Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The Physical memory address that the CPU uses






2. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.






3. The Policy must be explicit and well defined and enforced by the mechanisms within the system






4. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.






5. A system uses the Reference Monitor to ___________________ of a subject and an object?






6. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object






7. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when






8. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?






9. What is called the formal acceptance of the adequacy of a system's overall security by management?






10. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection






11. Security Labels are not required until __________; thus C2 does not require security labels but B1 does






12. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.






13. Mediates all access and Functions between subjects and objects.






14. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.






15. Operating System Kernel






16. Which is a straightforward approach that provides access rights to subjects for objects?






17. When the contents of the address defined in the program's instruction is added to that of an index register.






18. What does the simple integrity axiom mean in the Biba model?






19. Which increases the performance in a computer by overlapping the steps of different instructions?






20. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?






21. Can be erased - modified and upgraded.






22. In access control terms - the word "dominate" refers to ___________.






23. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.






24. Used by Windows systems to reserve the "Swap Space"






25. The TCB is the ________________ within a computer system that work together to enforce a security policy.






26. A subject at a given clearance may not read an object at a higher classification






27. Which TCSEC level first addresses object reuse?






28. Users need to be Identified individually to provide more precise acces control and auditing functionality.






29. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)






30. For a subject to have read access to an object in a Multi-Level Security Policy - it is necessary that the subject's sensitivity label must ____________________.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


31. Succesfully Evaluated products are placed on?






32. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.






33. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.






34. Which describe a condition when RAM and Secondary storage are used together?






35. Mandatory access control is enfored by the use of security labels.






36. A1 is also called "Verified Design" and requires formal verification of the design and specifications.






37. The C2 evaluation class of the _________________ offers controlled access protection.






38. TCB contains The Security Kernel and all ______________.






39. Components considered as part of the Trusted Computing Base (from the Orange Book) are?






40. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?






41. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs






42. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.






43. When a portion of primary memory is accessed by specifying the actual address of the memory location






44. Which can be used as a covert channel?






45. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system






46. Based on a known address with an offset value applied.






47. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.






48. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.






49. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?






50. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests