SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which describe a condition when RAM and Secondary storage are used together?
Virtual storage
Files - directories and devices
Documentation - Orange Book
C1
2. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"
The Thread (memory Management)
Documentation - Orange Book
The security perimeter
Simple Integrity Axiom
3. Succesfully Evaluated products are placed on?
The Evaluated Products List (EPL) with their corresponding rating
B2 - Structured Protection
Dominate the object's sensitivity label
Bell-LaPadula Model
4. An organization within the National Security Agency (NSA) is responsible for Evaluating computer systems and products. The Trusted Product Evaluation program (TPEP) oversees the testing by approved entities of commercial products against a specific s
The National Computer Security Center (NCSC)
Division C - Discretionary Protection
Government and military applications
Orange Book - B1
5. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?
The TCSEC - Aka Orange Book
NOT Integrity
Trusted hardware - Software and Firmware
Disclosure of residual data
6. Which is an ISO standard product evaluation criteria that supersedes several different criteria
Process isolation
B3
The Monolithic Operation system Architecture
The Common Criteria
7. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.
A1
Simple Integrity Axiom
Orange Book - B1
C2 - Controlled Access Protection
8. When a computer uses more than one CPU in parallel to execute instructions is known as?
Trusted Distribution
Multiprocessing
Trusted Products Evaluation Program (TPEP)
C1
9. Audit data must be captured and protected to enforce accountability
Compare the security labels
Division B - Mandatory Protection Architecture
Accountability - Orange Book
Integrity
10. All users have a clearance for and a formal need to know about - all data processed with the system.
A single classification and a Compartment Set
Dedicated Security Mode
Indirect addressing
Controlling unauthorized downgrading of information
11. The combination of RAM - Cache and the Processor Registers
Primary storage
C1
Logical addresses
The Strong star property rule
12. Discretionary protection
Orange Book C
Administrative declaration
The Tranqulity principle (The Bell-LaPadula Model)
B2 - Structured Protection
13. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
Security Policy
Buffer (temporary data storage area)
No read up
Overt channel
14. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
C2
Controls the checks
A single classification and a Compartment Set
security protection mechanisms
15. The TCB is the ________________ within a computer system that work together to enforce a security policy.
Totality of protection mechanisms
Orange Book - B1
B3
Documentation - Orange Book
16. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.
System High Security Mode
The Rule is talking about writing
Pagefile.sys file
Need-to-know
17. Bell-LaPadula model was proposed for enforcing access control in _____________________.
The "No write Down" Rule
Government and military applications
Logical addresses
Overt channel
18. A Policy based control. All objects and systems have a sensitivity level assigned to them
Mandatory Access Control (MAC)
Prevent secret information from being accessed
Orange Book - A1
Evaluated separately
19. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
B3 - Security Domains
Types of covert channels
The trustworthiness of an information system
First evaluation class
20. Should always trace to individuals responsible for observing and recording the data
Attributable data
Complex Instruction Set Computers (CISC)
Isolate processes
Division B - Mandatory Protection
21. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.
The Trusted Computing Base (TCB)
B1
Implement software or systems in a production environment
Labels - Orange Book
22. The C2 evaluation class of the _________________ offers controlled access protection.
Access control to the objects by the subjects
Ring 0
Accreditation
Trusted Network Interpretation (TNI)
23. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.
Security rating B
The National Computer Security Center (NCSC)
Pagefile.sys file
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
24. The subject must have Need to Know for ONLY the information they are trying to access.
System High Security Mode
The security perimeter
Orange Book - B1
Controlling unauthorized downgrading of information
25. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
Orange Book - B2
Invocation Property
Real storage
Security Policy is clearly defined and documented
26. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards
B3
Execution Domain
Attributable data
Administrative declaration
27. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.
Administrative declaration
The Evaluated Products List (EPL) with their corresponding rating
A security kernel
attributability
28. Can be erased - modified and upgraded.
Life-cycle assurance - O/B
Erasable and Programmable Read-Only Memory (EPROM)
Process isolation
Access control to the objects by the subjects
29. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
Dedicated Security Mode
Certification
Orange Book - B3
D
30. The Orange book requires protection against two_____________ - which are these Timing and Storage
Stored in Reak Memory
TCB (Trusted Computing Base)
Types of covert channels
Security Policy
31. In access control terms - the word "dominate" refers to ___________.
Higher or equal to access class
Need-to-know
Continuous protection - O/B
Orange Book interpretations
32. A type of memory used for High-speed writing and reading activities.
Most commonly used approach
Cache Memory
Trusted facility management
Trusted Distribution
33. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
B1 - Labeled Security rating
Indirect addressing
In C2 - Controlled Access Protection environment
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
34. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
A1
Simple Integrity Axiom
B1
Certification
35. Mandatory Access requires that _____________ be attached to all objects.
The Evaluated Products List (EPL) with their corresponding rating
The Integrity of data within applications
A lattice of Intergrity Levels
Sensitivity labels
36. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
Models concerned with integrity
The "No read Up" rule
Pagefile.sys file
Overt channel
37. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Basic Security Theorem (used in computer science) definition
The Tranqulity principle (The Bell-LaPadula Model)
C1 - Discretionary Security Protection
38. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
Files - directories and devices
Clark-Wilson Model
Totality of protection mechanisms
Trusted Distribution
39. Contains the beginning address
A Base Register (Memory Management)
Trusted Products Evaluation Program (TPEP)
Dedicated Security Mode
Compare the security labels
40. What is called the formal acceptance of the adequacy of a system's overall security by management?
A1 - Rating
Orange Book - D
B2 - Structured Protection
Accreditation
41. Remaining parts of the operating system
Ring 1
Cache Memory
Protection Rings Support
A single classification and a Compartment Set
42. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.
attributability
The Trusted Computing Base (TCB)
Orange Book - B3
Covert channels
43. A domain of trust that shares a single security policy and single management
A1
A security domain
'Dominate'
Disclosure of residual data
44. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
Operational assurance requirements
Controlling unauthorized downgrading of information
The Common Criteria
A1
45. What prevents a process from accessing another process' data?
Isolate processes
Firmware
A Limit Register (Memory Management)
Process isolation
46. A set of objects that a subject is able to access
An abstract machine
A Domain
Secondary Storage
Types of covert channels
47. The Biba Model adresses _____________________.
Orange Book - A1
Complex Instruction Set Computers (CISC)
C1 - Discrection Security Protection is a type of environment
The Integrity of data within applications
48. According to the Orange Book - trusted facility management is not required for which security levels?
The Monolithic Operation system Architecture
Security Policy is clearly defined and documented
B1
B3 - Security Domains
49. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
Execution Domain
Scalar processors
Thrashing
Simple Security Rule
50. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
All Mandatory Access Control (MAC) systems
B2 rating
Physical security
C2 - Controlled Access Protection
