SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Operating System Kernel
Integrity
Implement software or systems in a production environment
A1
Ring 0
2. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object
Swap Space
Security Policy
Access control to the objects by the subjects
Invocation Property
3. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.
Trusted facility management
The Trusted Computing Base (TCB)
Clark-Wilson
Most commonly used approach
4. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma
Examples of Layered Operating Systems
Programmable Read-Only Memory (PROM)
C2 - Controlled Access Protection
Discretionary Security Property (ds-property)
5. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.
Examples of Layered Operating Systems
Continuous protection - O/B
Disclosure of residual data
Covert channels
6. Which is an ISO standard product evaluation criteria that supersedes several different criteria
Real storage
Protection Rings Support
The Common Criteria
Most commonly used approach
7. In Access Control terms it means to be higher than or equal to. In the Bell-Lapadula Model - this is refered to as the dominance relation - which is the relationship of the subject's clearance to the object's classification
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
8. The Indexed memory addresses that software uses
Indirect addressing
Logical addresses
Documentation - Orange Book
Models concerned with integrity
9. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Its Clearance Label (Top Secret - Secret - or Confidential)
The Integrity of data within applications
Evaluated separately
B1 - Labeled Security rating
10. Individual subjects must be uniquely identified.
Assigned labels
B3 - Rating
In C2 - Controlled Access Protection environment
Identification - Orange Book
11. What does the * (star) property mean in the Bell-LaPadula model?
Isolate processes
No write down
Cache Memory
Dominate the object's sensitivity label
12. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
Orange Book ratings
Division C - Discretionary Protection
Compare the security labels
The Red Book
13. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
Physical security
B3 - Security Domains
Invocation Property
'Dominate'
14. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
No read up
Reduced Instruction Set Computers (RISC)
Logical addresses
The Red Book
15. When the contents of the address defined in the program's instruction is added to that of an index register.
Multitasking
Swap Space
Indexed addressing
Pagefile.sys file
16. Trusted facility management is an assurance requirement only for ________________.
Models concerned with integrity
Highly secure systems (B2 - B3 and A1)
Examples of Layered Operating Systems
C2
17. In ______________ the subject must have: Need to Know for ALL the information contained within the system.
The Security Kernel
Prohibits
Indirect addressing
Dedicated Security Mode
18. Which addresses a portion of the primary memory by specifying the actual address of the memory location?
Fail safe
Direct Addressing
Division B - Mandatory Protection
Trusted Network Interpretation (TNI)
19. Which uses Protection Profiles and Security Targets?
Clark-Wilson Model
Models concerned with integrity
Orange Book B
International Standard 15408
20. An organization within the National Security Agency (NSA) is responsible for Evaluating computer systems and products. The Trusted Product Evaluation program (TPEP) oversees the testing by approved entities of commercial products against a specific s
The "No write Down" Rule
Attributable - original - accurate - contemporaneous and legible
The National Computer Security Center (NCSC)
Networks and Communications
21. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
Orange Book B
Division B - Mandatory Protection Architecture
Models concerned with integrity
The Evaluated Products List (EPL) with their corresponding rating
22. What does the simple integrity axiom mean in the Biba model?
No read down
Ring 3
A and B
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
23. A system uses the Reference Monitor to ___________________ of a subject and an object?
Compare the security labels
A Domain
A and B
C2 - Controlled Access Protection
24. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
The rule is talking about "Reading"
Controls the checks
Invocation Property
An abstract machine
25. Which can be used as a covert channel?
Access control to the objects by the subjects
Storage and timing
Mandatory Access Control (MAC)
Covert channels
26. The C2 evaluation class of the _________________ offers controlled access protection.
Trusted Network Interpretation (TNI)
Security rating B
Accountability - Orange Book
A Domain
27. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
Attributable - original - accurate - contemporaneous and legible
B3
Totality of protection mechanisms
Implement software or systems in a production environment
28. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
security protection mechanisms
The Thread (memory Management)
Prohibits
Fail safe
29. The subject must have Need to Know for ONLY the information they are trying to access.
Trusted facility management
Constrained
Orange Book ratings
System High Security Mode
30. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.
Simple Security Rule
The rule is talking about "Reading"
Real storage
Buffer (temporary data storage area)
31. Contains an Address of where the instruction and dara reside that need to be processed.
B3 - Rating
The Thread (memory Management)
Types of covert channels
Protection Rings Support
32. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
No write down
The reference monitor
A1
Accountability - Orange Book
33. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs
In C2 - Controlled Access Protection environment
Pipelining
Multiprocessing
Secondary Storage
34. System Architecture that separates system functionality into Hierarchical layers
Identification - Orange Book
A Layered Operating System Architecure
*-Integrity Axiom
Dedicated Security Mode
35. The Availability - Integrity and confidentiality requirements of multitasking operating systems
A security kernel
C1 - Discrection Security Protection is a type of environment
Protection Rings Support
Primary storage
36. Documentation must be provided - including test - design - and specification document - user guides and manuals
System High Security Mode
Isolate processes
Dominate the object's sensitivity label
Documentation - Orange Book
37. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
A and B
The security perimeter
Buffer overflows
Swap Space
38. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu
C1 - Discretionary Security Protection
Multilevel Security Policies
Security Policy is clearly defined and documented
Execution Domain
39. The total combination of protection mechanisms within a computer system
Administrative declaration
Enforces the rules
Direct addressing
TCB (Trusted Computing Base)
40. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
Prohibits
Identification - Orange Book
Trusted Distribution
The Simple Security Property
41. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.
The rule is talking about "Reading"
Access Matrix model
Orange Book - B2
Division C - Discretionary Protection
42. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards
Indexed addressing
Mandatory access control
Administrative declaration
Invocation Property
43. The Simple Security rule is refered to as______________.
Thrashing
Simple Security Rule
The "No read Up" rule
C2 - Controlled Access Protection
44. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.
Ring 1
*-Integrity Axiom
TCB (Trusted Computing Base)
Physical security
45. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.
Process isolation
Need-to-know
Real storage
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
46. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
A and B
Clark-Wilson Model
The Clark Wilson integrity model
Division D - Minimal Protection
47. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.
B1
Virtual Memory
Trusted Distribution
Most commonly used approach
48. The Biba Model adresses _____________________.
The Integrity of data within applications
Assigned labels
The *-Property rule (Star property)
Protection Rings Support
49. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use
Trusted Network Interpretation (TNI)
Examples of Layered Operating Systems
Orange Book interpretations
Buffer (temporary data storage area)
50. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
B2 rating
C2
Covert channels
Disclosure of residual data
