SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
Pipelining
Implement software or systems in a production environment
Prohibits
Mandatory access control
2. When a vendor submits a product for evaluation - it submits it to the ____________.
The National Computer Security Center (NCSC)
B2 rating
A Domain
Accountability - Orange Book
3. The Physical memory address that the CPU uses
Absolute addresses
A Domain
Thrashing
The National Computer Security Center (NCSC)
4. Subjects and Objects cannot change their security levels once they have been instantiated (created)
Covert channels
The Tranqulity principle (The Bell-LaPadula Model)
Pagefile.sys file
security protection mechanisms
5. In ______________ the subject must have: Need to Know for ALL the information contained within the system.
System High Security Mode
Access Matrix model
Dedicated Security Mode
Examples of Layered Operating Systems
6. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.
Networks and Communications
Stored in Reak Memory
Files - directories and devices
Execution Domain
7. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards
No read down
Administrative declaration
Government and military applications
Pagefile.sys file
8. Which would be designated as objects on a MAC system?
A Limit Register (Memory Management)
Enforces the rules
B1 - Labeled Security rating
Files - directories and devices
9. Operating System Kernel
B1 - Labeled Security rating
Security Policy is clearly defined and documented
Ring 0
Isolate processes
10. When the RAM and secondary storage are combined the result is __________.
Real storage
Security Policy is clearly defined and documented
Swap Space
Virtual Memory
11. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
Thrashing
A and B
A Domain
A security domain
12. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
Assigned labels
Relative Addresses
Trusted Distribution
A Thread
13. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
Multitasking
B2 rating
Process isolation
The Red Book
14. The Orange book does NOT Cover ________________ - And Database management systems
NOT Integrity
Secondary Storage
C1
Networks and Communications
15. Applications and user activity
The Security Kernel
The Trusted Computing Base (TCB)
Security Policy is clearly defined and documented
Ring 3
16. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma
Basic Security Theorem (used in computer science) definition
The National Computer Security Center (NCSC)
Discretionary Security Property (ds-property)
Trusted facility management
17. Which addresses a portion of the primary memory by specifying the actual address of the memory location?
Implement software or systems in a production environment
Direct Addressing
Operational assurance requirements
Attributable data
18. Levels of Security and Levels of Trust Lower Letters of the alphabet represent higher levels of security. Higher numbers indicate a greater level of trust.
The Strong star property rule
Swap Space
Prevent secret information from being accessed
Orange Book ratings
19. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu
Security Policy is clearly defined and documented
Constrained
The Simple Security Property
Polyinstantiation
20. Mediates all access and Functions between subjects and objects.
Security mechanisms and evalautes their effectivenes
The Security Kernel
The Evaluated Products List (EPL) with their corresponding rating
Relative Addresses
21. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
C2
The Clark Wilson integrity model
Be protected from modification
Virtual storage
22. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.
Operational assurance requirements
A security kernel
Orange Book interpretations
Direct Addressing
23. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)
Relative Addresses
Firmware
Controls the checks
Security Policy is clearly defined and documented
24. Mandatory Protection
Orange Book B
Execution Domain
Security Policy
C2
25. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
Indexed addressing
In C2 - Controlled Access Protection environment
Orange Book - B3
Most commonly used approach
26. What does the simple security (ss) property mean in the Bell-LaPadula model?
Cache Memory
Process isolation
No read up
The Evaluated Products List (EPL) with their corresponding rating
27. For a subject to have read access to an object in a Multi-Level Security Policy - it is necessary that the subject's sensitivity label must ____________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
28. A subject at a given clearance may not read an object at a higher classification
The Simple Security Property
Prohibits
Security Policy
B2 rating
29. A1 is also called "Verified Design" and requires formal verification of the design and specifications.
Evaluated separately
Implement software or systems in a production environment
Protection Rings Support
Orange Book - A1
30. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.
Multilevel Security Policies
Its classification label (Top Secret - Secret or confidential)
The Biba Model
Secondary Storage
31. When a portion of primary memory is accessed by specifying the actual address of the memory location
Types of covert channels
Physical security
Simple Security Rule
Direct addressing
32. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
Evaluated separately
Clark-Wilson Model
Division D - Minimal Protection
B1
33. Which is a straightforward approach that provides access rights to subjects for objects?
Mandatory Access Control (MAC)
Access Matrix model
B2
Buffer (temporary data storage area)
34. What are the components of an object's sensitivity label?
Orange Book interpretations
A single classification and a Compartment Set
A Domain
Direct Addressing
35. Permits a database to have two records that are identical except for Their classifications
Accountability - Orange Book
Process isolation
A security domain
Polyinstantiation
36. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.
Scalar processors
Need-to-know
The Evaluated Products List (EPL) with their corresponding rating
First evaluation class
37. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
Protection Rings Support
All Mandatory Access Control (MAC) systems
Orange Book - B3
attributability
38. The Security Model Incorporates the ____________ that should be enforced in the system.
The National Computer Security Center (NCSC)
A1 - Rating
Security Policy
Dedicated Security Mode
39. The Bell-LaPadula model Subjects and Objects are ___________.
Assigned labels
Orange Book C
The "No read Up" rule
Trusted Products Evaluation Program (TPEP)
40. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
Controlling unauthorized downgrading of information
Division C - Discretionary Protection
Secondary Storage
The "No read Up" rule
41. The Simple Security rule is refered to as______________.
The "No read Up" rule
Orange Book - B2
Ring 1
Dominate the object's sensitivity label
42. TCSEC provides a means to evaluate ______________________.
B2 - Structured Protection
Ring 2
The trustworthiness of an information system
Certification
43. Happen because input data is not checked for appropriate length at time of input
Government and military applications
The security perimeter
Buffer overflows
Multiprocessing
44. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
Implement software or systems in a production environment
B1 - Labeled Security rating
The Biba Model
Division B - Mandatory Protection Architecture
45. The Red Book aka Trusted Network Interpretation (TNI) - provides _________________ for Trusted computer and communications network systems under the areas of assurance requirements
C1
Orange Book interpretations
Cache Memory
Life Cycle Assurance Requirement
46. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.
Basic Security Theorem (used in computer science) definition
Government and military applications
Attributable - original - accurate - contemporaneous and legible
Prevent secret information from being accessed
47. Execute one instruction at a time.
Certification
The Rule is talking about writing
Pipelining
Scalar processors
48. Involves sharing the processor amoung all ready processes
Multitasking
Scalar processors
Assigned labels
A lattice of Intergrity Levels
49. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
Trusted Distribution
Accreditation
A Domain
A security kernel
50. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
B1 - Labeled Security rating
Controls the checks
The security perimeter
An abstract machine
