SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which increases the performance in a computer by overlapping the steps of different instructions?
Pipelining
Security Policy - Orange Book
Most commonly used approach
Highly secure systems (B2 - B3 and A1)
2. Simpler instructions that require fewer clock cycles to execute.
C1 - Discretionary Security Protection
Ring 1
All Mandatory Access Control (MAC) systems
Reduced Instruction Set Computers (RISC)
3. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.
Fail safe
Compare the security labels
The Trusted Computing Base (TCB)
Sensitivity labels
4. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain
NOT Integrity
'Dominate'
Constrained
Erasable and Programmable Read-Only Memory (EPROM)
5. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.
Need-to-know
The "No write Down" Rule
Trusted Distribution
Basic Security Theorem (used in computer science) definition
6. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
Assigned labels
A security kernel
A Thread
Division D - Minimal Protection
7. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?
The Evaluated Products List (EPL) with their corresponding rating
Disclosure of residual data
Security mechanisms and evalautes their effectivenes
Security rating B
8. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.
The Integrity of data within applications
Orange Book - B2
The Trusted Computing Base (TCB)
Its classification label (Top Secret - Secret or confidential)
9. Remaining parts of the operating system
All Mandatory Access Control (MAC) systems
Basic Security Theorem (used in computer science) definition
Ring 1
Attributable - original - accurate - contemporaneous and legible
10. Which Orange Book evaluation level is described as "Discretionary Security Protection"?
Continuous protection - O/B
C1
Multiprocessing
C2
11. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.
B2
security protection mechanisms
Most commonly used approach
Its classification label (Top Secret - Secret or confidential)
12. Can be erased - modified and upgraded.
Multilevel Security Policies
Orange Book C
A security kernel
Erasable and Programmable Read-Only Memory (EPROM)
13. All users have a clearance for and a formal need to know about - all data processed with the system.
Orange Book - B3
*-Integrity Axiom
Dedicated Security Mode
Pagefile.sys file
14. Used by Windows systems to reserve the "Swap Space"
C2
Trusted hardware - Software and Firmware
Pagefile.sys file
The security perimeter
15. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
NOT Integrity
Prevent secret information from being accessed
Overt channel
C2 - Controlled Access Protection
16. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
The National Computer Security Center (NCSC)
A1 - Rating
Pipelining
security protection mechanisms
17. An organization within the National Security Agency (NSA) is responsible for Evaluating computer systems and products. The Trusted Product Evaluation program (TPEP) oversees the testing by approved entities of commercial products against a specific s
Assigned labels
Enforces the rules
Swap Space
The National Computer Security Center (NCSC)
18. Data in Cache can be accessed much more quickly than Data
Reduced Instruction Set Computers (RISC)
Government and military applications
Stored in Reak Memory
The TCSEC - Aka Orange Book
19. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.
The Red Book
B3 - Security Domains
Stored in Reak Memory
Programmable Read-Only Memory (PROM)
20. I/O drivers and utilities
Ring 2
B1 - Labeled Security rating
Trusted Distribution
*-Integrity Axiom
21. Succesfully Evaluated products are placed on?
Physical security
Multiprocessing
Programmable Read-Only Memory (PROM)
The Evaluated Products List (EPL) with their corresponding rating
22. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards
Accreditation
C1 - Discrection Security Protection is a type of environment
A Domain
Administrative declaration
23. What does the Clark-Wilson security model focus on
Integrity
Accreditation
A1
Invocation Property
24. Which is an ISO standard product evaluation criteria that supersedes several different criteria
The Common Criteria
Government and military applications
Assigned labels
In C2 - Controlled Access Protection environment
25. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
Be protected from modification
*-Integrity Axiom
Files - directories and devices
Ring 1
26. Contains the ending address
The security perimeter
Scalar processors
Need-to-know
A Limit Register (Memory Management)
27. A Policy based control. All objects and systems have a sensitivity level assigned to them
B3
Mandatory Access Control (MAC)
B2
Mandatory access control
28. The C2 evaluation class of the _________________ offers controlled access protection.
Trusted facility management
Virtual storage
Trusted Network Interpretation (TNI)
Continuous protection - O/B
29. Individual subjects must be uniquely identified.
Pagefile.sys file
A Layered Operating System Architecure
Identification - Orange Book
Orange Book - B3
30. The Orange book does NOT Cover ________________ - And Database management systems
Networks and Communications
Controls the checks
Fail safe
Thrashing
31. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?
An abstract machine
Documentation - Orange Book
Fail safe
The Strong star property rule
32. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)
Certification
Accreditation
Security mechanisms and evalautes their effectivenes
Firmware
33. The TCB is the ________________ within a computer system that work together to enforce a security policy.
Constrained
Totality of protection mechanisms
The security perimeter
A Domain
34. The security kernel is the mechanism that _____________ of the reference monitor concept.
Enforces the rules
Disclosure of residual data
Trusted Distribution
A Thread
35. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.
Buffer (temporary data storage area)
Orange Book ratings
Process isolation
The Rule is talking about writing
36. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system
First evaluation class
The Monolithic Operation system Architecture
Pagefile.sys file
Isolate processes
37. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs
Ring 0
Secondary Storage
Basic Security Theorem (used in computer science) definition
Scalar processors
38. When a portion of primary memory is accessed by specifying the actual address of the memory location
Direct addressing
The Thread (memory Management)
Access control to the objects by the subjects
Disclosure of residual data
39. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
B3 - Security Domains
The *-Property rule (Star property)
Be protected from modification
The trustworthiness of an information system
40. Happen because input data is not checked for appropriate length at time of input
Most commonly used approach
Dedicated Security Mode
Buffer overflows
Access control to the objects by the subjects
41. Based on a known address with an offset value applied.
Operational assurance requirements
Relative Addresses
Government and military applications
Disclosure of residual data
42. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
The Clark Wilson integrity model
The Simple Security Property
security protection mechanisms
Invocation Property
43. Mandatory Access requires that _____________ be attached to all objects.
Sensitivity labels
Attributable data
attributability
Orange Book - A1
44. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?
Process isolation
The Strong star property rule
Security mechanisms and evalautes their effectivenes
The TCSEC - Aka Orange Book
45. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
The security perimeter
Division B - Mandatory Protection Architecture
Orange Book - D
Life-cycle assurance - O/B
46. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.
Protection Rings Support
Continuous protection - O/B
Ring 2
B3
47. The assignment of a specific individual to administer the security-related functions of a system.
Trusted facility management
A Thread
C1 - Discretionary Security Protection
C1 - Discrection Security Protection is a type of environment
48. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
Thrashing
Cache Memory
The security perimeter
B1 - Labeled Security rating
49. The Policy must be explicit and well defined and enforced by the mechanisms within the system
Labels - Orange Book
'Dominate'
Security Policy - Orange Book
Prohibits
50. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
Orange Book - B1
Simple Security Rule
Buffer (temporary data storage area)
C1 - Discretionary Security Protection