SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. As per FDA data should be ______________________________.
The security kernel
Attributable - original - accurate - contemporaneous and legible
Security rating B
Ring 2
2. In the Bell-LaPadula Model the Object's Label contains ___________________.
A1
Its classification label (Top Secret - Secret or confidential)
Orange Book A
The Monolithic Operation system Architecture
3. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
Orange Book - B3
Administrative declaration
Security Policy
Access Matrix model
4. The assignment of a specific individual to administer the security-related functions of a system.
security protection mechanisms
Identification - Orange Book
Ring 0
Trusted facility management
5. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.
Need-to-know
Be protected from modification
The *-Property rule (Star property)
Access Matrix model
6. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system
Security Policy is clearly defined and documented
Isolate processes
The National Computer Security Center (NCSC)
Labels - Orange Book
7. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?
Disclosure of residual data
The "No read Up" rule
The "No write Down" Rule
Fail safe
8. Execute one instruction at a time.
Scalar processors
Life-cycle assurance - O/B
Covert channels
The reference monitor
9. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
The "No write Down" Rule
Government and military applications
Evaluated separately
B3
10. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.
Logical addresses
Disclosure of residual data
The Trusted Computing Base (TCB)
Swap Space
11. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
Isolate processes
Firmware
Its classification label (Top Secret - Secret or confidential)
Trusted Distribution
12. A subject at a given clearance may not read an object at a higher classification
The Simple Security Property
An abstract machine
The "No read Up" rule
Orange Book - D
13. Intended for environments that require systems to handle classified data.
B1 - Labeled Security rating
The Rule is talking about writing
The Thread (memory Management)
'Dominate'
14. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.
State machine model
Bell-LaPadula Model
Integrity
Life Cycle Assurance Requirement
15. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
C2
Need-to-know
In C2 - Controlled Access Protection environment
Orange Book C
16. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.
B3
Accountability - Orange Book
Multilevel Security Policies
B3 - Rating
17. Mandatory Protection
Orange Book B
No write down
Highly secure systems (B2 - B3 and A1)
Ring 0
18. Data in Cache can be accessed much more quickly than Data
Stored in Reak Memory
The Simple Security Property
The rule is talking about "Reading"
A Limit Register (Memory Management)
19. Which TCSEC level first addresses object reuse?
C2
Buffer overflows
Operational assurance requirements
Direct Addressing
20. A Policy based control. All objects and systems have a sensitivity level assigned to them
Trusted hardware - Software and Firmware
A Domain
Mandatory Access Control (MAC)
Highly secure systems (B2 - B3 and A1)
21. The Bell-LaPadula model Subjects and Objects are ___________.
The reference monitor
B3 - Security Domains
Assigned labels
Trusted Products Evaluation Program (TPEP)
22. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
Enforces the rules
Dedicated Security Mode
Ring 2
B2 rating
23. The Physical memory address that the CPU uses
Integrity
A single classification and a Compartment Set
Absolute addresses
The National Computer Security Center (NCSC)
24. The Bell-LaPadula Model is a _______________.
Subject to Object Model
The Trusted Computing Base (TCB)
'Dominate'
Pipelining
25. When the address location that is specified in the program instruction contains the address of the final desired location.
A1 - Rating
The reference monitor
B3 - Security Domains
Indirect addressing
26. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.
Orange Book - B2
Basic Security Theorem (used in computer science) definition
Ring 0
C2 - Controlled Access Protection
27. What does the simple security (ss) property mean in the Bell-LaPadula model?
Simple Security Rule
Multitasking
Security Policy
No read up
28. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
Thrashing
A Layered Operating System Architecure
Division B - Mandatory Protection
C1 - Discretionary Security Protection
29. When the RAM and secondary storage are combined the result is __________.
Totality of protection mechanisms
Access Matrix model
Trusted Products Evaluation Program (TPEP)
Virtual Memory
30. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain
A security domain
Constrained
Access Matrix model
Security Policy is clearly defined and documented
31. Subjects and Objects cannot change their security levels once they have been instantiated (created)
A lattice of Intergrity Levels
Multitasking
The Tranqulity principle (The Bell-LaPadula Model)
Subject to Object Model
32. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
C1 - Discrection Security Protection is a type of environment
An abstract machine
Trusted Products Evaluation Program (TPEP)
B2
33. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?
International Standard 15408
Types of covert channels
Labels - Orange Book
B3
34. What are the components of an object's sensitivity label?
Scalar processors
International Standard 15408
A single classification and a Compartment Set
In C2 - Controlled Access Protection environment
35. Contains an Address of where the instruction and dara reside that need to be processed.
A Thread
The Thread (memory Management)
Programmable Read-Only Memory (PROM)
Documentation - Orange Book
36. The Orange book requires protection against two_____________ - which are these Timing and Storage
Security Policy
The rule is talking about "Reading"
Types of covert channels
Evaluated separately
37. Which in the Orange Book ratings represents the highest level of trust?
Ring 1
Absolute addresses
Certification
B2
38. Using TPs (Transformation Procedures) to modify CDIs (Constrained Data) items is refered to as Well-Formed transaction
Fail safe
Highly secure systems (B2 - B3 and A1)
Clark-Wilson Model
The security kernel
39. The subject must have Need to Know for ONLY the information they are trying to access.
A security domain
Covert channels
System High Security Mode
A Thread
40. The combination of RAM - Cache and the Processor Registers
Primary storage
Security rating B
Higher or equal to access class
Process isolation
41. When the contents of the address defined in the program's instruction is added to that of an index register.
Complex Instruction Set Computers (CISC)
Programmable Read-Only Memory (PROM)
Indexed addressing
Dedicated Security Mode
42. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)
*-Integrity Axiom
Polyinstantiation
Orange Book C
The Tranqulity principle (The Bell-LaPadula Model)
43. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
All Mandatory Access Control (MAC) systems
B2 - Structured Protection
Real storage
The Tranqulity principle (The Bell-LaPadula Model)
44. Simpler instructions that require fewer clock cycles to execute.
Reduced Instruction Set Computers (RISC)
Ring 2
State machine model
Certification
45. The Indexed memory addresses that software uses
Orange Book - A1
B3
Logical addresses
Ring 1
46. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu
Subject to Object Model
Orange Book - B2
Stored in Reak Memory
Security Policy is clearly defined and documented
47. The total combination of protection mechanisms within a computer system
Storage and timing
Protection Rings Support
TCB (Trusted Computing Base)
All Mandatory Access Control (MAC) systems
48. According to the Orange Book - trusted facility management is not required for which security levels?
Security mechanisms and evalautes their effectivenes
The trustworthiness of an information system
Orange Book - B1
B1
49. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
Overt channel
Implement software or systems in a production environment
Secondary Storage
Orange Book - B2
50. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system
No write down
Prohibits
The Monolithic Operation system Architecture
Identification - Orange Book
