SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
Virtual Memory
B2 rating
The security kernel
Certification
2. In the Bell-LaPadula Model the Subject's Label contains ___________________.
The Simple Security Property
Its Clearance Label (Top Secret - Secret - or Confidential)
Real storage
An abstract machine
3. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
Mandatory access control
International Standard 15408
D
C1 - Discretionary Security Protection
4. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
The "No write Down" Rule
A Limit Register (Memory Management)
The Monolithic Operation system Architecture
Prohibits
5. Components considered as part of the Trusted Computing Base (from the Orange Book) are?
A1
The Simple Security Property
Trusted hardware - Software and Firmware
Need-to-know
6. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
Orange Book - B3
B2 - Structured Protection
Reduced Instruction Set Computers (RISC)
Security Policy - Orange Book
7. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
Security Policy - Orange Book
A and B
The Common Criteria
C1 - Discretionary Security Protection
8. The TCB is the ________________ within a computer system that work together to enforce a security policy.
Orange Book interpretations
B1
Multitasking
Totality of protection mechanisms
9. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
Controls the checks
C1
Ring 2
System High Security Mode
10. In the Bell-LaPadula Model the Object's Label contains ___________________.
Accountability - Orange Book
Its classification label (Top Secret - Secret or confidential)
Access control to the objects by the subjects
Sensitivity labels
11. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.
Compare the security labels
Types of covert channels
Operational assurance requirements
Division D - Minimal Protection
12. Data in Cache can be accessed much more quickly than Data
Ring 3
Controlling unauthorized downgrading of information
Protection Rings Support
Stored in Reak Memory
13. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
Examples of Layered Operating Systems
The Biba Model
Invocation Property
Trusted Distribution
14. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
In C2 - Controlled Access Protection environment
Division D - Minimal Protection
B2
The Strong star property rule
15. The assignment of a specific individual to administer the security-related functions of a system.
B1 - Labeled Security
Documentation - Orange Book
Trusted facility management
Controlling unauthorized downgrading of information
16. When a portion of primary memory is accessed by specifying the actual address of the memory location
Disclosure of residual data
Security rating B
Ring 2
Direct addressing
17. Permits a database to have two records that are identical except for Their classifications
Polyinstantiation
The Thread (memory Management)
Orange Book B
A Base Register (Memory Management)
18. Used by Windows systems to reserve the "Swap Space"
Attributable data
The Evaluated Products List (EPL) with their corresponding rating
Orange Book - B3
Pagefile.sys file
19. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.
Stored in Reak Memory
Ring 0
Physical security
C2 - Controlled Access Protection
20. The C2 evaluation class of the _________________ offers controlled access protection.
Security mechanisms and evalautes their effectivenes
Cache Memory
Virtual Memory
Trusted Network Interpretation (TNI)
21. TCSEC provides a means to evaluate ______________________.
The trustworthiness of an information system
Controls the checks
Cache Memory
Multitasking
22. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
A1 - Rating
The security kernel
Programmable Read-Only Memory (PROM)
Indirect addressing
23. Mandatory access control is enfored by the use of security labels.
Buffer (temporary data storage area)
Division B - Mandatory Protection
Attributable data
Simple Security Rule
24. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma
Operational assurance requirements
Stored in Reak Memory
Discretionary Security Property (ds-property)
A1 - Rating
25. In both the Bell-LaPadula and Biba Models if the word "* or Star is used - _______________.
Pagefile.sys file
NOT Integrity
The Rule is talking about writing
Orange Book C
26. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
Attributable data
Real storage
A1 - Rating
The Evaluated Products List (EPL) with their corresponding rating
27. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
Be protected from modification
Integrity
Need-to-know
Documentation - Orange Book
28. For a subject to have read access to an object in a Multi-Level Security Policy - it is necessary that the subject's sensitivity label must ____________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
29. Subjects and Objects cannot change their security levels once they have been instantiated (created)
The Tranqulity principle (The Bell-LaPadula Model)
Multilevel Security Policies
C1
Its Clearance Label (Top Secret - Secret - or Confidential)
30. As per FDA data should be ______________________________.
Absolute addresses
The Evaluated Products List (EPL) with their corresponding rating
Attributable - original - accurate - contemporaneous and legible
Controlling unauthorized downgrading of information
31. Which can be used as a covert channel?
Storage and timing
TCB (Trusted Computing Base)
Division C - Discretionary Protection
Relative Addresses
32. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
Models concerned with integrity
Virtual storage
Virtual Memory
Mandatory access control
33. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
Ring 2
Labels - Orange Book
Indexed addressing
C1 - Discretionary Security Protection
34. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
Certification
Basic Security Theorem (used in computer science) definition
A security kernel
Trusted hardware - Software and Firmware
35. Using TPs (Transformation Procedures) to modify CDIs (Constrained Data) items is refered to as Well-Formed transaction
Clark-Wilson Model
A1
D
Mandatory Access Control (MAC)
36. Contains the beginning address
Multilevel Security Policies
A Base Register (Memory Management)
No read up
Fail safe
37. Another word for Primary storage and distinguishes physical memory from virtual memory.
Trusted Products Evaluation Program (TPEP)
Invocation Property
Real storage
Operational assurance requirements
38. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
C2 - Controlled Access Protection
B3
A lattice of Intergrity Levels
Most commonly used approach
39. Involves sharing the processor amoung all ready processes
B2 rating
Multitasking
The Tranqulity principle (The Bell-LaPadula Model)
Certification
40. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
Division B - Mandatory Protection Architecture
Evaluated separately
B2 rating
Trusted Distribution
41. All users have a clearance for and a formal need to know about - all data processed with the system.
Dedicated Security Mode
D
No read up
State machine model
42. The combination of RAM - Cache and the Processor Registers
All Mandatory Access Control (MAC) systems
Primary storage
The Tranqulity principle (The Bell-LaPadula Model)
Pagefile.sys file
43. The Security Model Incorporates the ____________ that should be enforced in the system.
Security Policy
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Assigned labels
The *-Property rule (Star property)
44. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Basic Security Theorem (used in computer science) definition
B3
Evaluated separately
Scalar processors
45. Which would be designated as objects on a MAC system?
Security mechanisms and evalautes their effectivenes
Access control to the objects by the subjects
C1
Files - directories and devices
46. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
All Mandatory Access Control (MAC) systems
Controls the checks
Programmable Read-Only Memory (PROM)
Mandatory Access Control (MAC)
47. In Access Control terms it means to be higher than or equal to. In the Bell-Lapadula Model - this is refered to as the dominance relation - which is the relationship of the subject's clearance to the object's classification
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
48. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
Prevent secret information from being accessed
Its classification label (Top Secret - Secret or confidential)
Need-to-know
Division D - Minimal Protection
49. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.
Orange Book - A1
The Trusted Computing Base (TCB)
B3 - Rating
Buffer overflows
50. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
Models concerned with integrity
The security perimeter
Dedicated Security Mode
Virtual Memory
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests