SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
Controlling unauthorized downgrading of information
Overt channel
Operational assurance requirements
Subject to Object Model
2. Discretionary protection
Orange Book C
A1 - Rating
Clark-Wilson Model
Mandatory Access Control (MAC)
3. Applications and user activity
The Biba Model
Higher or equal to access class
Multilevel Security Policies
Ring 3
4. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
First evaluation class
Prohibits
Accreditation
International Standard 15408
5. Based on a known address with an offset value applied.
Evaluated separately
A Layered Operating System Architecure
C1
Relative Addresses
6. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?
Accreditation
Direct Addressing
B3
Execution Domain
7. Which can be used as a covert channel?
Storage and timing
A and B
The reference monitor
Security mechanisms and evalautes their effectivenes
8. TCSEC provides a means to evaluate ______________________.
Networks and Communications
The trustworthiness of an information system
Security mechanisms and evalautes their effectivenes
Accreditation
9. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.
Multitasking
Orange Book - D
Buffer (temporary data storage area)
NOT Integrity
10. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
The security perimeter
A security domain
Dedicated Security Mode
Security Policy
11. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
Be protected from modification
The Red Book
Swap Space
System High Security Mode
12. When the contents of the address defined in the program's instruction is added to that of an index register.
Scalar processors
Indexed addressing
Attributable data
B1 - Labeled Security rating
13. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?
First evaluation class
Be protected from modification
Division B - Mandatory Protection Architecture
Fail safe
14. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
A security kernel
Division B - Mandatory Protection
Be protected from modification
Swap Space
15. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma
Sensitivity labels
*-Integrity Axiom
Discretionary Security Property (ds-property)
In C2 - Controlled Access Protection environment
16. Individual subjects must be uniquely identified.
In C2 - Controlled Access Protection environment
No write down
Trusted Network Interpretation (TNI)
Identification - Orange Book
17. When a portion of primary memory is accessed by specifying the actual address of the memory location
Erasable and Programmable Read-Only Memory (EPROM)
Multilevel Security Policies
Swap Space
Direct addressing
18. System Architecture that separates system functionality into Hierarchical layers
The National Computer Security Center (NCSC)
Orange Book - D
The Biba Model
A Layered Operating System Architecure
19. Components considered as part of the Trusted Computing Base (from the Orange Book) are?
Virtual storage
Security Policy - Orange Book
Trusted hardware - Software and Firmware
Physical security
20. The Biba Model adresses _____________________.
Highly secure systems (B2 - B3 and A1)
A Domain
The Integrity of data within applications
Orange Book - B2
21. The C2 evaluation class of the _________________ offers controlled access protection.
Trusted Network Interpretation (TNI)
B1 - Labeled Security rating
Networks and Communications
Invocation Property
22. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards
C1 - Discretionary Security Protection
Administrative declaration
security protection mechanisms
Division B - Mandatory Protection Architecture
23. Certification is a Technical review that assesses the _____________ - where as Accreditation is management's Official acceptance of the information in the Certification process findings.
A security domain
B3
Security mechanisms and evalautes their effectivenes
C2
24. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
Orange Book - B3
C2 - Controlled Access Protection
The Common Criteria
Files - directories and devices
25. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?
Polyinstantiation
Disclosure of residual data
Trusted Products Evaluation Program (TPEP)
Types of covert channels
26. The security kernel is the mechanism that _____________ of the reference monitor concept.
Enforces the rules
security protection mechanisms
Basic Security Theorem (used in computer science) definition
Assigned labels
27. I/O drivers and utilities
Trusted Distribution
Pagefile.sys file
Types of covert channels
Ring 2
28. A type of memory used for High-speed writing and reading activities.
Security mechanisms and evalautes their effectivenes
Complex Instruction Set Computers (CISC)
Cache Memory
A security domain
29. Users need to be Identified individually to provide more precise acces control and auditing functionality.
Trusted Products Evaluation Program (TPEP)
The Rule is talking about writing
C2 - Controlled Access Protection
C2
30. Execute one instruction at a time.
Scalar processors
Security mechanisms and evalautes their effectivenes
Orange Book ratings
Covert channels
31. Trusted facility management is an assurance requirement only for ________________.
Totality of protection mechanisms
Subject to Object Model
Firmware
Highly secure systems (B2 - B3 and A1)
32. Used by Windows systems to reserve the "Swap Space"
Pagefile.sys file
A Limit Register (Memory Management)
Attributable - original - accurate - contemporaneous and legible
No read down
33. Bell-LaPadula model was proposed for enforcing access control in _____________________.
Operational assurance requirements
Attributable data
Government and military applications
Documentation - Orange Book
34. Each data object must contain a classification label and each subject must have a clearance label.
A Domain
B1 - Labeled Security
Labels - Orange Book
Totality of protection mechanisms
35. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
Execution Domain
A security kernel
The Rule is talking about writing
Overt channel
36. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
Orange Book - B3
The Rule is talking about writing
C2
Thrashing
37. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
B3
Indirect addressing
Implement software or systems in a production environment
Disclosure of residual data
38. Which Orange Book evaluation level is described as "Verified Design"?
Overt channel
A1
Subject to Object Model
Types of covert channels
39. A domain of trust that shares a single security policy and single management
The TCSEC - Aka Orange Book
Dedicated Security Mode
A security domain
B1
40. The Policy must be explicit and well defined and enforced by the mechanisms within the system
A Limit Register (Memory Management)
Multilevel Security Policies
security protection mechanisms
Security Policy - Orange Book
41. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.
The Clark Wilson integrity model
C2 - Controlled Access Protection
Integrity
Execution Domain
42. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
A and B
Scalar processors
The National Computer Security Center (NCSC)
Clark-Wilson
43. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m
C2 - Controlled Access Protection
A Limit Register (Memory Management)
A lattice of Intergrity Levels
The Simple Security Property
44. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system
Virtual storage
Isolate processes
D
The rule is talking about "Reading"
45. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.
B3 - Rating
Prevent secret information from being accessed
Scalar processors
Programmable Read-Only Memory (PROM)
46. A1 is also called "Verified Design" and requires formal verification of the design and specifications.
Orange Book - B2
A single classification and a Compartment Set
Orange Book - A1
Files - directories and devices
47. According to the Orange Book - trusted facility management is not required for which security levels?
No read down
Orange Book - A1
B1
The National Computer Security Center (NCSC)
48. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
The Clark Wilson integrity model
A Base Register (Memory Management)
Direct Addressing
Simple Security Rule
49. Which is an ISO standard product evaluation criteria that supersedes several different criteria
Models concerned with integrity
The Common Criteria
Stored in Reak Memory
'Dominate'
50. The first mathematical model of a multi-level security policy used to define the concept of a secure state - the modes of access - and rules for granting access?
Isolate processes
Bell-LaPadula Model
attributability
Trusted Network Interpretation (TNI)
