SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In the Bell-LaPadula Model the Subject's Label contains ___________________.
Its Clearance Label (Top Secret - Secret - or Confidential)
*-Integrity Axiom
The trustworthiness of an information system
Swap Space
2. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?
The TCSEC - Aka Orange Book
NOT Integrity
Controlling unauthorized downgrading of information
Networks and Communications
3. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)
Virtual Memory
Multitasking
Firmware
D
4. Which Orange Book evaluation level is described as "Discretionary Security Protection"?
Be protected from modification
A security domain
Accountability - Orange Book
C1
5. Subjects and Objects cannot change their security levels once they have been instantiated (created)
The Clark Wilson integrity model
The Tranqulity principle (The Bell-LaPadula Model)
The Red Book
Complex Instruction Set Computers (CISC)
6. Which addresses a portion of the primary memory by specifying the actual address of the memory location?
Direct Addressing
The rule is talking about "Reading"
B3
Orange Book - B2
7. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
Sensitivity labels
C1 - Discretionary Security Protection
The Simple Security Property
Certification
8. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
Orange Book interpretations
The Security Kernel
B3
Be protected from modification
9. TCSEC addresses Confidentiality - but _____________ . The TCSEC focuses mainly on one attribute of Security Confidentiality.
NOT Integrity
'Dominate'
Real storage
The "No write Down" Rule
10. Documentation must be provided - including test - design - and specification document - user guides and manuals
Examples of Layered Operating Systems
The *-Property rule (Star property)
Documentation - Orange Book
Security Policy - Orange Book
11. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
Prohibits
Mandatory Access Control (MAC)
Indirect addressing
B2 rating
12. TCB contains The Security Kernel and all ______________.
A Domain
Labels - Orange Book
security protection mechanisms
The National Computer Security Center (NCSC)
13. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.
NOT Integrity
The Monolithic Operation system Architecture
Execution Domain
A1
14. System Architecture that separates system functionality into Hierarchical layers
Most commonly used approach
Orange Book C
B2 - Structured Protection
A Layered Operating System Architecure
15. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
attributability
Security mechanisms and evalautes their effectivenes
The National Computer Security Center (NCSC)
All Mandatory Access Control (MAC) systems
16. Operating System Kernel
Continuous protection - O/B
Direct Addressing
Ring 0
Models concerned with integrity
17. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.
Labels - Orange Book
Simple Integrity Axiom
In C2 - Controlled Access Protection environment
First evaluation class
18. When the contents of the address defined in the program's instruction is added to that of an index register.
Higher or equal to access class
No read up
Certification
Indexed addressing
19. The first mathematical model of a multi-level security policy used to define the concept of a secure state - the modes of access - and rules for granting access?
Ring 1
Protection Rings Support
Bell-LaPadula Model
Firmware
20. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
Administrative declaration
C1
Division B - Mandatory Protection Architecture
Invocation Property
21. The TCB is the ________________ within a computer system that work together to enforce a security policy.
Totality of protection mechanisms
Mandatory access control
Ring 2
Multilevel Security Policies
22. When the RAM and secondary storage are combined the result is __________.
The Red Book
TCB (Trusted Computing Base)
B1 - Labeled Security
Virtual Memory
23. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.
A lattice of Intergrity Levels
Continuous protection - O/B
The Trusted Computing Base (TCB)
Orange Book - B1
24. The Bell-LaPadula Model is a _______________.
No write down
State machine model
Subject to Object Model
TCB (Trusted Computing Base)
25. Data in Cache can be accessed much more quickly than Data
Division B - Mandatory Protection Architecture
Stored in Reak Memory
Highly secure systems (B2 - B3 and A1)
Orange Book - D
26. In access control terms - the word "dominate" refers to ___________.
Invocation Property
Higher or equal to access class
B2
Process isolation
27. What does the * (star) property mean in the Bell-LaPadula model?
A security kernel
No write down
Trusted hardware - Software and Firmware
The Biba Model
28. Which TCSEC level first addresses object reuse?
Reduced Instruction Set Computers (RISC)
No read up
In C2 - Controlled Access Protection environment
C2
29. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.
Basic Security Theorem (used in computer science) definition
Security Policy is clearly defined and documented
Compare the security labels
Higher or equal to access class
30. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
Simple Integrity Axiom
Simple Security Rule
Trusted Distribution
Division C - Discretionary Protection
31. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
Division D - Minimal Protection
Access Matrix model
Simple Security Rule
Multitasking
32. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
Fail safe
Prevent secret information from being accessed
A security domain
Networks and Communications
33. What does the Clark-Wilson security model focus on
Integrity
Direct addressing
Models concerned with integrity
Cache Memory
34. When a computer uses more than one CPU in parallel to execute instructions is known as?
Orange Book - B3
Orange Book A
Multiprocessing
The Red Book
35. Which is a straightforward approach that provides access rights to subjects for objects?
Scalar processors
Access Matrix model
Mandatory access control
Secondary Storage
36. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
Evaluated separately
Programmable Read-Only Memory (PROM)
Multilevel Security Policies
A security kernel
37. Which is an ISO standard product evaluation criteria that supersedes several different criteria
Polyinstantiation
Life Cycle Assurance Requirement
The Common Criteria
International Standard 15408
38. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.
D
First evaluation class
Most commonly used approach
The Integrity of data within applications
39. The assignment of a specific individual to administer the security-related functions of a system.
Higher or equal to access class
Trusted facility management
Its classification label (Top Secret - Secret or confidential)
Division B - Mandatory Protection Architecture
40. The group that oversees the processes of evaluation within TCSEC is?
Erasable and Programmable Read-Only Memory (EPROM)
Virtual storage
Trusted Products Evaluation Program (TPEP)
Higher or equal to access class
41. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.
B3
Ring 1
The "No write Down" Rule
Orange Book - B2
42. Applications and user activity
Ring 3
Division B - Mandatory Protection Architecture
Clark-Wilson Model
Storage and timing
43. A domain of trust that shares a single security policy and single management
A security kernel
Compare the security labels
An abstract machine
A security domain
44. What is called the formal acceptance of the adequacy of a system's overall security by management?
The Evaluated Products List (EPL) with their corresponding rating
An abstract machine
Accreditation
Secondary Storage
45. Contains the ending address
Orange Book C
In C2 - Controlled Access Protection environment
A Limit Register (Memory Management)
Logical addresses
46. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?
Operational assurance requirements
B3
C2
Types of covert channels
47. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
An abstract machine
The Red Book
Stored in Reak Memory
B3 - Security Domains
48. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
C2
The security kernel
A Thread
Clark-Wilson Model
49. The Orange book requires protection against two_____________ - which are these Timing and Storage
Ring 1
Sensitivity labels
Ring 0
Types of covert channels
50. Which would be designated as objects on a MAC system?
Government and military applications
Files - directories and devices
Virtual storage
B2