SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Can be erased - modified and upgraded.
Integrity
Erasable and Programmable Read-Only Memory (EPROM)
A Limit Register (Memory Management)
Sensitivity labels
2. The Indexed memory addresses that software uses
Real storage
Indirect addressing
Logical addresses
Access control to the objects by the subjects
3. TCB contains The Security Kernel and all ______________.
security protection mechanisms
The National Computer Security Center (NCSC)
First evaluation class
The Trusted Computing Base (TCB)
4. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Compare the security labels
Life-cycle assurance - O/B
The Common Criteria
5. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
A Domain
A security kernel
Orange Book - B2
Overt channel
6. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.
Most commonly used approach
Trusted facility management
Physical security
Subject to Object Model
7. In the Bell-LaPadula Model the Object's Label contains ___________________.
Disclosure of residual data
C2
In C2 - Controlled Access Protection environment
Its classification label (Top Secret - Secret or confidential)
8. Operating System Kernel
The National Computer Security Center (NCSC)
Ring 0
International Standard 15408
Physical security
9. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.
Enforces the rules
Types of covert channels
Need-to-know
Basic Security Theorem (used in computer science) definition
10. Individual subjects must be uniquely identified.
Identification - Orange Book
Orange Book - D
Trusted Distribution
Division B - Mandatory Protection Architecture
11. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object
Mandatory access control
B2 - Structured Protection
Access control to the objects by the subjects
Overt channel
12. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
B2 rating
B3 - Security Domains
C1 - Discretionary Security Protection
Clark-Wilson
13. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.
The National Computer Security Center (NCSC)
The security perimeter
Attributable - original - accurate - contemporaneous and legible
Clark-Wilson Model
14. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
Evaluated separately
Fail safe
Models concerned with integrity
Access Matrix model
15. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle
The Strong star property rule
Buffer (temporary data storage area)
Complex Instruction Set Computers (CISC)
Orange Book B
16. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
The "No read Up" rule
A security kernel
Trusted Distribution
Its Clearance Label (Top Secret - Secret - or Confidential)
17. Which increases the performance in a computer by overlapping the steps of different instructions?
Isolate processes
Overt channel
Pipelining
A Limit Register (Memory Management)
18. The Biba Model adresses _____________________.
The Integrity of data within applications
Dominate the object's sensitivity label
Most commonly used approach
B1 - Labeled Security rating
19. In the Bell-LaPadula Model the Subject's Label contains ___________________.
Its Clearance Label (Top Secret - Secret - or Confidential)
A Thread
A Limit Register (Memory Management)
Trusted facility management
20. A1 is also called "Verified Design" and requires formal verification of the design and specifications.
B1 - Labeled Security
Ring 0
Orange Book ratings
Orange Book - A1
21. A type of memory used for High-speed writing and reading activities.
Dominate the object's sensitivity label
The Thread (memory Management)
B2 rating
Cache Memory
22. Which Orange Book evaluation level is described as "Verified Design"?
A1
C1 - Discretionary Security Protection
Trusted Products Evaluation Program (TPEP)
Orange Book ratings
23. A set of objects that a subject is able to access
Division B - Mandatory Protection
Division D - Minimal Protection
A security kernel
A Domain
24. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
Swap Space
Basic Security Theorem (used in computer science) definition
Firmware
C2
25. When a computer uses more than one CPU in parallel to execute instructions is known as?
Isolate processes
Multiprocessing
The reference monitor
Security rating B
26. Mediates all access and Functions between subjects and objects.
Execution Domain
Labels - Orange Book
The Security Kernel
State machine model
27. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
A Limit Register (Memory Management)
A security domain
Real storage
In C2 - Controlled Access Protection environment
28. The C2 evaluation class of the _________________ offers controlled access protection.
Trusted Network Interpretation (TNI)
Division B - Mandatory Protection
Trusted hardware - Software and Firmware
Identification - Orange Book
29. The Policy must be explicit and well defined and enforced by the mechanisms within the system
Pipelining
International Standard 15408
Security Policy - Orange Book
Sensitivity labels
30. Should always trace to individuals responsible for observing and recording the data
Files - directories and devices
Highly secure systems (B2 - B3 and A1)
Attributable data
Ring 1
31. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"
Simple Integrity Axiom
Constrained
Relative Addresses
Scalar processors
32. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
Complex Instruction Set Computers (CISC)
Orange Book - B3
A lattice of Intergrity Levels
Relative Addresses
33. Mandatory Protection
Storage and timing
Orange Book B
The Simple Security Property
B1 - Labeled Security
34. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?
Multitasking
The TCSEC - Aka Orange Book
Direct Addressing
Integrity
35. All users have a clearance for and a formal need to know about - all data processed with the system.
Dedicated Security Mode
Real storage
B3 - Security Domains
Clark-Wilson Model
36. The security kernel is the mechanism that _____________ of the reference monitor concept.
Certification
The security perimeter
A1
Enforces the rules
37. The Physical memory address that the CPU uses
Absolute addresses
Storage and timing
Orange Book - D
Documentation - Orange Book
38. Permits a database to have two records that are identical except for Their classifications
Polyinstantiation
A1 - Rating
B2
Thrashing
39. Mandatory Access requires that _____________ be attached to all objects.
Subject to Object Model
Process isolation
Orange Book C
Sensitivity labels
40. Certification is a Technical review that assesses the _____________ - where as Accreditation is management's Official acceptance of the information in the Certification process findings.
Attributable - original - accurate - contemporaneous and legible
The Monolithic Operation system Architecture
Security mechanisms and evalautes their effectivenes
Protection Rings Support
41. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu
Security Policy is clearly defined and documented
An abstract machine
The Common Criteria
Attributable data
42. Based on a known address with an offset value applied.
Relative Addresses
C2
B3
Need-to-know
43. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
A security kernel
A Thread
B3
Continuous protection - O/B
44. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?
C2 - Controlled Access Protection
Thrashing
Disclosure of residual data
First evaluation class
45. The Orange book does NOT Cover ________________ - And Database management systems
Bell-LaPadula Model
The rule is talking about "Reading"
Complex Instruction Set Computers (CISC)
Networks and Communications
46. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain
Models concerned with integrity
Constrained
An abstract machine
First evaluation class
47. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
Totality of protection mechanisms
Direct Addressing
Division D - Minimal Protection
The Monolithic Operation system Architecture
48. Subjects and Objects cannot change their security levels once they have been instantiated (created)
The National Computer Security Center (NCSC)
security protection mechanisms
The Tranqulity principle (The Bell-LaPadula Model)
Reduced Instruction Set Computers (RISC)
49. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
Networks and Communications
Attributable data
B3 - Security Domains
Thrashing
50. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.
C1
Continuous protection - O/B
First evaluation class
Absolute addresses
