SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
Security Policy - Orange Book
C2
B2
*-Integrity Axiom
2. The Availability - Integrity and confidentiality requirements of multitasking operating systems
Multiprocessing
Protection Rings Support
B3 - Rating
Buffer overflows
3. The Physical memory address that the CPU uses
The Strong star property rule
The reference monitor
The Thread (memory Management)
Absolute addresses
4. What model use an access control triples and requires that the system maintain separation of duty ?
The Thread (memory Management)
Clark-Wilson
Isolate processes
Division C - Discretionary Protection
5. Bell-LaPadula model was proposed for enforcing access control in _____________________.
Most commonly used approach
Government and military applications
The rule is talking about "Reading"
Files - directories and devices
6. In access control terms - the word "dominate" refers to ___________.
Buffer overflows
Higher or equal to access class
Multiprocessing
Orange Book - A1
7. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.
The trustworthiness of an information system
No read up
Logical addresses
Simple Security Rule
8. When a computer uses more than one CPU in parallel to execute instructions is known as?
The Trusted Computing Base (TCB)
Ring 3
Multiprocessing
Programmable Read-Only Memory (PROM)
9. TCSEC provides a means to evaluate ______________________.
Accountability - Orange Book
An abstract machine
The trustworthiness of an information system
A1 - Rating
10. Permits a database to have two records that are identical except for Their classifications
Continuous protection - O/B
System High Security Mode
Integrity
Polyinstantiation
11. A type of memory used for High-speed writing and reading activities.
Cache Memory
Access control to the objects by the subjects
Disclosure of residual data
The Thread (memory Management)
12. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.
Files - directories and devices
Programmable Read-Only Memory (PROM)
The "No write Down" Rule
Identification - Orange Book
13. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?
Disclosure of residual data
Clark-Wilson
Highly secure systems (B2 - B3 and A1)
Swap Space
14. Bell-LaPadula Model -______________: A subject in a given security level can NOT WRITE information to a LOWER security level.
The *-Property rule (Star property)
Cache Memory
Examples of Layered Operating Systems
Pagefile.sys file
15. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
Real storage
The Monolithic Operation system Architecture
Be protected from modification
Attributable data
16. Which is a straightforward approach that provides access rights to subjects for objects?
The Evaluated Products List (EPL) with their corresponding rating
Prevent secret information from being accessed
C2 - Controlled Access Protection
Access Matrix model
17. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.
Indirect addressing
Trusted hardware - Software and Firmware
NOT Integrity
Orange Book - B2
18. A domain of trust that shares a single security policy and single management
Controlling unauthorized downgrading of information
B1 - Labeled Security rating
A security domain
Its classification label (Top Secret - Secret or confidential)
19. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
Access Matrix model
The "No read Up" rule
Division C - Discretionary Protection
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
20. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
Covert channels
Accountability - Orange Book
Overt channel
The Security Kernel
21. Which in the Orange Book ratings represents the highest level of trust?
Direct addressing
B2
No read down
Orange Book ratings
22. Execute one instruction at a time.
The Integrity of data within applications
Scalar processors
The reference monitor
Multitasking
23. Using TPs (Transformation Procedures) to modify CDIs (Constrained Data) items is refered to as Well-Formed transaction
Totality of protection mechanisms
Clark-Wilson Model
Absolute addresses
Prohibits
24. Applications and user activity
Ring 3
Multiprocessing
No write down
Enforces the rules
25. Documentation must be provided - including test - design - and specification document - user guides and manuals
Documentation - Orange Book
Swap Space
A Thread
Trusted Products Evaluation Program (TPEP)
26. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.
Operational assurance requirements
A Limit Register (Memory Management)
A Domain
Dominate the object's sensitivity label
27. What does the simple security (ss) property mean in the Bell-LaPadula model?
Networks and Communications
No read up
The Simple Security Property
B3
28. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?
Simple Security Rule
B3
Networks and Communications
Orange Book B
29. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
A and B
Trusted hardware - Software and Firmware
Protection Rings Support
A1
30. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.
A Layered Operating System Architecure
Most commonly used approach
Compare the security labels
Security mechanisms and evalautes their effectivenes
31. Verification Protection
Orange Book A
Erasable and Programmable Read-Only Memory (EPROM)
Primary storage
B2 rating
32. The total combination of protection mechanisms within a computer system
TCB (Trusted Computing Base)
C1 - Discrection Security Protection is a type of environment
No read down
The Biba Model
33. The Orange book requires protection against two_____________ - which are these Timing and Storage
Orange Book B
The Biba Model
A security domain
Types of covert channels
34. Contains the ending address
Its classification label (Top Secret - Secret or confidential)
B3 - Rating
B2 - Structured Protection
A Limit Register (Memory Management)
35. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
Swap Space
Need-to-know
Division D - Minimal Protection
Multilevel Security Policies
36. When the address location that is specified in the program instruction contains the address of the final desired location.
Disclosure of residual data
Cache Memory
Indirect addressing
B3
37. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
Networks and Communications
B3
B2 - Structured Protection
C2
38. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.
Life-cycle assurance - O/B
Ring 0
Continuous protection - O/B
Orange Book - B1
39. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.
Storage and timing
Higher or equal to access class
The Strong star property rule
The Trusted Computing Base (TCB)
40. The Indexed memory addresses that software uses
Clark-Wilson Model
Logical addresses
Attributable data
Disclosure of residual data
41. The Security Model Incorporates the ____________ that should be enforced in the system.
Scalar processors
Prohibits
The Clark Wilson integrity model
Security Policy
42. Happen because input data is not checked for appropriate length at time of input
Programmable Read-Only Memory (PROM)
Most commonly used approach
security protection mechanisms
Buffer overflows
43. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
Access control to the objects by the subjects
Prohibits
The *-Property rule (Star property)
The reference monitor
44. What is called the formal acceptance of the adequacy of a system's overall security by management?
Ring 1
No read down
No write down
Accreditation
45. Audit data must be captured and protected to enforce accountability
Trusted Network Interpretation (TNI)
Isolate processes
Integrity
Accountability - Orange Book
46. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.
Covert channels
Division B - Mandatory Protection Architecture
attributability
C2
47. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system
B3 - Security Domains
A single classification and a Compartment Set
Isolate processes
Buffer (temporary data storage area)
48. A set of objects that a subject is able to access
Controlling unauthorized downgrading of information
A Domain
Primary storage
Examples of Layered Operating Systems
49. Remaining parts of the operating system
Accountability - Orange Book
Execution Domain
Ring 1
Isolate processes
50. The Reserved hard drive space used to to extend RAM capabilites.
Operational assurance requirements
Dedicated Security Mode
Swap Space
Simple Security Rule
