SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which Orange Book evaluation level is described as "Discretionary Security Protection"?
Scalar processors
C1
Trusted hardware - Software and Firmware
Prohibits
2. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
The Clark Wilson integrity model
The Trusted Computing Base (TCB)
Administrative declaration
No write down
3. Which increases the performance in a computer by overlapping the steps of different instructions?
Certification
Pipelining
Trusted Products Evaluation Program (TPEP)
C2 - Controlled Access Protection
4. Permits a database to have two records that are identical except for Their classifications
The rule is talking about "Reading"
Administrative declaration
A and B
Polyinstantiation
5. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
The Biba Model
Logical addresses
Controlling unauthorized downgrading of information
Polyinstantiation
6. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
Thrashing
C2 - Controlled Access Protection
The Thread (memory Management)
The rule is talking about "Reading"
7. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
Real storage
C1 - Discretionary Security Protection
Prohibits
Programmable Read-Only Memory (PROM)
8. A type of memory used for High-speed writing and reading activities.
Cache Memory
The Clark Wilson integrity model
The TCSEC - Aka Orange Book
Files - directories and devices
9. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
Trusted Distribution
The Monolithic Operation system Architecture
Primary storage
Real storage
10. What is called the formal acceptance of the adequacy of a system's overall security by management?
Absolute addresses
Orange Book - B1
Accreditation
System High Security Mode
11. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
All Mandatory Access Control (MAC) systems
A lattice of Intergrity Levels
Assigned labels
Security Policy
12. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.
State machine model
The Trusted Computing Base (TCB)
B3 - Rating
The Rule is talking about writing
13. The group that oversees the processes of evaluation within TCSEC is?
Direct addressing
The Clark Wilson integrity model
A lattice of Intergrity Levels
Trusted Products Evaluation Program (TPEP)
14. Audit data must be captured and protected to enforce accountability
Virtual Memory
Reduced Instruction Set Computers (RISC)
Higher or equal to access class
Accountability - Orange Book
15. All users have a clearance for and a formal need to know about - all data processed with the system.
The rule is talking about "Reading"
Most commonly used approach
Certification
Dedicated Security Mode
16. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object
D
The Thread (memory Management)
A and B
Access control to the objects by the subjects
17. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
A Limit Register (Memory Management)
A1 - Rating
Clark-Wilson
The Tranqulity principle (The Bell-LaPadula Model)
18. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
Thrashing
Most commonly used approach
A security kernel
A1
19. Which is a straightforward approach that provides access rights to subjects for objects?
Trusted Products Evaluation Program (TPEP)
Direct Addressing
security protection mechanisms
Access Matrix model
20. Which uses Protection Profiles and Security Targets?
Direct addressing
International Standard 15408
Access control to the objects by the subjects
Execution Domain
21. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Prevent secret information from being accessed
Networks and Communications
The Biba Model
22. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.
A and B
Ring 2
Simple Security Rule
Trusted hardware - Software and Firmware
23. The security kernel is the mechanism that _____________ of the reference monitor concept.
A Domain
Orange Book - B1
No read down
Enforces the rules
24. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.
An abstract machine
International Standard 15408
Access control to the objects by the subjects
Multilevel Security Policies
25. When a vendor submits a product for evaluation - it submits it to the ____________.
NOT Integrity
Orange Book interpretations
The National Computer Security Center (NCSC)
Sensitivity labels
26. I/O drivers and utilities
Ring 2
The *-Property rule (Star property)
Subject to Object Model
Swap Space
27. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.
Access control to the objects by the subjects
The security perimeter
Subject to Object Model
Invocation Property
28. Which Orange Book evaluation level is described as "Verified Design"?
A1
Division C - Discretionary Protection
Real storage
Types of covert channels
29. Discretionary protection
The Tranqulity principle (The Bell-LaPadula Model)
Assigned labels
Orange Book C
Need-to-know
30. When the address location that is specified in the program instruction contains the address of the final desired location.
Evaluated separately
Higher or equal to access class
Indirect addressing
The security perimeter
31. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Attributable - original - accurate - contemporaneous and legible
The *-Property rule (Star property)
Evaluated separately
The Simple Security Property
32. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?
A single classification and a Compartment Set
Clark-Wilson Model
Fail safe
Indirect addressing
33. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.
Documentation - Orange Book
Ring 0
C2 - Controlled Access Protection
Trusted Distribution
34. Based on a known address with an offset value applied.
Government and military applications
A security kernel
Covert channels
Relative Addresses
35. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?
The Rule is talking about writing
Disclosure of residual data
The security perimeter
Relative Addresses
36. The Physical memory address that the CPU uses
Absolute addresses
Overt channel
B2 - Structured Protection
NOT Integrity
37. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
Process isolation
Execution Domain
D
C2 - Controlled Access Protection
38. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m
Documentation - Orange Book
C2 - Controlled Access Protection
Security rating B
C2
39. Which can be used as a covert channel?
Orange Book - B2
Security Policy is clearly defined and documented
Storage and timing
Controls the checks
40. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
B3 - Security Domains
Controls the checks
Relative Addresses
Multiprocessing
41. The Biba Model adresses _____________________.
Simple Integrity Axiom
The Integrity of data within applications
The National Computer Security Center (NCSC)
Continuous protection - O/B
42. Users need to be Identified individually to provide more precise acces control and auditing functionality.
Security Policy
Sensitivity labels
C2 - Controlled Access Protection
The trustworthiness of an information system
43. In ______________ the subject must have: Need to Know for ALL the information contained within the system.
B2 rating
Orange Book ratings
Dedicated Security Mode
Certification
44. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.
A security domain
No read down
Basic Security Theorem (used in computer science) definition
Multiprocessing
45. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
The security perimeter
Division C - Discretionary Protection
Types of covert channels
Need-to-know
46. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain
Constrained
A lattice of Intergrity Levels
Security Policy - Orange Book
Thrashing
47. Used by Windows systems to reserve the "Swap Space"
The Simple Security Property
Highly secure systems (B2 - B3 and A1)
Pipelining
Pagefile.sys file
48. Which TCSEC level first addresses object reuse?
C2
Clark-Wilson
Relative Addresses
Real storage
49. The Policy must be explicit and well defined and enforced by the mechanisms within the system
Security Policy - Orange Book
Networks and Communications
Life Cycle Assurance Requirement
Attributable data
50. In the Bell-LaPadula Model the Subject's Label contains ___________________.
State machine model
C2 - Controlled Access Protection
Isolate processes
Its Clearance Label (Top Secret - Secret - or Confidential)