SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Users need to be Identified individually to provide more precise acces control and auditing functionality.
C2 - Controlled Access Protection
Evaluated separately
Its Clearance Label (Top Secret - Secret - or Confidential)
Orange Book ratings
2. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.
Firmware
A security domain
attributability
Execution Domain
3. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.
A Thread
Most commonly used approach
C2 - Controlled Access Protection
Thrashing
4. Mandatory Access requires that _____________ be attached to all objects.
Totality of protection mechanisms
Sensitivity labels
Government and military applications
NOT Integrity
5. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.
The Evaluated Products List (EPL) with their corresponding rating
Networks and Communications
Basic Security Theorem (used in computer science) definition
Operational assurance requirements
6. What does the Clark-Wilson security model focus on
C2 - Controlled Access Protection
Relative Addresses
Integrity
Accreditation
7. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
All Mandatory Access Control (MAC) systems
Documentation - Orange Book
B2 - Structured Protection
The Thread (memory Management)
8. Data in Cache can be accessed much more quickly than Data
Most commonly used approach
The security perimeter
Stored in Reak Memory
Orange Book - D
9. A Policy based control. All objects and systems have a sensitivity level assigned to them
Mandatory Access Control (MAC)
Indexed addressing
Division D - Minimal Protection
C2 - Controlled Access Protection
10. The assignment of a specific individual to administer the security-related functions of a system.
Trusted facility management
Mandatory Access Control (MAC)
Reduced Instruction Set Computers (RISC)
Security Policy is clearly defined and documented
11. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
Types of covert channels
The security perimeter
The rule is talking about "Reading"
Thrashing
12. Trusted facility management is an assurance requirement only for ________________.
Division D - Minimal Protection
Compare the security labels
Integrity
Highly secure systems (B2 - B3 and A1)
13. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)
In C2 - Controlled Access Protection environment
Firmware
Identification - Orange Book
Security rating B
14. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.
Dedicated Security Mode
Ring 1
B3 - Rating
The Red Book
15. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
Implement software or systems in a production environment
Examples of Layered Operating Systems
Execution Domain
Division B - Mandatory Protection Architecture
16. According to the Orange Book - trusted facility management is not required for which security levels?
B1
Orange Book C
State machine model
In C2 - Controlled Access Protection environment
17. Mandatory Protection
Scalar processors
Erasable and Programmable Read-Only Memory (EPROM)
Simple Integrity Axiom
Orange Book B
18. In Access Control terms it means to be higher than or equal to. In the Bell-Lapadula Model - this is refered to as the dominance relation - which is the relationship of the subject's clearance to the object's classification
19. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
Highly secure systems (B2 - B3 and A1)
Accountability - Orange Book
The security perimeter
The Thread (memory Management)
20. Contains an Address of where the instruction and dara reside that need to be processed.
The Rule is talking about writing
The Thread (memory Management)
B3
B3 - Rating
21. Using TPs (Transformation Procedures) to modify CDIs (Constrained Data) items is refered to as Well-Formed transaction
Clark-Wilson Model
Polyinstantiation
C1 - Discrection Security Protection is a type of environment
Orange Book - B1
22. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
A single classification and a Compartment Set
Controls the checks
Highly secure systems (B2 - B3 and A1)
Ring 1
23. I/O drivers and utilities
A and B
A security kernel
Invocation Property
Ring 2
24. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?
Stored in Reak Memory
Fail safe
The Clark Wilson integrity model
Security Policy - Orange Book
25. Involves sharing the processor amoung all ready processes
Controls the checks
Multitasking
A1 - Rating
Continuous protection - O/B
26. Contains the ending address
Types of covert channels
Fail safe
A Limit Register (Memory Management)
Dedicated Security Mode
27. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
B3 - Rating
The Rule is talking about writing
The security perimeter
Certification
28. The subject must have Need to Know for ONLY the information they are trying to access.
Orange Book C
The Security Kernel
System High Security Mode
Trusted Distribution
29. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards
Primary storage
C2 - Controlled Access Protection
Administrative declaration
The Evaluated Products List (EPL) with their corresponding rating
30. The Physical memory address that the CPU uses
Security Policy is clearly defined and documented
C1
Enforces the rules
Absolute addresses
31. What access control technique is also known as multilevel security?
TCB (Trusted Computing Base)
Mandatory access control
Protection Rings Support
Enforces the rules
32. The security kernel is the mechanism that _____________ of the reference monitor concept.
Totality of protection mechanisms
Isolate processes
Enforces the rules
System High Security Mode
33. Which Orange Book evaluation level is described as "Discretionary Security Protection"?
Most commonly used approach
Invocation Property
Overt channel
C1
34. Each data object must contain a classification label and each subject must have a clearance label.
Orange Book ratings
Orange Book interpretations
The security perimeter
B1 - Labeled Security
35. Documentation must be provided - including test - design - and specification document - user guides and manuals
No read up
The "No read Up" rule
Documentation - Orange Book
B2 rating
36. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.
Dedicated Security Mode
Programmable Read-Only Memory (PROM)
In C2 - Controlled Access Protection environment
The Red Book
37. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
B1
B2
The reference monitor
The Evaluated Products List (EPL) with their corresponding rating
38. When a vendor submits a product for evaluation - it submits it to the ____________.
The National Computer Security Center (NCSC)
The reference monitor
Pagefile.sys file
The Common Criteria
39. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.
Implement software or systems in a production environment
No read up
C2 - Controlled Access Protection
Bell-LaPadula Model
40. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
Cache Memory
Storage and timing
A Thread
A1
41. Contains the beginning address
Pipelining
Logical addresses
A Base Register (Memory Management)
No read down
42. TCSEC provides a means to evaluate ______________________.
Dedicated Security Mode
The trustworthiness of an information system
Higher or equal to access class
A Thread
43. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
The TCSEC - Aka Orange Book
Storage and timing
All Mandatory Access Control (MAC) systems
C1 - Discretionary Security Protection
44. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.
Dominate the object's sensitivity label
The National Computer Security Center (NCSC)
The Trusted Computing Base (TCB)
The National Computer Security Center (NCSC)
45. The Bell-LaPadula Model is a _______________.
B3 - Security Domains
B1 - Labeled Security rating
Orange Book - B2
Subject to Object Model
46. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.
Identification - Orange Book
Sensitivity labels
Orange Book interpretations
Physical security
47. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
Be protected from modification
Orange Book ratings
Ring 1
A Domain
48. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.
The Biba Model
Scalar processors
No read up
Compare the security labels
49. Individual subjects must be uniquely identified.
Prevent secret information from being accessed
Identification - Orange Book
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Absolute addresses
50. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.
State machine model
B3
A lattice of Intergrity Levels
No write down
