Test your basic knowledge |

CISSP Security Architecture And Design

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
Virtual Memory
B2 rating
The security kernel
Certification

2. In the Bell-LaPadula Model the Subject's Label contains ___________________.
The Simple Security Property
Its Clearance Label (Top Secret - Secret - or Confidential)
Real storage
An abstract machine

3. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
Mandatory access control
International Standard 15408
D
C1 - Discretionary Security Protection

4. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
The "No write Down" Rule
A Limit Register (Memory Management)
The Monolithic Operation system Architecture
Prohibits

5. Components considered as part of the Trusted Computing Base (from the Orange Book) are?
A1
The Simple Security Property
Trusted hardware - Software and Firmware
Need-to-know

6. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
Orange Book - B3
B2 - Structured Protection
Reduced Instruction Set Computers (RISC)
Security Policy - Orange Book

7. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
Security Policy - Orange Book
A and B
The Common Criteria
C1 - Discretionary Security Protection

8. The TCB is the ________________ within a computer system that work together to enforce a security policy.
Orange Book interpretations
B1
Multitasking
Totality of protection mechanisms

9. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
Controls the checks
C1
Ring 2
System High Security Mode

10. In the Bell-LaPadula Model the Object's Label contains ___________________.
Accountability - Orange Book
Its classification label (Top Secret - Secret or confidential)
Access control to the objects by the subjects
Sensitivity labels

11. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.
Compare the security labels
Types of covert channels
Operational assurance requirements
Division D - Minimal Protection

12. Data in Cache can be accessed much more quickly than Data
Ring 3
Controlling unauthorized downgrading of information
Protection Rings Support
Stored in Reak Memory

13. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
Examples of Layered Operating Systems
The Biba Model
Invocation Property
Trusted Distribution

14. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
In C2 - Controlled Access Protection environment
Division D - Minimal Protection
B2
The Strong star property rule

15. The assignment of a specific individual to administer the security-related functions of a system.
B1 - Labeled Security
Documentation - Orange Book
Trusted facility management
Controlling unauthorized downgrading of information

16. When a portion of primary memory is accessed by specifying the actual address of the memory location
Disclosure of residual data
Security rating B
Ring 2
Direct addressing

17. Permits a database to have two records that are identical except for Their classifications
Polyinstantiation
The Thread (memory Management)
Orange Book B
A Base Register (Memory Management)

18. Used by Windows systems to reserve the "Swap Space"
Attributable data
The Evaluated Products List (EPL) with their corresponding rating
Orange Book - B3
Pagefile.sys file

19. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.
Stored in Reak Memory
Ring 0
Physical security
C2 - Controlled Access Protection

20. The C2 evaluation class of the _________________ offers controlled access protection.
Security mechanisms and evalautes their effectivenes
Cache Memory
Virtual Memory
Trusted Network Interpretation (TNI)

21. TCSEC provides a means to evaluate ______________________.
The trustworthiness of an information system
Controls the checks
Cache Memory
Multitasking

22. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
A1 - Rating
The security kernel
Programmable Read-Only Memory (PROM)
Indirect addressing

23. Mandatory access control is enfored by the use of security labels.
Buffer (temporary data storage area)
Division B - Mandatory Protection
Attributable data
Simple Security Rule

24. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma
Operational assurance requirements
Stored in Reak Memory
Discretionary Security Property (ds-property)
A1 - Rating

25. In both the Bell-LaPadula and Biba Models if the word "* or Star is used - _______________.
Pagefile.sys file
NOT Integrity
The Rule is talking about writing
Orange Book C

26. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
Attributable data
Real storage
A1 - Rating
The Evaluated Products List (EPL) with their corresponding rating

27. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
Be protected from modification
Integrity
Need-to-know
Documentation - Orange Book

28. For a subject to have read access to an object in a Multi-Level Security Policy - it is necessary that the subject's sensitivity label must ____________________.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

29. Subjects and Objects cannot change their security levels once they have been instantiated (created)
The Tranqulity principle (The Bell-LaPadula Model)
Multilevel Security Policies
C1
Its Clearance Label (Top Secret - Secret - or Confidential)

30. As per FDA data should be ______________________________.
Absolute addresses
The Evaluated Products List (EPL) with their corresponding rating
Attributable - original - accurate - contemporaneous and legible
Controlling unauthorized downgrading of information

31. Which can be used as a covert channel?
Storage and timing
TCB (Trusted Computing Base)
Division C - Discretionary Protection
Relative Addresses

32. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
Models concerned with integrity
Virtual storage
Virtual Memory
Mandatory access control

33. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
Ring 2
Labels - Orange Book
Indexed addressing
C1 - Discretionary Security Protection

34. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
Certification
Basic Security Theorem (used in computer science) definition
A security kernel
Trusted hardware - Software and Firmware

35. Using TPs (Transformation Procedures) to modify CDIs (Constrained Data) items is refered to as Well-Formed transaction
Clark-Wilson Model
A1
D
Mandatory Access Control (MAC)

36. Contains the beginning address
Multilevel Security Policies
A Base Register (Memory Management)
No read up
Fail safe

37. Another word for Primary storage and distinguishes physical memory from virtual memory.
Trusted Products Evaluation Program (TPEP)
Invocation Property
Real storage
Operational assurance requirements

38. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
C2 - Controlled Access Protection
B3
A lattice of Intergrity Levels
Most commonly used approach

39. Involves sharing the processor amoung all ready processes
B2 rating
Multitasking
The Tranqulity principle (The Bell-LaPadula Model)
Certification

40. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
Division B - Mandatory Protection Architecture
Evaluated separately
B2 rating
Trusted Distribution

41. All users have a clearance for and a formal need to know about - all data processed with the system.
Dedicated Security Mode
D
No read up
State machine model

42. The combination of RAM - Cache and the Processor Registers
All Mandatory Access Control (MAC) systems
Primary storage
The Tranqulity principle (The Bell-LaPadula Model)
Pagefile.sys file

43. The Security Model Incorporates the ____________ that should be enforced in the system.
Security Policy
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Assigned labels
The *-Property rule (Star property)

44. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Basic Security Theorem (used in computer science) definition
B3
Evaluated separately
Scalar processors

45. Which would be designated as objects on a MAC system?
Security mechanisms and evalautes their effectivenes
Access control to the objects by the subjects
C1
Files - directories and devices

46. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
All Mandatory Access Control (MAC) systems
Controls the checks
Programmable Read-Only Memory (PROM)
Mandatory Access Control (MAC)

47. In Access Control terms it means to be higher than or equal to. In the Bell-Lapadula Model - this is refered to as the dominance relation - which is the relationship of the subject's clearance to the object's classification

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

48. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
Prevent secret information from being accessed
Its classification label (Top Secret - Secret or confidential)
Need-to-know
Division D - Minimal Protection

49. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.
Orange Book - A1
The Trusted Computing Base (TCB)
B3 - Rating
Buffer overflows

50. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
Models concerned with integrity
The security perimeter
Dedicated Security Mode
Virtual Memory

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Major Subjects
Tests & Exams AP CLEP DSST GRE SAT GMAT	Certifications CISSP go to https://www.isc2.org/ PMP ITIL RHCE MCTS More...	IT Skills Android Programming Data Modeling Objective C Programming Basic Python Programming Adobe Illustrator More...	Business Skills Advertising Techniques Business Accounting Basics Business Strategy Human Resource Management Marketing Basics More...
Soft Skills Body Language People Skills Public Speaking Persuasion Job Hunting And Resumes More...	Vocabulary GRE Vocab SAT Vocab TOEFL Essential Vocab Basic English Words For All Global Words You Should Know Business English More...	Languages AP German Vocab AP Latin Vocab SAT Subject Test: French Italian Survival Norwegian Survival More...	Engineering Audio Engineering Computer Science Engineering Aerospace Engineering Chemical Engineering Structural Engineering More...
Health Sciences Basic Nursing Skills Health Science Language Fundamentals Veterinary Technology Medical Language Cardiology Clinical Surgery More...	English Grammar Fundamentals Literary And Rhetorical Vocab Elements Of Style Vocab Introduction To English Major Complete Advanced Sentences Literature Homonyms More...	Math Algebra Formulas Basic Arithmetic: Measurements Metric Conversions Geometric Properties Important Math Facts Number Sense Vocab Business Math More...	Other Major Subjects Science Economics History Law Performing-arts Cooking Logic & Reasoning Trivia

Test your basic knowledge |

CISSP Security Architecture And Design

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests

Major Subjects

Tests & Exams

Certifications

IT Skills

Business Skills

Soft Skills

Vocabulary

Languages

Engineering

Health Sciences

English

Math

Other Major Subjects

Browse all subjects

Browse all tests

Most popular tests