Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.






2. Remaining parts of the operating system






3. Execute one instruction at a time.






4. In both the Bell-LaPadula and Biba Models if the word "* or Star is used - _______________.






5. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.






6. The assignment of a specific individual to administer the security-related functions of a system.






7. What model use an access control triples and requires that the system maintain separation of duty ?






8. Security Labels are not required until __________; thus C2 does not require security labels but B1 does






9. TCB contains The Security Kernel and all ______________.






10. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.






11. A set of objects that a subject is able to access






12. Which Orange Book evaluation level is described as "Verified Design"?






13. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.






14. The TCB is the ________________ within a computer system that work together to enforce a security policy.






15. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu






16. Bell-LaPadula model was proposed for enforcing access control in _____________________.






17. The Red Book aka Trusted Network Interpretation (TNI) - provides _________________ for Trusted computer and communications network systems under the areas of assurance requirements






18. Individual subjects must be uniquely identified.






19. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.






20. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection






21. Data in Cache can be accessed much more quickly than Data






22. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.






23. System Architecture that separates system functionality into Hierarchical layers






24. Verification Protection






25. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?






26. What is called the formal acceptance of the adequacy of a system's overall security by management?






27. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards






28. What does the simple integrity axiom mean in the Biba model?






29. When a vendor submits a product for evaluation - it submits it to the ____________.






30. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?






31. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.






32. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)






33. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.






34. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain






35. Using TPs (Transformation Procedures) to modify CDIs (Constrained Data) items is refered to as Well-Formed transaction






36. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?






37. The first mathematical model of a multi-level security policy used to define the concept of a secure state - the modes of access - and rules for granting access?






38. I/O drivers and utilities






39. The reserved hard drive space used to Extend RAM capabilities. Windows system use the pagefile.sys file to reserve this space






40. Involves sharing the processor amoung all ready processes






41. Contains the beginning address






42. Mandatory Access requires that _____________ be attached to all objects.






43. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity






44. For a subject to have read access to an object in a Multi-Level Security Policy - it is necessary that the subject's sensitivity label must ____________________.


45. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.






46. Contains the ending address






47. TCSEC provides a means to evaluate ______________________.






48. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?






49. Should always trace to individuals responsible for observing and recording the data






50. The Availability - Integrity and confidentiality requirements of multitasking operating systems