SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
Virtual Memory
Division B - Mandatory Protection Architecture
A Limit Register (Memory Management)
Logical addresses
2. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)
In C2 - Controlled Access Protection environment
Firmware
A Limit Register (Memory Management)
Simple Security Rule
3. Components considered as part of the Trusted Computing Base (from the Orange Book) are?
D
In C2 - Controlled Access Protection environment
Accreditation
Trusted hardware - Software and Firmware
4. Individual subjects must be uniquely identified.
Ring 3
Identification - Orange Book
C2 - Controlled Access Protection
security protection mechanisms
5. Which Orange Book evaluation level is described as "Verified Design"?
Storage and timing
Its classification label (Top Secret - Secret or confidential)
A1
Buffer (temporary data storage area)
6. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
Certification
Be protected from modification
Division B - Mandatory Protection
Networks and Communications
7. System Architecture that separates system functionality into Hierarchical layers
A Layered Operating System Architecure
Mandatory access control
Storage and timing
Execution Domain
8. The Bell-LaPadula model Subjects and Objects are ___________.
Administrative declaration
Assigned labels
C2 - Controlled Access Protection
D
9. The subject must have Need to Know for ONLY the information they are trying to access.
Files - directories and devices
System High Security Mode
B2 rating
B3
10. Users need to be Identified individually to provide more precise acces control and auditing functionality.
Compare the security labels
Sensitivity labels
Relative Addresses
C2 - Controlled Access Protection
11. Another word for Primary storage and distinguishes physical memory from virtual memory.
Real storage
Attributable data
Dedicated Security Mode
In C2 - Controlled Access Protection environment
12. What prevents a process from accessing another process' data?
A Limit Register (Memory Management)
Swap Space
Process isolation
A1 - Rating
13. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle
System High Security Mode
No read down
Complex Instruction Set Computers (CISC)
Division C - Discretionary Protection
14. Should always trace to individuals responsible for observing and recording the data
Swap Space
A security domain
C1
Attributable data
15. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
The Red Book
The Common Criteria
Evaluated separately
Stored in Reak Memory
16. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.
Trusted hardware - Software and Firmware
Its classification label (Top Secret - Secret or confidential)
The Red Book
The rule is talking about "Reading"
17. In the Bell-LaPadula Model the Object's Label contains ___________________.
The Biba Model
Its classification label (Top Secret - Secret or confidential)
Division D - Minimal Protection
Ring 1
18. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards
Orange Book interpretations
Discretionary Security Property (ds-property)
Administrative declaration
Be protected from modification
19. The C2 evaluation class of the _________________ offers controlled access protection.
security protection mechanisms
Trusted Network Interpretation (TNI)
First evaluation class
Logical addresses
20. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.
Orange Book A
C1 - Discrection Security Protection is a type of environment
Prohibits
Reduced Instruction Set Computers (RISC)
21. Bell-LaPadula model was proposed for enforcing access control in _____________________.
Government and military applications
Indirect addressing
Primary storage
C1 - Discrection Security Protection is a type of environment
22. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.
Prevent secret information from being accessed
Dedicated Security Mode
A lattice of Intergrity Levels
The Monolithic Operation system Architecture
23. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.
Programmable Read-Only Memory (PROM)
Accreditation
The Integrity of data within applications
A1
24. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?
Access control to the objects by the subjects
Fail safe
Invocation Property
Documentation - Orange Book
25. The Reserved hard drive space used to to extend RAM capabilites.
Swap Space
A Limit Register (Memory Management)
The Clark Wilson integrity model
B3
26. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
A lattice of Intergrity Levels
Assigned labels
A security domain
Trusted Distribution
27. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.
Highly secure systems (B2 - B3 and A1)
C2 - Controlled Access Protection
State machine model
Division B - Mandatory Protection
28. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
A single classification and a Compartment Set
Covert channels
Networks and Communications
Prevent secret information from being accessed
29. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
Mandatory Access Control (MAC)
The Red Book
Division C - Discretionary Protection
International Standard 15408
30. The Simple Security rule is refered to as______________.
A1 - Rating
Pagefile.sys file
The "No read Up" rule
In C2 - Controlled Access Protection environment
31. A domain of trust that shares a single security policy and single management
Stored in Reak Memory
Real storage
Trusted facility management
A security domain
32. What are the components of an object's sensitivity label?
Swap Space
Examples of Layered Operating Systems
Orange Book interpretations
A single classification and a Compartment Set
33. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.
Dominate the object's sensitivity label
Accreditation
The Biba Model
A1 - Rating
34. What does the simple integrity axiom mean in the Biba model?
Trusted hardware - Software and Firmware
No read down
Life-cycle assurance - O/B
A Domain
35. The assignment of a specific individual to administer the security-related functions of a system.
Division B - Mandatory Protection Architecture
Firmware
Trusted facility management
Dedicated Security Mode
36. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
Division B - Mandatory Protection Architecture
Direct Addressing
Firmware
Models concerned with integrity
37. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.
Orange Book - B1
System High Security Mode
Ring 2
Primary storage
38. Each data object must contain a classification label and each subject must have a clearance label.
Security rating B
Direct addressing
B1 - Labeled Security
Accreditation
39. What does the * (star) property mean in the Bell-LaPadula model?
No write down
No read down
Trusted Products Evaluation Program (TPEP)
Access control to the objects by the subjects
40. In ______________ the subject must have: Need to Know for ALL the information contained within the system.
Protection Rings Support
A Limit Register (Memory Management)
Dedicated Security Mode
The Clark Wilson integrity model
41. The TCB is the ________________ within a computer system that work together to enforce a security policy.
TCB (Trusted Computing Base)
*-Integrity Axiom
Totality of protection mechanisms
The Strong star property rule
42. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?
B3 - Security Domains
Examples of Layered Operating Systems
The TCSEC - Aka Orange Book
Multitasking
43. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
The National Computer Security Center (NCSC)
Orange Book - B3
The *-Property rule (Star property)
Networks and Communications
44. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.
The *-Property rule (Star property)
The Security Kernel
The Trusted Computing Base (TCB)
Storage and timing
45. What model use an access control triples and requires that the system maintain separation of duty ?
Clark-Wilson
Indexed addressing
Direct Addressing
Division C - Discretionary Protection
46. Bell-LaPadula Model -______________: A subject in a given security level can NOT WRITE information to a LOWER security level.
C2 - Controlled Access Protection
A security kernel
The National Computer Security Center (NCSC)
The *-Property rule (Star property)
47. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system
Thrashing
Isolate processes
The Rule is talking about writing
Fail safe
48. The Bell-LaPadula Model is a _______________.
Operational assurance requirements
A Thread
Subject to Object Model
All Mandatory Access Control (MAC) systems
49. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
'Dominate'
Government and military applications
The National Computer Security Center (NCSC)
The security kernel
50. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
Security rating B
Execution Domain
C2
Accountability - Orange Book
