32. The combination of RAM - Cache and the Processor Registers
Security rating B
Division D - Minimal Protection
A Thread
Primary storage
33. Contains the ending address
The Tranqulity principle (The Bell-LaPadula Model)
B2
Physical security
A Limit Register (Memory Management)
34. What is called the formal acceptance of the adequacy of a system's overall security by management?
Accreditation
Virtual storage
A Domain
Firmware
35. Individual subjects must be uniquely identified.
Clark-Wilson Model
The rule is talking about "Reading"
Identification - Orange Book
*-Integrity Axiom
36. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
Programmable Read-Only Memory (PROM)
The Strong star property rule
'Dominate'
An abstract machine
37. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system
C1
The Monolithic Operation system Architecture
Life Cycle Assurance Requirement
Covert channels
38. When a portion of primary memory is accessed by specifying the actual address of the memory location
Trusted Products Evaluation Program (TPEP)
Direct addressing
Administrative declaration
Division D - Minimal Protection
39. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
NOT Integrity
Disclosure of residual data
The trustworthiness of an information system
All Mandatory Access Control (MAC) systems
40. The Biba Model adresses _____________________.
Enforces the rules
The TCSEC - Aka Orange Book
The Integrity of data within applications
Simple Security Rule
41. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.
The Trusted Computing Base (TCB)
The National Computer Security Center (NCSC)
Security Policy is clearly defined and documented
Mandatory access control
42. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Evaluated separately
Operational assurance requirements
Scalar processors
The Monolithic Operation system Architecture
43. In the Bell-LaPadula Model the Subject's Label contains ___________________.
Government and military applications
Swap Space
Orange Book C
Its Clearance Label (Top Secret - Secret - or Confidential)
44. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle
Higher or equal to access class
Division C - Discretionary Protection
Complex Instruction Set Computers (CISC)
Implement software or systems in a production environment
45. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
Prohibits
C2
The Security Kernel
A1 - Rating
46. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"
Clark-Wilson Model
Simple Integrity Axiom
The Common Criteria
Security Policy - Orange Book
47. Intended for environments that require systems to handle classified data.
B1 - Labeled Security rating
Buffer (temporary data storage area)
Reduced Instruction Set Computers (RISC)
Ring 2
48. What are the components of an object's sensitivity label?
Attributable data
A Base Register (Memory Management)
A single classification and a Compartment Set
The Simple Security Property
49. Should always trace to individuals responsible for observing and recording the data
The Common Criteria
Fail safe
Attributable data
All Mandatory Access Control (MAC) systems
50. Permits a database to have two records that are identical except for Their classifications
Highly secure systems (B2 - B3 and A1)
Orange Book - B3
In C2 - Controlled Access Protection environment
Polyinstantiation
