Test your basic knowledge |

CISSP Security Architecture And Design

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.
Stored in Reak Memory
Simple Integrity Axiom
The Strong star property rule
A Layered Operating System Architecure

2. As per FDA data should be ______________________________.
Multitasking
Attributable - original - accurate - contemporaneous and legible
Need-to-know
Higher or equal to access class

3. A Policy based control. All objects and systems have a sensitivity level assigned to them
Mandatory Access Control (MAC)
Highly secure systems (B2 - B3 and A1)
Stored in Reak Memory
C2

4. All users have a clearance for and a formal need to know about - all data processed with the system.
Dedicated Security Mode
Be protected from modification
Virtual storage
Government and military applications

5. The *-Property rule is refered to as ____________.
The Common Criteria
Prevent secret information from being accessed
The *-Property rule (Star property)
The "No write Down" Rule

6. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
The Clark Wilson integrity model
Mandatory Access Control (MAC)
Integrity
Fail safe

7. Which can be used as a covert channel?
Controlling unauthorized downgrading of information
A Limit Register (Memory Management)
Mandatory access control
Storage and timing

8. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
C1
C1 - Discretionary Security Protection
Totality of protection mechanisms
The Tranqulity principle (The Bell-LaPadula Model)

9. Which is an ISO standard product evaluation criteria that supersedes several different criteria
The Biba Model
Clark-Wilson
The Common Criteria
Stored in Reak Memory

10. What access control technique is also known as multilevel security?
Sensitivity labels
The National Computer Security Center (NCSC)
Mandatory access control
The Thread (memory Management)

11. Verification Protection
Trusted facility management
A1
B2 - Structured Protection
Orange Book A

12. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
Compare the security labels
Controlling unauthorized downgrading of information
Labels - Orange Book
Assigned labels

13. The Bell-LaPadula Model is a _______________.
*-Integrity Axiom
Subject to Object Model
The Monolithic Operation system Architecture
attributability

14. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
Its classification label (Top Secret - Secret or confidential)
Multitasking
Orange Book - B3
The National Computer Security Center (NCSC)

15. Which increases the performance in a computer by overlapping the steps of different instructions?
The security perimeter
Pipelining
Virtual Memory
The rule is talking about "Reading"

16. The Policy must be explicit and well defined and enforced by the mechanisms within the system
Security Policy - Orange Book
Trusted hardware - Software and Firmware
Most commonly used approach
The trustworthiness of an information system

17. Bell-LaPadula Model -______________: A subject in a given security level can NOT WRITE information to a LOWER security level.
The trustworthiness of an information system
The *-Property rule (Star property)
Virtual Memory
Orange Book B

18. TCB contains The Security Kernel and all ______________.
security protection mechanisms
Virtual Memory
The Tranqulity principle (The Bell-LaPadula Model)
The Thread (memory Management)

19. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
B1 - Labeled Security
The National Computer Security Center (NCSC)
Division D - Minimal Protection
The security kernel

20. A type of memory used for High-speed writing and reading activities.
Cache Memory
Storage and timing
Protection Rings Support
Attributable - original - accurate - contemporaneous and legible

21. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.
The security kernel
C1 - Discrection Security Protection is a type of environment
Accreditation
Administrative declaration

22. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
Dedicated Security Mode
D
Complex Instruction Set Computers (CISC)
Attributable data

23. Bell-LaPadula model was proposed for enforcing access control in _____________________.
TCB (Trusted Computing Base)
Government and military applications
attributability
The Trusted Computing Base (TCB)

24. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?
The TCSEC - Aka Orange Book
Division B - Mandatory Protection Architecture
The rule is talking about "Reading"
The Common Criteria

25. Happen because input data is not checked for appropriate length at time of input
Buffer overflows
The National Computer Security Center (NCSC)
Orange Book A
Pagefile.sys file

26. Audit data must be captured and protected to enforce accountability
Life-cycle assurance - O/B
The trustworthiness of an information system
Accountability - Orange Book
Relative Addresses

27. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
Thrashing
Orange Book - B3
Types of covert channels
Division B - Mandatory Protection

28. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
B1
Swap Space
B3
Swap Space

29. Each data object must contain a classification label and each subject must have a clearance label.
Scalar processors
B1 - Labeled Security
Firmware
B1 - Labeled Security rating

30. In ______________ the subject must have: Need to Know for ALL the information contained within the system.
Compare the security labels
Process isolation
Dedicated Security Mode
Buffer overflows

31. Involves sharing the processor amoung all ready processes
Division D - Minimal Protection
System High Security Mode
Multitasking
Multilevel Security Policies

32. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.
Security mechanisms and evalautes their effectivenes
Continuous protection - O/B
The Biba Model
Constrained

33. The Availability - Integrity and confidentiality requirements of multitasking operating systems
Security Policy
Protection Rings Support
Swap Space
Trusted Products Evaluation Program (TPEP)

34. The Biba Model adresses _____________________.
Ring 1
D
The Integrity of data within applications
Firmware

35. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)
*-Integrity Axiom
C2 - Controlled Access Protection
Files - directories and devices
Trusted hardware - Software and Firmware

36. Data in Cache can be accessed much more quickly than Data
Fail safe
Direct Addressing
Orange Book - D
Stored in Reak Memory

37. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
All Mandatory Access Control (MAC) systems
Trusted Distribution
The Evaluated Products List (EPL) with their corresponding rating
Attributable - original - accurate - contemporaneous and legible

38. Which describe a condition when RAM and Secondary storage are used together?
Stored in Reak Memory
Virtual storage
Simple Integrity Axiom
Secondary Storage

39. The Red Book aka Trusted Network Interpretation (TNI) - provides _________________ for Trusted computer and communications network systems under the areas of assurance requirements
The "No read Up" rule
The Strong star property rule
The Common Criteria
Orange Book interpretations

40. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system
Primary storage
Files - directories and devices
Isolate processes
B2

41. The assignment of a specific individual to administer the security-related functions of a system.
Discretionary Security Property (ds-property)
The "No read Up" rule
No write down
Trusted facility management

42. The Security Model Incorporates the ____________ that should be enforced in the system.
B3 - Security Domains
The Rule is talking about writing
Security Policy
Its classification label (Top Secret - Secret or confidential)

43. What is called the formal acceptance of the adequacy of a system's overall security by management?
Evaluated separately
Direct addressing
Operational assurance requirements
Accreditation

44. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.
Real storage
Operational assurance requirements
All Mandatory Access Control (MAC) systems
The Trusted Computing Base (TCB)

45. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
Networks and Communications
Certification
security protection mechanisms
Trusted facility management

46. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
No write down
The security kernel
Direct addressing
Fail safe

47. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.
Orange Book - B1
Operational assurance requirements
Buffer (temporary data storage area)
Cache Memory

48. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
Models concerned with integrity
The Clark Wilson integrity model
The TCSEC - Aka Orange Book
Attributable data

49. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
C2
Scalar processors
Division B - Mandatory Protection Architecture
Evaluated separately

50. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
Clark-Wilson Model
The National Computer Security Center (NCSC)
Division B - Mandatory Protection Architecture
Orange Book A

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Major Subjects
Tests & Exams AP CLEP DSST GRE SAT GMAT	Certifications CISSP go to https://www.isc2.org/ PMP ITIL RHCE MCTS More...	IT Skills Android Programming Data Modeling Objective C Programming Basic Python Programming Adobe Illustrator More...	Business Skills Advertising Techniques Business Accounting Basics Business Strategy Human Resource Management Marketing Basics More...
Soft Skills Body Language People Skills Public Speaking Persuasion Job Hunting And Resumes More...	Vocabulary GRE Vocab SAT Vocab TOEFL Essential Vocab Basic English Words For All Global Words You Should Know Business English More...	Languages AP German Vocab AP Latin Vocab SAT Subject Test: French Italian Survival Norwegian Survival More...	Engineering Audio Engineering Computer Science Engineering Aerospace Engineering Chemical Engineering Structural Engineering More...
Health Sciences Basic Nursing Skills Health Science Language Fundamentals Veterinary Technology Medical Language Cardiology Clinical Surgery More...	English Grammar Fundamentals Literary And Rhetorical Vocab Elements Of Style Vocab Introduction To English Major Complete Advanced Sentences Literature Homonyms More...	Math Algebra Formulas Basic Arithmetic: Measurements Metric Conversions Geometric Properties Important Math Facts Number Sense Vocab Business Math More...	Other Major Subjects Science Economics History Law Performing-arts Cooking Logic & Reasoning Trivia

Test your basic knowledge |

CISSP Security Architecture And Design

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests

Major Subjects

Tests & Exams

Certifications

IT Skills

Business Skills

Soft Skills

Vocabulary

Languages

Engineering

Health Sciences

English

Math

Other Major Subjects

Browse all subjects

Browse all tests

Most popular tests