Test your basic knowledge |

CISSP Security Architecture And Design

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
Implement software or systems in a production environment
Erasable and Programmable Read-Only Memory (EPROM)
A1 - Rating
Disclosure of residual data

2. Which uses Protection Profiles and Security Targets?
The Rule is talking about writing
Logical addresses
attributability
International Standard 15408

3. What prevents a process from accessing another process' data?
B2 - Structured Protection
Process isolation
Secondary Storage
Physical security

4. Minimal Security
The Rule is talking about writing
Orange Book ratings
Compare the security labels
Orange Book - D

5. Succesfully Evaluated products are placed on?
Secondary Storage
Buffer overflows
Compare the security labels
The Evaluated Products List (EPL) with their corresponding rating

6. Contains the beginning address
NOT Integrity
The security kernel
International Standard 15408
A Base Register (Memory Management)

7. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"
Pagefile.sys file
Simple Integrity Axiom
The security perimeter
Models concerned with integrity

8. TCSEC provides a means to evaluate ______________________.
Mandatory Access Control (MAC)
Virtual Memory
The trustworthiness of an information system
Ring 1

9. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.
C2 - Controlled Access Protection
Trusted Products Evaluation Program (TPEP)
In C2 - Controlled Access Protection environment
*-Integrity Axiom

10. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.
Programmable Read-Only Memory (PROM)
Access Matrix model
Virtual Memory
The "No read Up" rule

11. Simpler instructions that require fewer clock cycles to execute.
Multiprocessing
The trustworthiness of an information system
Enforces the rules
Reduced Instruction Set Computers (RISC)

12. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
Division D - Minimal Protection
Division C - Discretionary Protection
The TCSEC - Aka Orange Book
Certification

13. A type of memory used for High-speed writing and reading activities.
An abstract machine
Examples of Layered Operating Systems
Models concerned with integrity
Cache Memory

14. In the Bell-LaPadula Model the Subject's Label contains ___________________.
Continuous protection - O/B
Reduced Instruction Set Computers (RISC)
B1 - Labeled Security rating
Its Clearance Label (Top Secret - Secret - or Confidential)

15. Applications and user activity
Types of covert channels
B1 - Labeled Security
Logical addresses
Ring 3

16. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system
No read down
An abstract machine
Compare the security labels
The Monolithic Operation system Architecture

17. Mandatory Access requires that _____________ be attached to all objects.
Evaluated separately
A Domain
First evaluation class
Sensitivity labels

18. Involves sharing the processor amoung all ready processes
Multitasking
Subject to Object Model
The "No read Up" rule
The Simple Security Property

19. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.
Ring 2
NOT Integrity
International Standard 15408
The Trusted Computing Base (TCB)

20. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
Identification - Orange Book
Swap Space
Trusted Network Interpretation (TNI)
Orange Book - B3

21. Which TCSEC level first addresses object reuse?
Mandatory access control
Orange Book - B2
C2
Orange Book A

22. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.
Logical addresses
First evaluation class
Access Matrix model
The rule is talking about "Reading"

23. When a computer uses more than one CPU in parallel to execute instructions is known as?
Government and military applications
Isolate processes
B3
Multiprocessing

24. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?
Covert channels
Access Matrix model
B3
A and B

25. What does the simple security (ss) property mean in the Bell-LaPadula model?
Thrashing
No read up
The *-Property rule (Star property)
B3 - Rating

26. I/O drivers and utilities
Thrashing
Ring 2
A security kernel
Discretionary Security Property (ds-property)

27. What are the components of an object's sensitivity label?
C1 - Discretionary Security Protection
The security kernel
International Standard 15408
A single classification and a Compartment Set

28. Mediates all access and Functions between subjects and objects.
Dedicated Security Mode
Files - directories and devices
The Security Kernel
Implement software or systems in a production environment

29. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?
Disclosure of residual data
Real storage
B2 - Structured Protection
B3 - Rating

30. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
No read up
A Thread
The National Computer Security Center (NCSC)
Trusted Network Interpretation (TNI)

31. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
The security kernel
C2 - Controlled Access Protection
Orange Book - D
Multitasking

32. The Security Model Incorporates the ____________ that should be enforced in the system.
Secondary Storage
C2 - Controlled Access Protection
Security Policy
The Rule is talking about writing

33. Which addresses a portion of the primary memory by specifying the actual address of the memory location?
Direct Addressing
Invocation Property
Models concerned with integrity
Security mechanisms and evalautes their effectivenes

34. Trusted facility management is an assurance requirement only for ________________.
Trusted facility management
Firmware
Direct addressing
Highly secure systems (B2 - B3 and A1)

35. What does the simple integrity axiom mean in the Biba model?
Evaluated separately
Pipelining
B2 rating
No read down

36. Discretionary protection
A Thread
Orange Book - A1
Orange Book C
Real storage

37. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system
Isolate processes
Swap Space
An abstract machine
Execution Domain

38. Users need to be Identified individually to provide more precise acces control and auditing functionality.
Physical security
The Trusted Computing Base (TCB)
The trustworthiness of an information system
C2 - Controlled Access Protection

39. Access control labels must be associated properly with objects.
A Domain
A Thread
Ring 3
Labels - Orange Book

40. The Physical memory address that the CPU uses
Multilevel Security Policies
Dominate the object's sensitivity label
Evaluated separately
Absolute addresses

41. What access control technique is also known as multilevel security?
Orange Book C
Continuous protection - O/B
The Simple Security Property
Mandatory access control

42. System Architecture that separates system functionality into Hierarchical layers
Orange Book - B2
Models concerned with integrity
A Layered Operating System Architecure
Prohibits

43. What model use an access control triples and requires that the system maintain separation of duty ?
Bell-LaPadula Model
Reduced Instruction Set Computers (RISC)
Clark-Wilson
Discretionary Security Property (ds-property)

44. Certification is a Technical review that assesses the _____________ - where as Accreditation is management's Official acceptance of the information in the Certification process findings.
Security mechanisms and evalautes their effectivenes
A Layered Operating System Architecure
Division B - Mandatory Protection
A single classification and a Compartment Set

45. TCB contains The Security Kernel and all ______________.
Multitasking
security protection mechanisms
Mandatory access control
Stored in Reak Memory

46. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
Execution Domain
Division B - Mandatory Protection Architecture
Fail safe
Orange Book interpretations

47. When the contents of the address defined in the program's instruction is added to that of an index register.
Indexed addressing
NOT Integrity
Integrity
A lattice of Intergrity Levels

48. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
System High Security Mode
Trusted facility management
Access control to the objects by the subjects
Division C - Discretionary Protection

49. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle
The Tranqulity principle (The Bell-LaPadula Model)
Complex Instruction Set Computers (CISC)
Reduced Instruction Set Computers (RISC)
B3 - Rating

50. When the address location that is specified in the program instruction contains the address of the final desired location.
Indirect addressing
Virtual storage
Subject to Object Model
Prohibits