Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The Security Model Incorporates the ____________ that should be enforced in the system.






2. Individual subjects must be uniquely identified.






3. When a portion of primary memory is accessed by specifying the actual address of the memory location






4. The Simple Security rule is refered to as______________.






5. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.






6. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain






7. The Orange book requires protection against two_____________ - which are these Timing and Storage






8. Which Orange Book evaluation level is described as "Verified Design"?






9. Verification Protection






10. The Indexed memory addresses that software uses






11. Certification is a Technical review that assesses the _____________ - where as Accreditation is management's Official acceptance of the information in the Certification process findings.






12. Which describe a condition when RAM and Secondary storage are used together?






13. The Physical memory address that the CPU uses






14. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.






15. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.






16. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"






17. Based on a known address with an offset value applied.






18. When the address location that is specified in the program instruction contains the address of the final desired location.






19. According to the Orange Book - trusted facility management is not required for which security levels?






20. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.






21. Documentation must be provided - including test - design - and specification document - user guides and manuals






22. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?






23. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.






24. Requires more stringent authentication mechanisms and well-defined interfaces among layers.






25. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.






26. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)






27. Bell-LaPadula model was proposed for enforcing access control in _____________________.






28. The Policy must be explicit and well defined and enforced by the mechanisms within the system






29. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)






30. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?






31. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise






32. System Architecture that separates system functionality into Hierarchical layers






33. In Access Control terms it means to be higher than or equal to. In the Bell-Lapadula Model - this is refered to as the dominance relation - which is the relationship of the subject's clearance to the object's classification

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


34. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.






35. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.






36. Users need to be Identified individually to provide more precise acces control and auditing functionality.






37. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.






38. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when






39. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu






40. Mandatory Access requires that _____________ be attached to all objects.






41. The Red Book aka Trusted Network Interpretation (TNI) - provides _________________ for Trusted computer and communications network systems under the areas of assurance requirements






42. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs






43. The assignment of a specific individual to administer the security-related functions of a system.






44. In the Bell-LaPadula Model the Object's Label contains ___________________.






45. Involves sharing the processor amoung all ready processes






46. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.






47. Minimal Security






48. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.






49. What does the Clark-Wilson security model focus on






50. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.