SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.
Dedicated Security Mode
attributability
Attributable data
In C2 - Controlled Access Protection environment
2. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.
Storage and timing
Controls the checks
C1 - Discrection Security Protection is a type of environment
Controlling unauthorized downgrading of information
3. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
Prohibits
Orange Book - A1
Absolute addresses
The security kernel
4. Trusted facility management is an assurance requirement only for ________________.
Attributable data
No write down
A Limit Register (Memory Management)
Highly secure systems (B2 - B3 and A1)
5. The TCB is the ________________ within a computer system that work together to enforce a security policy.
Pipelining
Totality of protection mechanisms
The rule is talking about "Reading"
A lattice of Intergrity Levels
6. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.
Most commonly used approach
Pipelining
Simple Security Rule
Secondary Storage
7. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?
Be protected from modification
Disclosure of residual data
Its Clearance Label (Top Secret - Secret - or Confidential)
Ring 3
8. The subject must have Need to Know for ONLY the information they are trying to access.
Cache Memory
System High Security Mode
A Domain
Isolate processes
9. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.
C2 - Controlled Access Protection
First evaluation class
Fail safe
The Common Criteria
10. TCB contains The Security Kernel and all ______________.
Erasable and Programmable Read-Only Memory (EPROM)
Process isolation
The "No read Up" rule
security protection mechanisms
11. Which would be designated as objects on a MAC system?
First evaluation class
Disclosure of residual data
Files - directories and devices
A Layered Operating System Architecure
12. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.
No write down
Ring 2
The Biba Model
Simple Security Rule
13. A system uses the Reference Monitor to ___________________ of a subject and an object?
B2
The Rule is talking about writing
Overt channel
Compare the security labels
14. In access control terms - the word "dominate" refers to ___________.
The National Computer Security Center (NCSC)
B3
Higher or equal to access class
Highly secure systems (B2 - B3 and A1)
15. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
A lattice of Intergrity Levels
In C2 - Controlled Access Protection environment
A Base Register (Memory Management)
B3 - Security Domains
16. TCSEC provides a means to evaluate ______________________.
Discretionary Security Property (ds-property)
C2 - Controlled Access Protection
The trustworthiness of an information system
Division B - Mandatory Protection
17. Bell-LaPadula Model -______________: A subject in a given security level can NOT WRITE information to a LOWER security level.
No read up
Networks and Communications
The *-Property rule (Star property)
The TCSEC - Aka Orange Book
18. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?
Ring 2
Examples of Layered Operating Systems
Fail safe
Polyinstantiation
19. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
Overt channel
B3
Highly secure systems (B2 - B3 and A1)
Higher or equal to access class
20. In Access Control terms it means to be higher than or equal to. In the Bell-Lapadula Model - this is refered to as the dominance relation - which is the relationship of the subject's clearance to the object's classification
21. The total combination of protection mechanisms within a computer system
TCB (Trusted Computing Base)
No read up
Ring 2
The TCSEC - Aka Orange Book
22. Minimal Security
Complex Instruction Set Computers (CISC)
The Red Book
The reference monitor
Orange Book - D
23. The Physical memory address that the CPU uses
Ring 1
Absolute addresses
The TCSEC - Aka Orange Book
A Thread
24. When a vendor submits a product for evaluation - it submits it to the ____________.
Division C - Discretionary Protection
The National Computer Security Center (NCSC)
Pagefile.sys file
D
25. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
Integrity
B1 - Labeled Security
A1 - Rating
Highly secure systems (B2 - B3 and A1)
26. The group that oversees the processes of evaluation within TCSEC is?
A1
Security Policy
Orange Book B
Trusted Products Evaluation Program (TPEP)
27. Permits a database to have two records that are identical except for Their classifications
Clark-Wilson Model
Subject to Object Model
State machine model
Polyinstantiation
28. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
Virtual storage
The security kernel
The Red Book
Government and military applications
29. Components considered as part of the Trusted Computing Base (from the Orange Book) are?
Ring 2
Orange Book B
Trusted hardware - Software and Firmware
Totality of protection mechanisms
30. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
Life-cycle assurance - O/B
Security mechanisms and evalautes their effectivenes
No write down
Security Policy - Orange Book
31. The assignment of a specific individual to administer the security-related functions of a system.
C2
Disclosure of residual data
In C2 - Controlled Access Protection environment
Trusted facility management
32. In both the Bell-LaPadula and Biba Models if the word "* or Star is used - _______________.
A1
The Rule is talking about writing
The Integrity of data within applications
NOT Integrity
33. Happen because input data is not checked for appropriate length at time of input
Clark-Wilson
Buffer overflows
Execution Domain
attributability
34. Intended for environments that require systems to handle classified data.
Division B - Mandatory Protection
B1 - Labeled Security rating
Firmware
Prevent secret information from being accessed
35. Succesfully Evaluated products are placed on?
A Layered Operating System Architecure
Constrained
Fail safe
The Evaluated Products List (EPL) with their corresponding rating
36. Should always trace to individuals responsible for observing and recording the data
Attributable data
Pipelining
Cache Memory
Relative Addresses
37. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
A Limit Register (Memory Management)
Identification - Orange Book
Its classification label (Top Secret - Secret or confidential)
In C2 - Controlled Access Protection environment
38. Applications and user activity
Labels - Orange Book
Ring 3
B2 - Structured Protection
The security kernel
39. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
Virtual Memory
Primary storage
Documentation - Orange Book
The reference monitor
40. Bell-LaPadula model was proposed for enforcing access control in _____________________.
Government and military applications
An abstract machine
A Layered Operating System Architecure
C2 - Controlled Access Protection
41. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
The Thread (memory Management)
Controls the checks
A single classification and a Compartment Set
Division B - Mandatory Protection
42. Each data object must contain a classification label and each subject must have a clearance label.
Discretionary Security Property (ds-property)
B3 - Rating
Attributable - original - accurate - contemporaneous and legible
B1 - Labeled Security
43. What model use an access control triples and requires that the system maintain separation of duty ?
B2 rating
Stored in Reak Memory
Clark-Wilson
Discretionary Security Property (ds-property)
44. Which Orange Book evaluation level is described as "Verified Design"?
Direct Addressing
Labels - Orange Book
B3 - Security Domains
A1
45. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.
Secondary Storage
Polyinstantiation
The Strong star property rule
Physical security
46. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)
Files - directories and devices
Security rating B
Direct Addressing
Firmware
47. Security Labels are not required until __________; thus C2 does not require security labels but B1 does
*-Integrity Axiom
Security rating B
Direct Addressing
Trusted facility management
48. I/O drivers and utilities
Clark-Wilson Model
Ring 2
Complex Instruction Set Computers (CISC)
The "No write Down" Rule
49. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
B2 rating
Evaluated separately
A security kernel
Security Policy is clearly defined and documented
50. What does the simple security (ss) property mean in the Bell-LaPadula model?
Real storage
No read up
Examples of Layered Operating Systems
Types of covert channels
