SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
First evaluation class
The reference monitor
Integrity
Prevent secret information from being accessed
2. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.
Trusted facility management
Fail safe
Accreditation
Simple Security Rule
3. Can be erased - modified and upgraded.
C2 - Controlled Access Protection
A Layered Operating System Architecure
B2 - Structured Protection
Erasable and Programmable Read-Only Memory (EPROM)
4. Access control labels must be associated properly with objects.
Labels - Orange Book
Secondary Storage
Life Cycle Assurance Requirement
Compare the security labels
5. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.
State machine model
A Thread
B2
Orange Book interpretations
6. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.
Access control to the objects by the subjects
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
B3
Execution Domain
7. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
Division B - Mandatory Protection Architecture
Enforces the rules
Accreditation
A Domain
8. Simpler instructions that require fewer clock cycles to execute.
Reduced Instruction Set Computers (RISC)
Primary storage
Controlling unauthorized downgrading of information
Secondary Storage
9. What does the simple integrity axiom mean in the Biba model?
No read down
C1 - Discretionary Security Protection
Covert channels
No read up
10. Levels of Security and Levels of Trust Lower Letters of the alphabet represent higher levels of security. Higher numbers indicate a greater level of trust.
Direct Addressing
Absolute addresses
Subject to Object Model
Orange Book ratings
11. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
Labels - Orange Book
Covert channels
A lattice of Intergrity Levels
Controls the checks
12. What is called the formal acceptance of the adequacy of a system's overall security by management?
B3 - Rating
All Mandatory Access Control (MAC) systems
Documentation - Orange Book
Accreditation
13. In the Bell-LaPadula Model the Object's Label contains ___________________.
Thrashing
Its classification label (Top Secret - Secret or confidential)
The security perimeter
Division D - Minimal Protection
14. The Reserved hard drive space used to to extend RAM capabilites.
Swap Space
Higher or equal to access class
Reduced Instruction Set Computers (RISC)
C2 - Controlled Access Protection
15. Discretionary protection
Integrity
Orange Book C
Life-cycle assurance - O/B
Enforces the rules
16. Operating System Kernel
Its classification label (Top Secret - Secret or confidential)
Ring 0
Scalar processors
Totality of protection mechanisms
17. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
Logical addresses
Certification
In C2 - Controlled Access Protection environment
All Mandatory Access Control (MAC) systems
18. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.
'Dominate'
Access Matrix model
Orange Book - B3
Life Cycle Assurance Requirement
19. Minimal Security
Ring 3
C2
Orange Book - D
Scalar processors
20. When the RAM and secondary storage are combined the result is __________.
C2
Life Cycle Assurance Requirement
Prohibits
Virtual Memory
21. A domain of trust that shares a single security policy and single management
System High Security Mode
Orange Book interpretations
Totality of protection mechanisms
A security domain
22. What does the * (star) property mean in the Bell-LaPadula model?
An abstract machine
Dominate the object's sensitivity label
No write down
The National Computer Security Center (NCSC)
23. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use
Examples of Layered Operating Systems
A security domain
The Monolithic Operation system Architecture
The rule is talking about "Reading"
24. Subjects and Objects cannot change their security levels once they have been instantiated (created)
The trustworthiness of an information system
No write down
Life Cycle Assurance Requirement
The Tranqulity principle (The Bell-LaPadula Model)
25. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
security protection mechanisms
Controlling unauthorized downgrading of information
Attributable - original - accurate - contemporaneous and legible
Prevent secret information from being accessed
26. Data in Cache can be accessed much more quickly than Data
B2 - Structured Protection
Stored in Reak Memory
Programmable Read-Only Memory (PROM)
Direct addressing
27. What prevents a process from accessing another process' data?
Mandatory access control
B3 - Rating
Process isolation
Constrained
28. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
B2 - Structured Protection
The security kernel
The rule is talking about "Reading"
Orange Book B
29. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.
Continuous protection - O/B
The National Computer Security Center (NCSC)
Buffer (temporary data storage area)
B1
30. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
Division C - Discretionary Protection
C2
Orange Book - B1
C2
31. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
Ring 2
Implement software or systems in a production environment
Discretionary Security Property (ds-property)
All Mandatory Access Control (MAC) systems
32. The group that oversees the processes of evaluation within TCSEC is?
Disclosure of residual data
Trusted Products Evaluation Program (TPEP)
Certification
Security mechanisms and evalautes their effectivenes
33. The Physical memory address that the CPU uses
NOT Integrity
Absolute addresses
Scalar processors
Higher or equal to access class
34. Individual subjects must be uniquely identified.
Logical addresses
'Dominate'
Types of covert channels
Identification - Orange Book
35. Execute one instruction at a time.
A Limit Register (Memory Management)
Scalar processors
A Base Register (Memory Management)
Integrity
36. The total combination of protection mechanisms within a computer system
C1
Ring 0
The rule is talking about "Reading"
TCB (Trusted Computing Base)
37. Which is an ISO standard product evaluation criteria that supersedes several different criteria
Bell-LaPadula Model
Controls the checks
The Common Criteria
Trusted Products Evaluation Program (TPEP)
38. The combination of RAM - Cache and the Processor Registers
Primary storage
Documentation - Orange Book
The Security Kernel
Accountability - Orange Book
39. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards
Security Policy - Orange Book
Integrity
Overt channel
Administrative declaration
40. Bell-LaPadula Model -______________: A subject in a given security level can NOT WRITE information to a LOWER security level.
Most commonly used approach
Ring 2
The *-Property rule (Star property)
Certification
41. The first mathematical model of a multi-level security policy used to define the concept of a secure state - the modes of access - and rules for granting access?
Virtual Memory
Bell-LaPadula Model
A Base Register (Memory Management)
Execution Domain
42. Intended for environments that require systems to handle classified data.
Be protected from modification
Disclosure of residual data
Networks and Communications
B1 - Labeled Security rating
43. Used by Windows systems to reserve the "Swap Space"
The "No write Down" Rule
The National Computer Security Center (NCSC)
Clark-Wilson
Pagefile.sys file
44. Which is a straightforward approach that provides access rights to subjects for objects?
Indexed addressing
Simple Security Rule
Access Matrix model
The Strong star property rule
45. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
Orange Book - B3
Indirect addressing
An abstract machine
Ring 0
46. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.
Multilevel Security Policies
C1 - Discretionary Security Protection
No read down
Implement software or systems in a production environment
47. Contains the ending address
B3 - Rating
Ring 0
Erasable and Programmable Read-Only Memory (EPROM)
A Limit Register (Memory Management)
48. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs
System High Security Mode
International Standard 15408
Multilevel Security Policies
Secondary Storage
49. Each data object must contain a classification label and each subject must have a clearance label.
B2 - Structured Protection
The trustworthiness of an information system
B1 - Labeled Security
The Strong star property rule
50. Contains the beginning address
A Base Register (Memory Management)
Most commonly used approach
Certification
A Thread