SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Used by Windows systems to reserve the "Swap Space"
Pagefile.sys file
Division B - Mandatory Protection Architecture
Mandatory access control
Administrative declaration
2. A subject at a given clearance may not read an object at a higher classification
Access Matrix model
The Simple Security Property
Swap Space
A security domain
3. Execute one instruction at a time.
Orange Book C
Scalar processors
Accountability - Orange Book
Controlling unauthorized downgrading of information
4. Which increases the performance in a computer by overlapping the steps of different instructions?
Disclosure of residual data
*-Integrity Axiom
Pipelining
Orange Book - B2
5. Audit data must be captured and protected to enforce accountability
Life-cycle assurance - O/B
Accountability - Orange Book
Virtual storage
B1
6. All users have a clearance for and a formal need to know about - all data processed with the system.
Dedicated Security Mode
Orange Book A
Mandatory access control
Integrity
7. The Bell-LaPadula Model is a _______________.
Mandatory access control
Security Policy - Orange Book
Subject to Object Model
B3
8. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.
Simple Security Rule
Orange Book - B1
B1
C2 - Controlled Access Protection
9. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs
Orange Book - B2
Programmable Read-Only Memory (PROM)
Need-to-know
Secondary Storage
10. A1 is also called "Verified Design" and requires formal verification of the design and specifications.
Orange Book - A1
Secondary Storage
Overt channel
Indirect addressing
11. I/O drivers and utilities
Division B - Mandatory Protection
Ring 2
A Base Register (Memory Management)
Higher or equal to access class
12. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?
Enforces the rules
Disclosure of residual data
Division C - Discretionary Protection
No read up
13. Permits a database to have two records that are identical except for Their classifications
Polyinstantiation
Examples of Layered Operating Systems
Dedicated Security Mode
Orange Book - B3
14. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Ring 3
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Life Cycle Assurance Requirement
Evaluated separately
15. Bell-LaPadula Model -______________: A subject in a given security level can NOT WRITE information to a LOWER security level.
The *-Property rule (Star property)
Multilevel Security Policies
The Simple Security Property
Orange Book interpretations
16. The security kernel is the mechanism that _____________ of the reference monitor concept.
Enforces the rules
Access Matrix model
All Mandatory Access Control (MAC) systems
A1 - Rating
17. A system uses the Reference Monitor to ___________________ of a subject and an object?
Physical security
Compare the security labels
The Strong star property rule
A lattice of Intergrity Levels
18. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
Security Policy - Orange Book
Process isolation
Swap Space
B3
19. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle
B3 - Security Domains
Networks and Communications
Complex Instruction Set Computers (CISC)
A lattice of Intergrity Levels
20. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.
Buffer (temporary data storage area)
Erasable and Programmable Read-Only Memory (EPROM)
The "No read Up" rule
Orange Book - B2
21. Which describe a condition when RAM and Secondary storage are used together?
Virtual storage
Buffer overflows
Life-cycle assurance - O/B
B1
22. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?
Basic Security Theorem (used in computer science) definition
B3
Multiprocessing
Ring 2
23. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.
A security kernel
A1 - Rating
Continuous protection - O/B
Direct Addressing
24. What model use an access control triples and requires that the system maintain separation of duty ?
Trusted Distribution
Orange Book A
A Limit Register (Memory Management)
Clark-Wilson
25. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
Division B - Mandatory Protection Architecture
B1 - Labeled Security rating
Direct addressing
Programmable Read-Only Memory (PROM)
26. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?
B2
Orange Book B
Fail safe
B2 - Structured Protection
27. Verification Protection
C1
Accreditation
Orange Book A
State machine model
28. Operating System Kernel
Ring 0
C2 - Controlled Access Protection
The Integrity of data within applications
Prohibits
29. Mandatory access control is enfored by the use of security labels.
Integrity
Ring 2
The National Computer Security Center (NCSC)
Division B - Mandatory Protection
30. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
Integrity
Division B - Mandatory Protection
B2 rating
Examples of Layered Operating Systems
31. Users need to be Identified individually to provide more precise acces control and auditing functionality.
C2 - Controlled Access Protection
Trusted Distribution
B2
C2
32. The Policy must be explicit and well defined and enforced by the mechanisms within the system
Security Policy - Orange Book
Ring 1
The "No read Up" rule
Subject to Object Model
33. The Orange book does NOT Cover ________________ - And Database management systems
Protection Rings Support
Networks and Communications
B2
*-Integrity Axiom
34. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system
Isolate processes
Buffer overflows
No read up
Pipelining
35. Based on a known address with an offset value applied.
Discretionary Security Property (ds-property)
Certification
Relative Addresses
A Layered Operating System Architecure
36. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.
Physical security
Virtual storage
The Security Kernel
Scalar processors
37. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.
Operational assurance requirements
Access Matrix model
Firmware
No read up
38. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?
Erasable and Programmable Read-Only Memory (EPROM)
The TCSEC - Aka Orange Book
Evaluated separately
Relative Addresses
39. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
Integrity
Documentation - Orange Book
In C2 - Controlled Access Protection environment
Security Policy
40. Each data object must contain a classification label and each subject must have a clearance label.
The security perimeter
B1 - Labeled Security
Dominate the object's sensitivity label
Erasable and Programmable Read-Only Memory (EPROM)
41. Which would be designated as objects on a MAC system?
Files - directories and devices
Accountability - Orange Book
Types of covert channels
Networks and Communications
42. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
A security domain
Sensitivity labels
B3 - Security Domains
Dedicated Security Mode
43. In the Bell-LaPadula Model the Object's Label contains ___________________.
Compare the security labels
The TCSEC - Aka Orange Book
Its classification label (Top Secret - Secret or confidential)
The National Computer Security Center (NCSC)
44. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.
Controlling unauthorized downgrading of information
The security kernel
The Biba Model
Buffer (temporary data storage area)
45. What is called the formal acceptance of the adequacy of a system's overall security by management?
Accreditation
Secondary Storage
The Common Criteria
Programmable Read-Only Memory (PROM)
46. When a portion of primary memory is accessed by specifying the actual address of the memory location
Integrity
attributability
Direct addressing
The trustworthiness of an information system
47. The Bell-LaPadula model Subjects and Objects are ___________.
All Mandatory Access Control (MAC) systems
Complex Instruction Set Computers (CISC)
Security Policy - Orange Book
Assigned labels
48. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.
Programmable Read-Only Memory (PROM)
Types of covert channels
First evaluation class
Isolate processes
49. For a subject to have read access to an object in a Multi-Level Security Policy - it is necessary that the subject's sensitivity label must ____________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
50. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
Totality of protection mechanisms
Isolate processes
C1 - Discretionary Security Protection
An abstract machine