Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The Indexed memory addresses that software uses






2. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?






3. Levels of Security and Levels of Trust Lower Letters of the alphabet represent higher levels of security. Higher numbers indicate a greater level of trust.






4. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.






5. For a subject to have read access to an object in a Multi-Level Security Policy - it is necessary that the subject's sensitivity label must ____________________.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


6. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities






7. Remaining parts of the operating system






8. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.






9. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)






10. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.






11. Contains the ending address






12. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.






13. What is called the formal acceptance of the adequacy of a system's overall security by management?






14. Access control labels must be associated properly with objects.






15. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.






16. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.






17. Which in the Orange Book ratings represents the highest level of trust?






18. Components considered as part of the Trusted Computing Base (from the Orange Book) are?






19. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma






20. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.






21. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when






22. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?






23. Each data object must contain a classification label and each subject must have a clearance label.






24. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.






25. Applications and user activity






26. Mediates all access and Functions between subjects and objects.






27. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when






28. The Policy must be explicit and well defined and enforced by the mechanisms within the system






29. When the contents of the address defined in the program's instruction is added to that of an index register.






30. What does the simple integrity axiom mean in the Biba model?






31. A domain of trust that shares a single security policy and single management






32. Which TCSEC level first addresses object reuse?






33. Execute one instruction at a time.






34. The Orange book does NOT Cover ________________ - And Database management systems






35. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.






36. Should always trace to individuals responsible for observing and recording the data






37. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.






38. Mandatory Access requires that _____________ be attached to all objects.






39. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.






40. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain






41. What model use an access control triples and requires that the system maintain separation of duty ?






42. Used by Windows systems to reserve the "Swap Space"






43. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.






44. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.






45. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.






46. Operating System Kernel






47. Verification Protection






48. Happen because input data is not checked for appropriate length at time of input






49. The *-Property rule is refered to as ____________.






50. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests