Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.






2. TCSEC provides a means to evaluate ______________________.






3. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when






4. Based on a known address with an offset value applied.






5. Mediates all access and Functions between subjects and objects.






6. When the RAM and secondary storage are combined the result is __________.






7. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when






8. What does the simple security (ss) property mean in the Bell-LaPadula model?






9. Which describe a condition when RAM and Secondary storage are used together?






10. In the Bell-LaPadula Model the Subject's Label contains ___________________.






11. Used by Windows systems to reserve the "Swap Space"






12. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection






13. A type of memory used for High-speed writing and reading activities.






14. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.






15. The Policy must be explicit and well defined and enforced by the mechanisms within the system






16. When a computer uses more than one CPU in parallel to execute instructions is known as?






17. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.






18. A domain of trust that shares a single security policy and single management






19. Contains the beginning address






20. Simpler instructions that require fewer clock cycles to execute.






21. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.






22. TCB contains The Security Kernel and all ______________.






23. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.






24. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.






25. Which increases the performance in a computer by overlapping the steps of different instructions?






26. What access control technique is also known as multilevel security?






27. A1 is also called "Verified Design" and requires formal verification of the design and specifications.






28. The Red Book aka Trusted Network Interpretation (TNI) - provides _________________ for Trusted computer and communications network systems under the areas of assurance requirements






29. The Bell-LaPadula model Subjects and Objects are ___________.






30. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.






31. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.






32. All users have a clearance for and a formal need to know about - all data processed with the system.






33. Which uses Protection Profiles and Security Targets?






34. Which Orange Book evaluation level is described as "Verified Design"?






35. When the address location that is specified in the program instruction contains the address of the final desired location.






36. The Bell-LaPadula Model is a _______________.






37. For a subject to have read access to an object in a Multi-Level Security Policy - it is necessary that the subject's sensitivity label must ____________________.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


38. The Reserved hard drive space used to to extend RAM capabilites.






39. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.






40. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?






41. Happen because input data is not checked for appropriate length at time of input






42. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.






43. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.






44. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?






45. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise






46. A subject at a given clearance may not read an object at a higher classification






47. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.






48. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain






49. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.






50. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.