SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
No read up
A1
Be protected from modification
Orange Book - A1
2. Remaining parts of the operating system
Orange Book - A1
Thrashing
Ring 1
Files - directories and devices
3. Execute one instruction at a time.
Files - directories and devices
Attributable data
Programmable Read-Only Memory (PROM)
Scalar processors
4. In both the Bell-LaPadula and Biba Models if the word "* or Star is used - _______________.
The Rule is talking about writing
Integrity
Mandatory access control
Multitasking
5. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.
Buffer (temporary data storage area)
*-Integrity Axiom
No write down
Be protected from modification
6. The assignment of a specific individual to administer the security-related functions of a system.
Trusted facility management
Security mechanisms and evalautes their effectivenes
The "No read Up" rule
Multitasking
7. What model use an access control triples and requires that the system maintain separation of duty ?
Life Cycle Assurance Requirement
Clark-Wilson
A1
Orange Book ratings
8. Security Labels are not required until __________; thus C2 does not require security labels but B1 does
Security rating B
Implement software or systems in a production environment
TCB (Trusted Computing Base)
Indexed addressing
9. TCB contains The Security Kernel and all ______________.
Erasable and Programmable Read-Only Memory (EPROM)
B3 - Security Domains
A Limit Register (Memory Management)
security protection mechanisms
10. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.
Covert channels
The National Computer Security Center (NCSC)
A Thread
Life-cycle assurance - O/B
11. A set of objects that a subject is able to access
Division D - Minimal Protection
A Domain
Ring 1
Trusted facility management
12. Which Orange Book evaluation level is described as "Verified Design"?
A1
Buffer (temporary data storage area)
Simple Integrity Axiom
Discretionary Security Property (ds-property)
13. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
Ring 1
C1
B3 - Security Domains
Multilevel Security Policies
14. The TCB is the ________________ within a computer system that work together to enforce a security policy.
Dominate the object's sensitivity label
Totality of protection mechanisms
Discretionary Security Property (ds-property)
Controlling unauthorized downgrading of information
15. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu
Buffer overflows
Security Policy is clearly defined and documented
TCB (Trusted Computing Base)
The *-Property rule (Star property)
16. Bell-LaPadula model was proposed for enforcing access control in _____________________.
Dedicated Security Mode
Enforces the rules
C1
Government and military applications
17. The Red Book aka Trusted Network Interpretation (TNI) - provides _________________ for Trusted computer and communications network systems under the areas of assurance requirements
The reference monitor
All Mandatory Access Control (MAC) systems
Orange Book interpretations
Virtual Memory
18. Individual subjects must be uniquely identified.
Ring 0
Identification - Orange Book
Reduced Instruction Set Computers (RISC)
Pagefile.sys file
19. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
The "No read Up" rule
The security kernel
Implement software or systems in a production environment
The security perimeter
20. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
Simple Security Rule
Division C - Discretionary Protection
Trusted Network Interpretation (TNI)
Files - directories and devices
21. Data in Cache can be accessed much more quickly than Data
Security Policy is clearly defined and documented
B3
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Stored in Reak Memory
22. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.
Fail safe
C2 - Controlled Access Protection
The Common Criteria
Most commonly used approach
23. System Architecture that separates system functionality into Hierarchical layers
Pagefile.sys file
Most commonly used approach
A Layered Operating System Architecure
The Clark Wilson integrity model
24. Verification Protection
Its Clearance Label (Top Secret - Secret - or Confidential)
Relative Addresses
Orange Book A
Orange Book - D
25. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?
Ring 3
Disclosure of residual data
Continuous protection - O/B
Protection Rings Support
26. What is called the formal acceptance of the adequacy of a system's overall security by management?
Reduced Instruction Set Computers (RISC)
Accreditation
Orange Book - B2
Accountability - Orange Book
27. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards
Administrative declaration
The Red Book
The security perimeter
attributability
28. What does the simple integrity axiom mean in the Biba model?
The Clark Wilson integrity model
No read down
Its classification label (Top Secret - Secret or confidential)
Basic Security Theorem (used in computer science) definition
29. When a vendor submits a product for evaluation - it submits it to the ____________.
In C2 - Controlled Access Protection environment
The National Computer Security Center (NCSC)
Controlling unauthorized downgrading of information
Protection Rings Support
30. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?
The TCSEC - Aka Orange Book
Virtual storage
Ring 3
Cache Memory
31. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
Covert channels
Assigned labels
Prohibits
Certification
32. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)
'Dominate'
Process isolation
Firmware
B3 - Rating
33. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
Dedicated Security Mode
The Biba Model
A security kernel
The security kernel
34. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain
Constrained
Accreditation
Orange Book - D
Discretionary Security Property (ds-property)
35. Using TPs (Transformation Procedures) to modify CDIs (Constrained Data) items is refered to as Well-Formed transaction
Trusted hardware - Software and Firmware
Clark-Wilson Model
In C2 - Controlled Access Protection environment
Covert channels
36. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?
C1 - Discretionary Security Protection
TCB (Trusted Computing Base)
B3
Multitasking
37. The first mathematical model of a multi-level security policy used to define the concept of a secure state - the modes of access - and rules for granting access?
Orange Book B
Bell-LaPadula Model
Controlling unauthorized downgrading of information
First evaluation class
38. I/O drivers and utilities
Logical addresses
Compare the security labels
Ring 2
Programmable Read-Only Memory (PROM)
39. The reserved hard drive space used to Extend RAM capabilities. Windows system use the pagefile.sys file to reserve this space
Swap Space
Security rating B
Relative Addresses
Sensitivity labels
40. Involves sharing the processor amoung all ready processes
Polyinstantiation
Security Policy - Orange Book
Multitasking
The Rule is talking about writing
41. Contains the beginning address
A Domain
Orange Book B
A Base Register (Memory Management)
A and B
42. Mandatory Access requires that _____________ be attached to all objects.
A security kernel
Sensitivity labels
Division B - Mandatory Protection Architecture
Virtual Memory
43. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
Ring 0
Thrashing
No read up
Invocation Property
44. For a subject to have read access to an object in a Multi-Level Security Policy - it is necessary that the subject's sensitivity label must ____________________.
45. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.
A single classification and a Compartment Set
C2 - Controlled Access Protection
System High Security Mode
Controlling unauthorized downgrading of information
46. Contains the ending address
A Limit Register (Memory Management)
Access control to the objects by the subjects
Prevent secret information from being accessed
C1 - Discrection Security Protection is a type of environment
47. TCSEC provides a means to evaluate ______________________.
Government and military applications
The trustworthiness of an information system
A Layered Operating System Architecure
Ring 3
48. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?
Fail safe
Evaluated separately
Pipelining
No read up
49. Should always trace to individuals responsible for observing and recording the data
Prevent secret information from being accessed
Programmable Read-Only Memory (PROM)
Attributable data
B2 - Structured Protection
50. The Availability - Integrity and confidentiality requirements of multitasking operating systems
Indirect addressing
Its Clearance Label (Top Secret - Secret - or Confidential)
Protection Rings Support
Continuous protection - O/B