SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. TCB contains The Security Kernel and all ______________.
security protection mechanisms
Virtual storage
Execution Domain
Most commonly used approach
2. Which uses Protection Profiles and Security Targets?
Access control to the objects by the subjects
International Standard 15408
Multitasking
Be protected from modification
3. Involves sharing the processor amoung all ready processes
Life Cycle Assurance Requirement
Its classification label (Top Secret - Secret or confidential)
The National Computer Security Center (NCSC)
Multitasking
4. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
Types of covert channels
B3 - Security Domains
Be protected from modification
Highly secure systems (B2 - B3 and A1)
5. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
Thrashing
Orange Book - B2
C1 - Discretionary Security Protection
The Strong star property rule
6. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
The security perimeter
Logical addresses
Integrity
Invocation Property
7. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
Certification
B3 - Security Domains
Files - directories and devices
C1
8. A Policy based control. All objects and systems have a sensitivity level assigned to them
Simple Security Rule
Mandatory Access Control (MAC)
C1 - Discretionary Security Protection
The security kernel
9. Which Orange Book evaluation level is described as "Discretionary Security Protection"?
C1
Multitasking
Direct addressing
The Rule is talking about writing
10. Documentation must be provided - including test - design - and specification document - user guides and manuals
Execution Domain
A1
Documentation - Orange Book
Highly secure systems (B2 - B3 and A1)
11. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
B3 - Security Domains
A Thread
Administrative declaration
Process isolation
12. A system uses the Reference Monitor to ___________________ of a subject and an object?
Basic Security Theorem (used in computer science) definition
Compare the security labels
Evaluated separately
Isolate processes
13. When a computer uses more than one CPU in parallel to execute instructions is known as?
The trustworthiness of an information system
Multiprocessing
The Evaluated Products List (EPL) with their corresponding rating
Evaluated separately
14. Based on a known address with an offset value applied.
The rule is talking about "Reading"
Relative Addresses
Accountability - Orange Book
Labels - Orange Book
15. As per FDA data should be ______________________________.
Attributable - original - accurate - contemporaneous and legible
International Standard 15408
Labels - Orange Book
Disclosure of residual data
16. When the address location that is specified in the program instruction contains the address of the final desired location.
Orange Book - B1
Indirect addressing
Ring 1
Orange Book ratings
17. The Security Model Incorporates the ____________ that should be enforced in the system.
No read up
B2
Security Policy
Totality of protection mechanisms
18. Which is a straightforward approach that provides access rights to subjects for objects?
Access Matrix model
The Evaluated Products List (EPL) with their corresponding rating
Orange Book interpretations
Orange Book - B1
19. Succesfully Evaluated products are placed on?
The Evaluated Products List (EPL) with their corresponding rating
C2 - Controlled Access Protection
Accountability - Orange Book
The Red Book
20. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
Controls the checks
Division B - Mandatory Protection Architecture
The "No write Down" Rule
A1 - Rating
21. The total combination of protection mechanisms within a computer system
Scalar processors
Be protected from modification
Networks and Communications
TCB (Trusted Computing Base)
22. A1 is also called "Verified Design" and requires formal verification of the design and specifications.
The reference monitor
Orange Book - A1
Complex Instruction Set Computers (CISC)
In C2 - Controlled Access Protection environment
23. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
Clark-Wilson
The Red Book
Division B - Mandatory Protection Architecture
Prohibits
24. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
Protection Rings Support
Secondary Storage
Buffer (temporary data storage area)
Controls the checks
25. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
Controlling unauthorized downgrading of information
Orange Book C
Simple Security Rule
TCB (Trusted Computing Base)
26. What is called the formal acceptance of the adequacy of a system's overall security by management?
Trusted Products Evaluation Program (TPEP)
Accreditation
Ring 3
A lattice of Intergrity Levels
27. Which would be designated as objects on a MAC system?
Accreditation
Discretionary Security Property (ds-property)
Files - directories and devices
Operational assurance requirements
28. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.
Division B - Mandatory Protection
C1 - Discrection Security Protection is a type of environment
A security kernel
The rule is talking about "Reading"
29. Contains an Address of where the instruction and dara reside that need to be processed.
C1
The Thread (memory Management)
Orange Book B
Mandatory access control
30. The group that oversees the processes of evaluation within TCSEC is?
Multiprocessing
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
The "No read Up" rule
Trusted Products Evaluation Program (TPEP)
31. The Simple Security rule is refered to as______________.
Documentation - Orange Book
The "No read Up" rule
A1
D
32. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?
B3
C2
Orange Book - A1
Clark-Wilson Model
33. According to the Orange Book - trusted facility management is not required for which security levels?
A lattice of Intergrity Levels
No write down
Subject to Object Model
B1
34. Remaining parts of the operating system
B3 - Security Domains
Bell-LaPadula Model
Ring 1
Clark-Wilson Model
35. Which increases the performance in a computer by overlapping the steps of different instructions?
Trusted facility management
B1 - Labeled Security rating
Pipelining
Storage and timing
36. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain
Indirect addressing
The Strong star property rule
Models concerned with integrity
Constrained
37. TCSEC provides a means to evaluate ______________________.
Networks and Communications
The trustworthiness of an information system
Buffer (temporary data storage area)
Complex Instruction Set Computers (CISC)
38. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
The Security Kernel
Multitasking
Polyinstantiation
B3 - Security Domains
39. Each data object must contain a classification label and each subject must have a clearance label.
B1 - Labeled Security
Security rating B
The "No read Up" rule
Thrashing
40. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
Orange Book B
Dominate the object's sensitivity label
Division D - Minimal Protection
The Red Book
41. In ______________ the subject must have: Need to Know for ALL the information contained within the system.
The Evaluated Products List (EPL) with their corresponding rating
Dedicated Security Mode
Swap Space
Documentation - Orange Book
42. Which in the Orange Book ratings represents the highest level of trust?
B1
Virtual storage
Labels - Orange Book
B2
43. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.
The reference monitor
A Domain
Evaluated separately
Simple Security Rule
44. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.
The Simple Security Property
Continuous protection - O/B
Simple Integrity Axiom
Fail safe
45. Happen because input data is not checked for appropriate length at time of input
Buffer overflows
Security mechanisms and evalautes their effectivenes
security protection mechanisms
Types of covert channels
46. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system
C1
Isolate processes
'Dominate'
Clark-Wilson Model
47. Simpler instructions that require fewer clock cycles to execute.
Reduced Instruction Set Computers (RISC)
A security kernel
The Biba Model
B3 - Security Domains
48. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.
Orange Book B
Most commonly used approach
Process isolation
The "No read Up" rule
49. The *-Property rule is refered to as ____________.
B1 - Labeled Security
In C2 - Controlled Access Protection environment
The "No write Down" Rule
An abstract machine
50. Another word for Primary storage and distinguishes physical memory from virtual memory.
B3 - Security Domains
Real storage
Division D - Minimal Protection
Controls the checks
