Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which is a straightforward approach that provides access rights to subjects for objects?






2. Execute one instruction at a time.






3. A type of memory used for High-speed writing and reading activities.






4. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.






5. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.






6. Requires more stringent authentication mechanisms and well-defined interfaces among layers.






7. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.






8. Applications and user activity






9. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle






10. Components considered as part of the Trusted Computing Base (from the Orange Book) are?






11. Certification is a Technical review that assesses the _____________ - where as Accreditation is management's Official acceptance of the information in the Certification process findings.






12. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.






13. An organization within the National Security Agency (NSA) is responsible for Evaluating computer systems and products. The Trusted Product Evaluation program (TPEP) oversees the testing by approved entities of commercial products against a specific s






14. Access control labels must be associated properly with objects.






15. TCSEC provides a means to evaluate ______________________.






16. What is called the formal acceptance of the adequacy of a system's overall security by management?






17. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?






18. Discretionary protection






19. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?






20. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)






21. A Policy based control. All objects and systems have a sensitivity level assigned to them






22. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.






23. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?






24. Another word for Primary storage and distinguishes physical memory from virtual memory.






25. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.






26. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)






27. Subjects and Objects cannot change their security levels once they have been instantiated (created)






28. All users have a clearance for and a formal need to know about - all data processed with the system.






29. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?






30. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.






31. A domain of trust that shares a single security policy and single management






32. The Orange book requires protection against two_____________ - which are these Timing and Storage






33. When the address location that is specified in the program instruction contains the address of the final desired location.






34. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.






35. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.






36. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?






37. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu






38. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.






39. Each data object must contain a classification label and each subject must have a clearance label.






40. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when






41. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.






42. Using TPs (Transformation Procedures) to modify CDIs (Constrained Data) items is refered to as Well-Formed transaction






43. Mandatory access control is enfored by the use of security labels.






44. The TCB is the ________________ within a computer system that work together to enforce a security policy.






45. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.






46. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards






47. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.






48. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)






49. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.






50. The Physical memory address that the CPU uses