SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
Orange Book A
Networks and Communications
Orange Book - B3
Constrained
2. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards
Orange Book - A1
Constrained
Administrative declaration
attributability
3. In the Bell-LaPadula Model the Object's Label contains ___________________.
Its classification label (Top Secret - Secret or confidential)
Security Policy - Orange Book
A lattice of Intergrity Levels
Physical security
4. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.
Programmable Read-Only Memory (PROM)
The "No read Up" rule
C2 - Controlled Access Protection
B2 - Structured Protection
5. Documentation must be provided - including test - design - and specification document - user guides and manuals
Division C - Discretionary Protection
*-Integrity Axiom
Documentation - Orange Book
Pipelining
6. What does the * (star) property mean in the Bell-LaPadula model?
No write down
Ring 3
Sensitivity labels
Integrity
7. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
Mandatory access control
Security rating B
C1 - Discretionary Security Protection
D
8. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.
Physical security
Its Clearance Label (Top Secret - Secret - or Confidential)
An abstract machine
Covert channels
9. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.
Execution Domain
Virtual Memory
Continuous protection - O/B
attributability
10. When the address location that is specified in the program instruction contains the address of the final desired location.
The reference monitor
Indirect addressing
Security Policy is clearly defined and documented
C2
11. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
B2 rating
Constrained
Controls the checks
The Red Book
12. The Availability - Integrity and confidentiality requirements of multitasking operating systems
Protection Rings Support
B2
Compare the security labels
Complex Instruction Set Computers (CISC)
13. The assignment of a specific individual to administer the security-related functions of a system.
Trusted facility management
No write down
B2 rating
Invocation Property
14. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
Trusted Distribution
Multilevel Security Policies
Operational assurance requirements
Models concerned with integrity
15. TCSEC provides a means to evaluate ______________________.
The trustworthiness of an information system
D
A security domain
Disclosure of residual data
16. The C2 evaluation class of the _________________ offers controlled access protection.
TCB (Trusted Computing Base)
Totality of protection mechanisms
C1
Trusted Network Interpretation (TNI)
17. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
The Clark Wilson integrity model
attributability
Subject to Object Model
Ring 3
18. A subject at a given clearance may not read an object at a higher classification
Disclosure of residual data
The Simple Security Property
Division B - Mandatory Protection
Compare the security labels
19. Which describe a condition when RAM and Secondary storage are used together?
Government and military applications
Virtual storage
Models concerned with integrity
Indexed addressing
20. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
The "No read Up" rule
Buffer overflows
D
Security Policy is clearly defined and documented
21. Permits a database to have two records that are identical except for Their classifications
Buffer overflows
Polyinstantiation
A security domain
A1 - Rating
22. Should always trace to individuals responsible for observing and recording the data
Ring 3
Attributable data
Cache Memory
The Rule is talking about writing
23. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma
A Base Register (Memory Management)
Subject to Object Model
Orange Book C
Discretionary Security Property (ds-property)
24. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.
Constrained
Isolate processes
Physical security
Process isolation
25. An organization within the National Security Agency (NSA) is responsible for Evaluating computer systems and products. The Trusted Product Evaluation program (TPEP) oversees the testing by approved entities of commercial products against a specific s
D
Indirect addressing
The National Computer Security Center (NCSC)
Swap Space
26. The Red Book aka Trusted Network Interpretation (TNI) - provides _________________ for Trusted computer and communications network systems under the areas of assurance requirements
Orange Book interpretations
A and B
The security kernel
Ring 3
27. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.
Storage and timing
Orange Book - A1
Programmable Read-Only Memory (PROM)
Thrashing
28. A system uses the Reference Monitor to ___________________ of a subject and an object?
Division C - Discretionary Protection
Compare the security labels
Security rating B
The "No write Down" Rule
29. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
Orange Book B
B3
Pipelining
Documentation - Orange Book
30. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
Virtual storage
Division B - Mandatory Protection Architecture
Sensitivity labels
A1
31. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.
Process isolation
Ring 1
Indexed addressing
Operational assurance requirements
32. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system
Isolate processes
Access Matrix model
Storage and timing
Physical security
33. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
A Layered Operating System Architecure
Orange Book C
Trusted Distribution
The security kernel
34. The TCB is the ________________ within a computer system that work together to enforce a security policy.
A Limit Register (Memory Management)
Programmable Read-Only Memory (PROM)
C2
Totality of protection mechanisms
35. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.
First evaluation class
Ring 0
Documentation - Orange Book
The Monolithic Operation system Architecture
36. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
A Thread
Covert channels
Controls the checks
Trusted hardware - Software and Firmware
37. The Orange book requires protection against two_____________ - which are these Timing and Storage
Examples of Layered Operating Systems
Types of covert channels
Security Policy
Covert channels
38. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
Constrained
The reference monitor
Labels - Orange Book
Controlling unauthorized downgrading of information
39. As per FDA data should be ______________________________.
B2 - Structured Protection
A security domain
Attributable - original - accurate - contemporaneous and legible
Security Policy
40. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.
Multiprocessing
Division B - Mandatory Protection Architecture
Files - directories and devices
The security perimeter
41. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m
Subject to Object Model
Ring 2
C2 - Controlled Access Protection
Virtual Memory
42. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
Multitasking
The Evaluated Products List (EPL) with their corresponding rating
C2 - Controlled Access Protection
A security kernel
43. What access control technique is also known as multilevel security?
Pipelining
Evaluated separately
Stored in Reak Memory
Mandatory access control
44. Trusted facility management is an assurance requirement only for ________________.
Controlling unauthorized downgrading of information
The TCSEC - Aka Orange Book
Highly secure systems (B2 - B3 and A1)
The Rule is talking about writing
45. I/O drivers and utilities
B3 - Security Domains
Ring 2
'Dominate'
Security Policy is clearly defined and documented
46. Another word for Primary storage and distinguishes physical memory from virtual memory.
A1
Orange Book C
Orange Book A
Real storage
47. Which increases the performance in a computer by overlapping the steps of different instructions?
Division B - Mandatory Protection
Programmable Read-Only Memory (PROM)
Basic Security Theorem (used in computer science) definition
Pipelining
48. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
Process isolation
An abstract machine
Access Matrix model
Sensitivity labels
49. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.
A lattice of Intergrity Levels
State machine model
Execution Domain
A and B
50. Can be erased - modified and upgraded.
Stored in Reak Memory
Controlling unauthorized downgrading of information
Direct addressing
Erasable and Programmable Read-Only Memory (EPROM)
