Test your basic knowledge |

CISSP Security Architecture And Design

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?
Operational assurance requirements
Prohibits
Division C - Discretionary Protection
B3

2. In both the Bell-LaPadula and Biba Models if the word "* or Star is used - _______________.
The Rule is talking about writing
Orange Book - B3
A Thread
Certification

3. Documentation must be provided - including test - design - and specification document - user guides and manuals
Documentation - Orange Book
Labels - Orange Book
A1 - Rating
Indexed addressing

4. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.
B1 - Labeled Security
System High Security Mode
Execution Domain
Pagefile.sys file

5. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu
Security Policy is clearly defined and documented
Orange Book - B3
Disclosure of residual data
International Standard 15408

6. When a vendor submits a product for evaluation - it submits it to the ____________.
Orange Book B
Sensitivity labels
The National Computer Security Center (NCSC)
Reduced Instruction Set Computers (RISC)

7. Which increases the performance in a computer by overlapping the steps of different instructions?
Multitasking
The National Computer Security Center (NCSC)
Orange Book - D
Pipelining

8. Execute one instruction at a time.
Access control to the objects by the subjects
Need-to-know
The TCSEC - Aka Orange Book
Scalar processors

9. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.
Models concerned with integrity
B3 - Rating
The security perimeter
Indexed addressing

10. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle
Types of covert channels
Ring 0
Models concerned with integrity
Complex Instruction Set Computers (CISC)

11. The Indexed memory addresses that software uses
Polyinstantiation
Administrative declaration
A Layered Operating System Architecure
Logical addresses

12. Contains an Address of where the instruction and dara reside that need to be processed.
Need-to-know
The Thread (memory Management)
Attributable - original - accurate - contemporaneous and legible
Mandatory access control

13. The C2 evaluation class of the _________________ offers controlled access protection.
Trusted Network Interpretation (TNI)
Dedicated Security Mode
Access Matrix model
Direct addressing

14. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"
Simple Integrity Axiom
Implement software or systems in a production environment
The *-Property rule (Star property)
Covert channels

15. I/O drivers and utilities
Need-to-know
Complex Instruction Set Computers (CISC)
No read down
Ring 2

16. Audit data must be captured and protected to enforce accountability
A Thread
Accountability - Orange Book
Constrained
Fail safe

17. Which can be used as a covert channel?
Simple Security Rule
Orange Book - A1
Storage and timing
Clark-Wilson Model

18. The total combination of protection mechanisms within a computer system
Attributable - original - accurate - contemporaneous and legible
TCB (Trusted Computing Base)
The Strong star property rule
NOT Integrity

19. The Physical memory address that the CPU uses
The *-Property rule (Star property)
Absolute addresses
The Integrity of data within applications
Orange Book - B3

20. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.
Dedicated Security Mode
The Strong star property rule
Trusted hardware - Software and Firmware
Division D - Minimal Protection

21. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.
Buffer overflows
Isolate processes
A lattice of Intergrity Levels
In C2 - Controlled Access Protection environment

22. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
Trusted Distribution
A and B
The "No write Down" Rule
Compare the security labels

23. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Firmware
Buffer overflows
Trusted Distribution

24. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object
Subject to Object Model
Access control to the objects by the subjects
Indirect addressing
Buffer (temporary data storage area)

25. A Policy based control. All objects and systems have a sensitivity level assigned to them
A1
Disclosure of residual data
Mandatory Access Control (MAC)
Implement software or systems in a production environment

26. Succesfully Evaluated products are placed on?
Its Clearance Label (Top Secret - Secret - or Confidential)
The Evaluated Products List (EPL) with their corresponding rating
TCB (Trusted Computing Base)
Indexed addressing

27. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
Trusted Network Interpretation (TNI)
B3 - Security Domains
The reference monitor
B1

28. The reserved hard drive space used to Extend RAM capabilities. Windows system use the pagefile.sys file to reserve this space
The Monolithic Operation system Architecture
Swap Space
B3
Simple Integrity Axiom

29. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
The trustworthiness of an information system
The reference monitor
The "No write Down" Rule
A security domain

30. Happen because input data is not checked for appropriate length at time of input
Execution Domain
Prohibits
Buffer overflows
B1 - Labeled Security rating

31. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.
C2
attributability
In C2 - Controlled Access Protection environment
Controls the checks

32. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
C2
A and B
Secondary Storage
B3

33. The Simple Security rule is refered to as______________.
Evaluated separately
Administrative declaration
The "No read Up" rule
The Strong star property rule

34. TCSEC provides a means to evaluate ______________________.
Clark-Wilson
B3 - Rating
Networks and Communications
The trustworthiness of an information system

35. The Bell-LaPadula model Subjects and Objects are ___________.
Assigned labels
First evaluation class
Orange Book - B2
Isolate processes

36. What access control technique is also known as multilevel security?
*-Integrity Axiom
Mandatory access control
Security mechanisms and evalautes their effectivenes
Basic Security Theorem (used in computer science) definition

37. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.
Erasable and Programmable Read-Only Memory (EPROM)
Programmable Read-Only Memory (PROM)
A Domain
Its classification label (Top Secret - Secret or confidential)

38. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
Erasable and Programmable Read-Only Memory (EPROM)
No read down
The Trusted Computing Base (TCB)
B3

39. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
B3
D
The Tranqulity principle (The Bell-LaPadula Model)
Discretionary Security Property (ds-property)

40. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.
B1
Life-cycle assurance - O/B
Most commonly used approach
Totality of protection mechanisms

41. When the address location that is specified in the program instruction contains the address of the final desired location.
Indirect addressing
Administrative declaration
The Tranqulity principle (The Bell-LaPadula Model)
Buffer overflows

42. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
The "No write Down" Rule
Orange Book C
Division D - Minimal Protection
Controls the checks

43. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.
Administrative declaration
security protection mechanisms
Orange Book - B2
Division C - Discretionary Protection

44. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.
Physical security
A single classification and a Compartment Set
C1 - Discretionary Security Protection
C2 - Controlled Access Protection

45. Operating System Kernel
Primary storage
Administrative declaration
Ring 0
Real storage

46. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
Higher or equal to access class
Most commonly used approach
Prohibits
The Rule is talking about writing

47. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
The Thread (memory Management)
Be protected from modification
No read up
Trusted facility management

48. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
Division D - Minimal Protection
Labels - Orange Book
Controls the checks
Implement software or systems in a production environment

49. Which Orange Book evaluation level is described as "Discretionary Security Protection"?
Certification
Orange Book - B2
Ring 0
C1

50. Which would be designated as objects on a MAC system?
Files - directories and devices
Swap Space
Mandatory access control
Subject to Object Model

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Major Subjects
Tests & Exams AP CLEP DSST GRE SAT GMAT	Certifications CISSP go to https://www.isc2.org/ PMP ITIL RHCE MCTS More...	IT Skills Android Programming Data Modeling Objective C Programming Basic Python Programming Adobe Illustrator More...	Business Skills Advertising Techniques Business Accounting Basics Business Strategy Human Resource Management Marketing Basics More...
Soft Skills Body Language People Skills Public Speaking Persuasion Job Hunting And Resumes More...	Vocabulary GRE Vocab SAT Vocab TOEFL Essential Vocab Basic English Words For All Global Words You Should Know Business English More...	Languages AP German Vocab AP Latin Vocab SAT Subject Test: French Italian Survival Norwegian Survival More...	Engineering Audio Engineering Computer Science Engineering Aerospace Engineering Chemical Engineering Structural Engineering More...
Health Sciences Basic Nursing Skills Health Science Language Fundamentals Veterinary Technology Medical Language Cardiology Clinical Surgery More...	English Grammar Fundamentals Literary And Rhetorical Vocab Elements Of Style Vocab Introduction To English Major Complete Advanced Sentences Literature Homonyms More...	Math Algebra Formulas Basic Arithmetic: Measurements Metric Conversions Geometric Properties Important Math Facts Number Sense Vocab Business Math More...	Other Major Subjects Science Economics History Law Performing-arts Cooking Logic & Reasoning Trivia

Test your basic knowledge |

CISSP Security Architecture And Design

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests

Major Subjects

Tests & Exams

Certifications

IT Skills

Business Skills

Soft Skills

Vocabulary

Languages

Engineering

Health Sciences

English

Math

Other Major Subjects

Browse all subjects

Browse all tests

Most popular tests