Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Access control labels must be associated properly with objects.






2. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?






3. Which addresses a portion of the primary memory by specifying the actual address of the memory location?






4. The reserved hard drive space used to Extend RAM capabilities. Windows system use the pagefile.sys file to reserve this space






5. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?






6. A type of memory used for High-speed writing and reading activities.






7. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle






8. The total combination of protection mechanisms within a computer system






9. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.






10. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.






11. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?






12. In access control terms - the word "dominate" refers to ___________.






13. Which is an ISO standard product evaluation criteria that supersedes several different criteria






14. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.






15. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.






16. Succesfully Evaluated products are placed on?






17. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.






18. The Orange book requires protection against two_____________ - which are these Timing and Storage






19. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.






20. Which describe a condition when RAM and Secondary storage are used together?






21. Contains an Address of where the instruction and dara reside that need to be processed.






22. Can be erased - modified and upgraded.






23. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.






24. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection






25. The Orange book does NOT Cover ________________ - And Database management systems






26. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.






27. Discretionary protection






28. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.






29. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.






30. TCB contains The Security Kernel and all ______________.






31. Levels of Security and Levels of Trust Lower Letters of the alphabet represent higher levels of security. Higher numbers indicate a greater level of trust.






32. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.






33. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?






34. Mandatory Access requires that _____________ be attached to all objects.






35. Contains the beginning address






36. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.






37. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.






38. Components considered as part of the Trusted Computing Base (from the Orange Book) are?






39. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.






40. Which TCSEC level first addresses object reuse?






41. Which Orange Book evaluation level is described as "Verified Design"?






42. Data in Cache can be accessed much more quickly than Data






43. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?






44. Happen because input data is not checked for appropriate length at time of input






45. All users have a clearance for and a formal need to know about - all data processed with the system.






46. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system






47. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.






48. What is called the formal acceptance of the adequacy of a system's overall security by management?






49. In the Bell-LaPadula Model the Subject's Label contains ___________________.






50. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.