SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Bell-LaPadula model was proposed for enforcing access control in _____________________.
TCB (Trusted Computing Base)
Government and military applications
Ring 2
Division C - Discretionary Protection
2. According to the Orange Book - trusted facility management is not required for which security levels?
A Base Register (Memory Management)
B1
Dedicated Security Mode
Reduced Instruction Set Computers (RISC)
3. What does the Clark-Wilson security model focus on
Mandatory Access Control (MAC)
Integrity
Types of covert channels
Prevent secret information from being accessed
4. TCSEC provides a means to evaluate ______________________.
Examples of Layered Operating Systems
The trustworthiness of an information system
Its Clearance Label (Top Secret - Secret - or Confidential)
A Layered Operating System Architecure
5. Users need to be Identified individually to provide more precise acces control and auditing functionality.
Division C - Discretionary Protection
C2 - Controlled Access Protection
Swap Space
Multiprocessing
6. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
The reference monitor
System High Security Mode
Physical security
Continuous protection - O/B
7. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
The trustworthiness of an information system
The "No write Down" Rule
C2
Physical security
8. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
First evaluation class
The security perimeter
Implement software or systems in a production environment
Clark-Wilson
9. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.
Continuous protection - O/B
Basic Security Theorem (used in computer science) definition
Disclosure of residual data
The Strong star property rule
10. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Life-cycle assurance - O/B
A Layered Operating System Architecure
Controls the checks
11. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?
Ring 2
Its Clearance Label (Top Secret - Secret - or Confidential)
Trusted Distribution
Fail safe
12. What does the simple integrity axiom mean in the Biba model?
A security domain
security protection mechanisms
Government and military applications
No read down
13. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.
C2 - Controlled Access Protection
The security perimeter
Subject to Object Model
Buffer (temporary data storage area)
14. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.
Types of covert channels
B3 - Rating
Models concerned with integrity
Clark-Wilson
15. The assignment of a specific individual to administer the security-related functions of a system.
The security perimeter
Trusted facility management
Simple Integrity Axiom
Constrained
16. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?
B3
Disclosure of residual data
System High Security Mode
A security domain
17. A system uses the Reference Monitor to ___________________ of a subject and an object?
Orange Book B
The "No read Up" rule
Constrained
Compare the security labels
18. Which addresses a portion of the primary memory by specifying the actual address of the memory location?
Direct Addressing
Enforces the rules
No read up
Dedicated Security Mode
19. A1 is also called "Verified Design" and requires formal verification of the design and specifications.
Programmable Read-Only Memory (PROM)
Orange Book - A1
Simple Security Rule
The Common Criteria
20. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.
attributability
A single classification and a Compartment Set
The Integrity of data within applications
The National Computer Security Center (NCSC)
21. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
C1 - Discretionary Security Protection
The Rule is talking about writing
Physical security
Buffer overflows
22. What prevents a process from accessing another process' data?
Process isolation
Orange Book - B1
The Common Criteria
The rule is talking about "Reading"
23. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?
The TCSEC - Aka Orange Book
State machine model
Dedicated Security Mode
Accountability - Orange Book
24. Each data object must contain a classification label and each subject must have a clearance label.
An abstract machine
B1 - Labeled Security
Documentation - Orange Book
Multilevel Security Policies
25. Using TPs (Transformation Procedures) to modify CDIs (Constrained Data) items is refered to as Well-Formed transaction
Clark-Wilson Model
Simple Security Rule
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Sensitivity labels
26. Individual subjects must be uniquely identified.
Scalar processors
Controls the checks
The National Computer Security Center (NCSC)
Identification - Orange Book
27. The total combination of protection mechanisms within a computer system
A Thread
The National Computer Security Center (NCSC)
TCB (Trusted Computing Base)
Dedicated Security Mode
28. Which Orange Book evaluation level is described as "Discretionary Security Protection"?
C1
Relative Addresses
The Integrity of data within applications
Labels - Orange Book
29. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
The rule is talking about "Reading"
Orange Book B
The security perimeter
D
30. Involves sharing the processor amoung all ready processes
The National Computer Security Center (NCSC)
Thrashing
Multitasking
Clark-Wilson
31. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.
Most commonly used approach
State machine model
Orange Book - A1
Constrained
32. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu
Trusted hardware - Software and Firmware
Buffer (temporary data storage area)
Basic Security Theorem (used in computer science) definition
Security Policy is clearly defined and documented
33. When the RAM and secondary storage are combined the result is __________.
Virtual Memory
Trusted facility management
Complex Instruction Set Computers (CISC)
Identification - Orange Book
34. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
B3 - Security Domains
Buffer (temporary data storage area)
Multitasking
Assigned labels
35. What does the simple security (ss) property mean in the Bell-LaPadula model?
No read up
Trusted Distribution
The *-Property rule (Star property)
C2 - Controlled Access Protection
36. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
B2 rating
Overt channel
C2
Thrashing
37. Which is a straightforward approach that provides access rights to subjects for objects?
Access Matrix model
First evaluation class
Firmware
Its classification label (Top Secret - Secret or confidential)
38. A domain of trust that shares a single security policy and single management
A security domain
Ring 2
Trusted Products Evaluation Program (TPEP)
TCB (Trusted Computing Base)
39. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
The Red Book
B3
Attributable data
Documentation - Orange Book
40. TCB contains The Security Kernel and all ______________.
Trusted Products Evaluation Program (TPEP)
Compare the security labels
security protection mechanisms
The security perimeter
41. Which in the Orange Book ratings represents the highest level of trust?
The Trusted Computing Base (TCB)
Prohibits
B2
B3 - Security Domains
42. An organization within the National Security Agency (NSA) is responsible for Evaluating computer systems and products. The Trusted Product Evaluation program (TPEP) oversees the testing by approved entities of commercial products against a specific s
The National Computer Security Center (NCSC)
Protection Rings Support
Isolate processes
Ring 1
43. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.
Security Policy
Access Matrix model
The rule is talking about "Reading"
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
44. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
The Clark Wilson integrity model
Swap Space
The *-Property rule (Star property)
Its classification label (Top Secret - Secret or confidential)
45. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
Real storage
Networks and Communications
Security rating B
B2 rating
46. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.
Trusted Products Evaluation Program (TPEP)
Discretionary Security Property (ds-property)
The Biba Model
All Mandatory Access Control (MAC) systems
47. Permits a database to have two records that are identical except for Their classifications
Polyinstantiation
Security mechanisms and evalautes their effectivenes
The Monolithic Operation system Architecture
Disclosure of residual data
48. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.
C2 - Controlled Access Protection
C1 - Discrection Security Protection is a type of environment
Highly secure systems (B2 - B3 and A1)
C1
49. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.
Process isolation
Multilevel Security Policies
The security perimeter
Security rating B
50. Verification Protection
Multilevel Security Policies
Most commonly used approach
C1 - Discretionary Security Protection
Orange Book A
