Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"






2. Using TPs (Transformation Procedures) to modify CDIs (Constrained Data) items is refered to as Well-Formed transaction






3. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.






4. Discretionary protection






5. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.






6. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu






7. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.






8. The group that oversees the processes of evaluation within TCSEC is?






9. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.






10. Bell-LaPadula model was proposed for enforcing access control in _____________________.






11. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.






12. A Policy based control. All objects and systems have a sensitivity level assigned to them






13. Contains the beginning address






14. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.






15. Subjects and Objects cannot change their security levels once they have been instantiated (created)






16. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.






17. When the contents of the address defined in the program's instruction is added to that of an index register.






18. Which describe a condition when RAM and Secondary storage are used together?






19. A system uses the Reference Monitor to ___________________ of a subject and an object?






20. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.






21. Remaining parts of the operating system






22. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.






23. Which is a straightforward approach that provides access rights to subjects for objects?






24. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.






25. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)






26. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m






27. What does the simple integrity axiom mean in the Biba model?






28. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.






29. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.






30. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.






31. Mediates all access and Functions between subjects and objects.






32. Data in Cache can be accessed much more quickly than Data






33. Happen because input data is not checked for appropriate length at time of input






34. Minimal Security






35. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?






36. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.






37. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection






38. Which can be used as a covert channel?






39. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities






40. Mandatory Access requires that _____________ be attached to all objects.






41. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.






42. System Architecture that separates system functionality into Hierarchical layers






43. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked






44. Security Labels are not required until __________; thus C2 does not require security labels but B1 does






45. Can be erased - modified and upgraded.






46. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.






47. Audit data must be captured and protected to enforce accountability






48. What does the Clark-Wilson security model focus on






49. Which uses Protection Profiles and Security Targets?






50. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.