SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. When a computer uses more than one CPU in parallel to execute instructions is known as?
Multiprocessing
Operational assurance requirements
Most commonly used approach
A security kernel
2. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
Security Policy is clearly defined and documented
The security perimeter
B3
Government and military applications
3. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle
A Limit Register (Memory Management)
The National Computer Security Center (NCSC)
Division B - Mandatory Protection Architecture
Complex Instruction Set Computers (CISC)
4. The security kernel is the mechanism that _____________ of the reference monitor concept.
Overt channel
Compare the security labels
Security Policy is clearly defined and documented
Enforces the rules
5. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs
Its Clearance Label (Top Secret - Secret - or Confidential)
Most commonly used approach
Trusted Products Evaluation Program (TPEP)
Secondary Storage
6. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
A single classification and a Compartment Set
Evaluated separately
Controlling unauthorized downgrading of information
Attributable data
7. Which Orange Book evaluation level is described as "Verified Design"?
C2
Indirect addressing
Orange Book A
A1
8. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
Orange Book B
C1 - Discretionary Security Protection
C2 - Controlled Access Protection
Direct Addressing
9. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
Enforces the rules
Scalar processors
Ring 3
Thrashing
10. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.
Multiprocessing
Cache Memory
No write down
The Strong star property rule
11. Subjects and Objects cannot change their security levels once they have been instantiated (created)
*-Integrity Axiom
The Tranqulity principle (The Bell-LaPadula Model)
Pipelining
Programmable Read-Only Memory (PROM)
12. In the Bell-LaPadula Model the Object's Label contains ___________________.
Compare the security labels
Its classification label (Top Secret - Secret or confidential)
Controls the checks
Orange Book - B3
13. Another word for Primary storage and distinguishes physical memory from virtual memory.
Swap Space
Real storage
A Limit Register (Memory Management)
Trusted facility management
14. The C2 evaluation class of the _________________ offers controlled access protection.
B1 - Labeled Security rating
Protection Rings Support
Certification
Trusted Network Interpretation (TNI)
15. A type of memory used for High-speed writing and reading activities.
First evaluation class
In C2 - Controlled Access Protection environment
Relative Addresses
Cache Memory
16. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.
Real storage
Basic Security Theorem (used in computer science) definition
Controlling unauthorized downgrading of information
B2 - Structured Protection
17. Used by Windows systems to reserve the "Swap Space"
Pagefile.sys file
The Simple Security Property
Discretionary Security Property (ds-property)
The TCSEC - Aka Orange Book
18. Which increases the performance in a computer by overlapping the steps of different instructions?
Covert channels
Stored in Reak Memory
Security Policy - Orange Book
Pipelining
19. What does the simple integrity axiom mean in the Biba model?
Protection Rings Support
No read down
Programmable Read-Only Memory (PROM)
C1 - Discretionary Security Protection
20. The Bell-LaPadula Model is a _______________.
B2
Subject to Object Model
Prevent secret information from being accessed
A security domain
21. The combination of RAM - Cache and the Processor Registers
The "No read Up" rule
Models concerned with integrity
Primary storage
Pagefile.sys file
22. The TCB is the ________________ within a computer system that work together to enforce a security policy.
Totality of protection mechanisms
Trusted Distribution
Buffer (temporary data storage area)
In C2 - Controlled Access Protection environment
23. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.
*-Integrity Axiom
Continuous protection - O/B
B2 rating
'Dominate'
24. In Access Control terms it means to be higher than or equal to. In the Bell-Lapadula Model - this is refered to as the dominance relation - which is the relationship of the subject's clearance to the object's classification
25. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
Evaluated separately
Prohibits
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Division D - Minimal Protection
26. Which TCSEC level first addresses object reuse?
Enforces the rules
Life Cycle Assurance Requirement
Real storage
C2
27. Succesfully Evaluated products are placed on?
The Evaluated Products List (EPL) with their corresponding rating
Process isolation
Cache Memory
The "No write Down" Rule
28. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain
Virtual Memory
Constrained
Assigned labels
Ring 1
29. Which can be used as a covert channel?
Evaluated separately
The National Computer Security Center (NCSC)
The reference monitor
Storage and timing
30. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
Firmware
Most commonly used approach
Prevent secret information from being accessed
A Limit Register (Memory Management)
31. A set of objects that a subject is able to access
Enforces the rules
A Domain
Absolute addresses
Files - directories and devices
32. The *-Property rule is refered to as ____________.
B1 - Labeled Security rating
A security domain
C1
The "No write Down" Rule
33. When the address location that is specified in the program instruction contains the address of the final desired location.
Implement software or systems in a production environment
Indirect addressing
A security kernel
B2 - Structured Protection
34. Which is an ISO standard product evaluation criteria that supersedes several different criteria
Scalar processors
The Common Criteria
The Simple Security Property
The TCSEC - Aka Orange Book
35. What does the Clark-Wilson security model focus on
B1
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Orange Book ratings
Integrity
36. The Biba Model adresses _____________________.
The Integrity of data within applications
Orange Book - D
Orange Book A
Examples of Layered Operating Systems
37. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
Relative Addresses
Division C - Discretionary Protection
TCB (Trusted Computing Base)
Mandatory Access Control (MAC)
38. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
C2
Life Cycle Assurance Requirement
TCB (Trusted Computing Base)
C2 - Controlled Access Protection
39. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.
C2 - Controlled Access Protection
The Trusted Computing Base (TCB)
Orange Book - B1
C1 - Discretionary Security Protection
40. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.
attributability
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Thrashing
The Biba Model
41. Contains the beginning address
A Base Register (Memory Management)
The Biba Model
Assigned labels
The Simple Security Property
42. In access control terms - the word "dominate" refers to ___________.
The TCSEC - Aka Orange Book
C2
B1 - Labeled Security
Higher or equal to access class
43. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?
Fail safe
A and B
Disclosure of residual data
Mandatory Access Control (MAC)
44. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
Pipelining
Trusted Distribution
The rule is talking about "Reading"
Identification - Orange Book
45. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
A security kernel
The "No write Down" Rule
The Strong star property rule
Trusted facility management
46. I/O drivers and utilities
The Common Criteria
Process isolation
The security perimeter
Ring 2
47. The Indexed memory addresses that software uses
The Biba Model
All Mandatory Access Control (MAC) systems
Logical addresses
The Integrity of data within applications
48. A domain of trust that shares a single security policy and single management
Higher or equal to access class
Its Clearance Label (Top Secret - Secret - or Confidential)
A security domain
Indexed addressing
49. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
Life-cycle assurance - O/B
Higher or equal to access class
Dedicated Security Mode
Trusted facility management
50. Which is a straightforward approach that provides access rights to subjects for objects?
Sensitivity labels
Higher or equal to access class
Access Matrix model
Evaluated separately