SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Security Labels are not required until __________; thus C2 does not require security labels but B1 does
Orange Book C
Programmable Read-Only Memory (PROM)
Security rating B
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
2. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
Access Matrix model
Trusted Network Interpretation (TNI)
No write down
The security perimeter
3. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma
Discretionary Security Property (ds-property)
Firmware
Pagefile.sys file
The Thread (memory Management)
4. Intended for environments that require systems to handle classified data.
B1 - Labeled Security rating
Types of covert channels
Complex Instruction Set Computers (CISC)
Ring 0
5. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.
The *-Property rule (Star property)
A single classification and a Compartment Set
The National Computer Security Center (NCSC)
Orange Book - B1
6. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
The Red Book
B1
Prohibits
Access Matrix model
7. Data in Cache can be accessed much more quickly than Data
No read down
Stored in Reak Memory
Logical addresses
Administrative declaration
8. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
Documentation - Orange Book
Direct Addressing
A and B
Orange Book B
9. Each data object must contain a classification label and each subject must have a clearance label.
The Integrity of data within applications
B1 - Labeled Security
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
In C2 - Controlled Access Protection environment
10. When a vendor submits a product for evaluation - it submits it to the ____________.
The National Computer Security Center (NCSC)
Documentation - Orange Book
A Domain
The *-Property rule (Star property)
11. The combination of RAM - Cache and the Processor Registers
Ring 0
Primary storage
Compare the security labels
Relative Addresses
12. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
Accreditation
The Clark Wilson integrity model
Security Policy is clearly defined and documented
Overt channel
13. Verification Protection
A security kernel
Orange Book A
Discretionary Security Property (ds-property)
Prohibits
14. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.
Orange Book - B3
Models concerned with integrity
Life Cycle Assurance Requirement
No read down
15. Subjects and Objects cannot change their security levels once they have been instantiated (created)
B3 - Rating
The Tranqulity principle (The Bell-LaPadula Model)
The security kernel
Orange Book C
16. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.
Trusted facility management
A lattice of Intergrity Levels
Be protected from modification
attributability
17. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.
No read down
First evaluation class
C1
Polyinstantiation
18. What model use an access control triples and requires that the system maintain separation of duty ?
Clark-Wilson
Relative Addresses
Attributable - original - accurate - contemporaneous and legible
Trusted Products Evaluation Program (TPEP)
19. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
Subject to Object Model
C1 - Discretionary Security Protection
C2 - Controlled Access Protection
Covert channels
20. Using TPs (Transformation Procedures) to modify CDIs (Constrained Data) items is refered to as Well-Formed transaction
Firmware
Clark-Wilson Model
'Dominate'
Polyinstantiation
21. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
The reference monitor
Controls the checks
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Controlling unauthorized downgrading of information
22. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
A single classification and a Compartment Set
B3 - Security Domains
Constrained
NOT Integrity
23. When the RAM and secondary storage are combined the result is __________.
Life-cycle assurance - O/B
Orange Book interpretations
Virtual Memory
Networks and Communications
24. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
Dedicated Security Mode
International Standard 15408
Prevent secret information from being accessed
Physical security
25. Contains an Address of where the instruction and dara reside that need to be processed.
Firmware
Government and military applications
The Thread (memory Management)
Complex Instruction Set Computers (CISC)
26. A subject at a given clearance may not read an object at a higher classification
Direct Addressing
The Red Book
The Simple Security Property
The Trusted Computing Base (TCB)
27. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system
The Monolithic Operation system Architecture
The *-Property rule (Star property)
Erasable and Programmable Read-Only Memory (EPROM)
Administrative declaration
28. What does the simple integrity axiom mean in the Biba model?
Bell-LaPadula Model
Access Matrix model
No read down
Certification
29. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object
Assigned labels
Labels - Orange Book
Access control to the objects by the subjects
Multiprocessing
30. The assignment of a specific individual to administer the security-related functions of a system.
Administrative declaration
C1
Trusted facility management
B2 - Structured Protection
31. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
attributability
Identification - Orange Book
Be protected from modification
Clark-Wilson
32. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?
The trustworthiness of an information system
Labels - Orange Book
Clark-Wilson
B3
33. In Access Control terms it means to be higher than or equal to. In the Bell-Lapadula Model - this is refered to as the dominance relation - which is the relationship of the subject's clearance to the object's classification
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
34. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle
Complex Instruction Set Computers (CISC)
Trusted Distribution
Life Cycle Assurance Requirement
Buffer overflows
35. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.
C1 - Discrection Security Protection is a type of environment
Buffer overflows
Compare the security labels
The Strong star property rule
36. Which increases the performance in a computer by overlapping the steps of different instructions?
Pipelining
The Rule is talking about writing
Evaluated separately
The TCSEC - Aka Orange Book
37. Bell-LaPadula model was proposed for enforcing access control in _____________________.
B1 - Labeled Security rating
Its classification label (Top Secret - Secret or confidential)
Security Policy is clearly defined and documented
Government and military applications
38. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
D
The Integrity of data within applications
Orange Book - B1
Clark-Wilson Model
39. The subject must have Need to Know for ONLY the information they are trying to access.
Accountability - Orange Book
System High Security Mode
Orange Book C
Covert channels
40. Documentation must be provided - including test - design - and specification document - user guides and manuals
Division B - Mandatory Protection
No read up
Documentation - Orange Book
Orange Book B
41. What does the Clark-Wilson security model focus on
Integrity
Simple Security Rule
The Clark Wilson integrity model
Access Matrix model
42. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
Disclosure of residual data
Mandatory access control
Documentation - Orange Book
In C2 - Controlled Access Protection environment
43. A Policy based control. All objects and systems have a sensitivity level assigned to them
Ring 0
Simple Integrity Axiom
Mandatory Access Control (MAC)
B3 - Security Domains
44. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?
The Simple Security Property
Erasable and Programmable Read-Only Memory (EPROM)
A single classification and a Compartment Set
Fail safe
45. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
Continuous protection - O/B
Life-cycle assurance - O/B
Protection Rings Support
Access control to the objects by the subjects
46. In the Bell-LaPadula Model the Object's Label contains ___________________.
The Tranqulity principle (The Bell-LaPadula Model)
Simple Integrity Axiom
B3
Its classification label (Top Secret - Secret or confidential)
47. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.
Clark-Wilson Model
Thrashing
Most commonly used approach
Clark-Wilson
48. An organization within the National Security Agency (NSA) is responsible for Evaluating computer systems and products. The Trusted Product Evaluation program (TPEP) oversees the testing by approved entities of commercial products against a specific s
Division B - Mandatory Protection
B3 - Rating
Virtual storage
The National Computer Security Center (NCSC)
49. Trusted facility management is an assurance requirement only for ________________.
Orange Book - D
B3 - Rating
A Limit Register (Memory Management)
Highly secure systems (B2 - B3 and A1)
50. When the address location that is specified in the program instruction contains the address of the final desired location.
C2 - Controlled Access Protection
Indirect addressing
The National Computer Security Center (NCSC)
Pipelining