Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.






2. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.






3. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?






4. The C2 evaluation class of the _________________ offers controlled access protection.






5. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.






6. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.






7. The Biba Model adresses _____________________.






8. A1 is also called "Verified Design" and requires formal verification of the design and specifications.






9. Users need to be Identified individually to provide more precise acces control and auditing functionality.






10. Bell-LaPadula Model -______________: A subject in a given security level can NOT WRITE information to a LOWER security level.






11. In Access Control terms it means to be higher than or equal to. In the Bell-Lapadula Model - this is refered to as the dominance relation - which is the relationship of the subject's clearance to the object's classification

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


12. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?






13. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use






14. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?






15. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.






16. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?






17. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.






18. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.






19. Which is a straightforward approach that provides access rights to subjects for objects?






20. The Availability - Integrity and confidentiality requirements of multitasking operating systems






21. What prevents a process from accessing another process' data?






22. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.






23. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when






24. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.






25. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.






26. Which Orange Book evaluation level is described as "Discretionary Security Protection"?






27. Which TCSEC level first addresses object reuse?






28. Another word for Primary storage and distinguishes physical memory from virtual memory.






29. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.






30. In the Bell-LaPadula Model the Subject's Label contains ___________________.






31. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.






32. The Policy must be explicit and well defined and enforced by the mechanisms within the system






33. I/O drivers and utilities






34. Which uses Protection Profiles and Security Targets?






35. Involves sharing the processor amoung all ready processes






36. When the contents of the address defined in the program's instruction is added to that of an index register.






37. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.






38. What model use an access control triples and requires that the system maintain separation of duty ?






39. Intended for environments that require systems to handle classified data.






40. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?






41. The Simple Security rule is refered to as______________.






42. Requires more stringent authentication mechanisms and well-defined interfaces among layers.






43. Components considered as part of the Trusted Computing Base (from the Orange Book) are?






44. Permits a database to have two records that are identical except for Their classifications






45. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.






46. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object






47. As per FDA data should be ______________________________.






48. Each data object must contain a classification label and each subject must have a clearance label.






49. Mandatory Protection






50. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests