Test your basic knowledge |

CISSP Security Architecture And Design

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.
Access Matrix model
Physical security
Implement software or systems in a production environment
Orange Book - B1

2. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.
attributability
Attributable - original - accurate - contemporaneous and legible
Dedicated Security Mode
Ring 3

3. The Orange book does NOT Cover ________________ - And Database management systems
Continuous protection - O/B
Networks and Communications
Its Clearance Label (Top Secret - Secret - or Confidential)
A security kernel

4. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
Prevent secret information from being accessed
Most commonly used approach
The TCSEC - Aka Orange Book
B2 rating

5. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
Models concerned with integrity
The security perimeter
Thrashing
Logical addresses

6. When the RAM and secondary storage are combined the result is __________.
Virtual Memory
Covert channels
Its classification label (Top Secret - Secret or confidential)
Trusted Network Interpretation (TNI)

7. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.
TCB (Trusted Computing Base)
The Rule is talking about writing
D
Need-to-know

8. Intended for environments that require systems to handle classified data.
Implement software or systems in a production environment
A Base Register (Memory Management)
Polyinstantiation
B1 - Labeled Security rating

9. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
A1
The Red Book
Orange Book - B3
Logical addresses

10. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m
C2 - Controlled Access Protection
The Monolithic Operation system Architecture
B1
Life-cycle assurance - O/B

11. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object
The Rule is talking about writing
Orange Book - B3
Fail safe
Access control to the objects by the subjects

12. The Reserved hard drive space used to to extend RAM capabilites.
Swap Space
Networks and Communications
The Thread (memory Management)
Division B - Mandatory Protection

13. When the address location that is specified in the program instruction contains the address of the final desired location.
Indirect addressing
Orange Book - D
Covert channels
International Standard 15408

14. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
C1 - Discretionary Security Protection
Relative Addresses
The Security Kernel
Controlling unauthorized downgrading of information

15. Verification Protection
Covert channels
Orange Book interpretations
Programmable Read-Only Memory (PROM)
Orange Book A

16. Contains the beginning address
Types of covert channels
Security rating B
A security domain
A Base Register (Memory Management)

17. The Indexed memory addresses that software uses
The security kernel
Physical security
Firmware
Logical addresses

18. Another word for Primary storage and distinguishes physical memory from virtual memory.
B3 - Rating
Pipelining
Mandatory Access Control (MAC)
Real storage

19. The Physical memory address that the CPU uses
The "No read Up" rule
An abstract machine
A single classification and a Compartment Set
Absolute addresses

20. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.
Indirect addressing
A Thread
Operational assurance requirements
Complex Instruction Set Computers (CISC)

21. In the Bell-LaPadula Model the Subject's Label contains ___________________.
Identification - Orange Book
Its Clearance Label (Top Secret - Secret - or Confidential)
C2
Government and military applications

22. What does the simple integrity axiom mean in the Biba model?
Security Policy is clearly defined and documented
No read down
Orange Book interpretations
Orange Book A

23. Mandatory access control is enfored by the use of security labels.
The Rule is talking about writing
Division B - Mandatory Protection
Orange Book - D
A security kernel

24. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.
The TCSEC - Aka Orange Book
Simple Security Rule
Compare the security labels
Invocation Property

25. Which Orange Book evaluation level is described as "Discretionary Security Protection"?
C1
Execution Domain
Division D - Minimal Protection
Trusted Products Evaluation Program (TPEP)

26. What does the Clark-Wilson security model focus on
The Trusted Computing Base (TCB)
Integrity
Implement software or systems in a production environment
Its Clearance Label (Top Secret - Secret - or Confidential)

27. Happen because input data is not checked for appropriate length at time of input
Polyinstantiation
Programmable Read-Only Memory (PROM)
Buffer overflows
Virtual Memory

28. Which is an ISO standard product evaluation criteria that supersedes several different criteria
C2
The Common Criteria
Orange Book ratings
The Monolithic Operation system Architecture

29. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.
Orange Book - A1
Security Policy
Continuous protection - O/B
Buffer overflows

30. The total combination of protection mechanisms within a computer system
TCB (Trusted Computing Base)
Labels - Orange Book
Indirect addressing
B1

31. Applications and user activity
Assigned labels
Covert channels
Complex Instruction Set Computers (CISC)
Ring 3

32. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
Discretionary Security Property (ds-property)
Life-cycle assurance - O/B
Buffer (temporary data storage area)
Trusted Distribution

33. Based on a known address with an offset value applied.
Attributable - original - accurate - contemporaneous and legible
No write down
Relative Addresses
Administrative declaration

34. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)
Firmware
Scalar processors
Virtual Memory
Attributable - original - accurate - contemporaneous and legible

35. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
An abstract machine
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Access control to the objects by the subjects
Simple Security Rule

36. What model use an access control triples and requires that the system maintain separation of duty ?
B1
Clark-Wilson
System High Security Mode
Trusted Network Interpretation (TNI)

37. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
The "No write Down" Rule
Thrashing
B3
Life Cycle Assurance Requirement

38. The group that oversees the processes of evaluation within TCSEC is?
Reduced Instruction Set Computers (RISC)
Trusted Products Evaluation Program (TPEP)
Storage and timing
The Thread (memory Management)

39. Execute one instruction at a time.
Scalar processors
The rule is talking about "Reading"
Identification - Orange Book
Division D - Minimal Protection

40. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.
B3 - Rating
B3
Highly secure systems (B2 - B3 and A1)
An abstract machine

41. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.
C2 - Controlled Access Protection
Controlling unauthorized downgrading of information
Ring 2
The rule is talking about "Reading"

42. The combination of RAM - Cache and the Processor Registers
A security kernel
A1 - Rating
Primary storage
B3

43. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
The Tranqulity principle (The Bell-LaPadula Model)
Division B - Mandatory Protection Architecture
C1 - Discretionary Security Protection
A Base Register (Memory Management)

44. The Orange book requires protection against two_____________ - which are these Timing and Storage
Types of covert channels
Storage and timing
Pagefile.sys file
The "No write Down" Rule

45. The Security Model Incorporates the ____________ that should be enforced in the system.
Higher or equal to access class
Security Policy
The "No write Down" Rule
Its classification label (Top Secret - Secret or confidential)

46. The security kernel is the mechanism that _____________ of the reference monitor concept.
Enforces the rules
Most commonly used approach
Division B - Mandatory Protection
The Integrity of data within applications

47. An organization within the National Security Agency (NSA) is responsible for Evaluating computer systems and products. The Trusted Product Evaluation program (TPEP) oversees the testing by approved entities of commercial products against a specific s
The National Computer Security Center (NCSC)
Most commonly used approach
The Simple Security Property
B2 - Structured Protection

48. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
Accountability - Orange Book
B2 rating
C2 - Controlled Access Protection
Assigned labels

49. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Swap Space
Evaluated separately
Real storage
Division B - Mandatory Protection

50. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain
Constrained
All Mandatory Access Control (MAC) systems
Clark-Wilson Model
Access control to the objects by the subjects

Can you answer 50 questions in 15 minutes?

Major Subjects
Tests & Exams AP CLEP DSST GRE SAT GMAT	Certifications CISSP go to https://www.isc2.org/ PMP ITIL RHCE MCTS More...	IT Skills Android Programming Data Modeling Objective C Programming Basic Python Programming Adobe Illustrator More...	Business Skills Advertising Techniques Business Accounting Basics Business Strategy Human Resource Management Marketing Basics More...
Soft Skills Body Language People Skills Public Speaking Persuasion Job Hunting And Resumes More...	Vocabulary GRE Vocab SAT Vocab TOEFL Essential Vocab Basic English Words For All Global Words You Should Know Business English More...	Languages AP German Vocab AP Latin Vocab SAT Subject Test: French Italian Survival Norwegian Survival More...	Engineering Audio Engineering Computer Science Engineering Aerospace Engineering Chemical Engineering Structural Engineering More...
Health Sciences Basic Nursing Skills Health Science Language Fundamentals Veterinary Technology Medical Language Cardiology Clinical Surgery More...	English Grammar Fundamentals Literary And Rhetorical Vocab Elements Of Style Vocab Introduction To English Major Complete Advanced Sentences Literature Homonyms More...	Math Algebra Formulas Basic Arithmetic: Measurements Metric Conversions Geometric Properties Important Math Facts Number Sense Vocab Business Math More...	Other Major Subjects Science Economics History Law Performing-arts Cooking Logic & Reasoning Trivia

Test your basic knowledge |

CISSP Security Architecture And Design

Can you answer 50 questions in 15 minutes?

Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests

Major Subjects

Tests & Exams

Certifications

IT Skills

Business Skills

Soft Skills

Vocabulary

Languages

Engineering

Health Sciences

English

Math

Other Major Subjects

Browse all subjects

Browse all tests

Most popular tests