SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Happen because input data is not checked for appropriate length at time of input
C2
Orange Book - A1
Buffer overflows
The "No read Up" rule
2. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
Be protected from modification
Fail safe
The trustworthiness of an information system
Erasable and Programmable Read-Only Memory (EPROM)
3. When a portion of primary memory is accessed by specifying the actual address of the memory location
C1 - Discretionary Security Protection
A Limit Register (Memory Management)
Direct addressing
Orange Book - D
4. According to the Orange Book - trusted facility management is not required for which security levels?
B1
Prevent secret information from being accessed
The *-Property rule (Star property)
TCB (Trusted Computing Base)
5. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.
A Limit Register (Memory Management)
C2 - Controlled Access Protection
First evaluation class
Ring 0
6. The total combination of protection mechanisms within a computer system
TCB (Trusted Computing Base)
Division B - Mandatory Protection Architecture
Administrative declaration
'Dominate'
7. The Physical memory address that the CPU uses
Absolute addresses
Simple Security Rule
Files - directories and devices
B3
8. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Polyinstantiation
Mandatory access control
B3
Evaluated separately
9. In the Bell-LaPadula Model the Object's Label contains ___________________.
Complex Instruction Set Computers (CISC)
Execution Domain
Its classification label (Top Secret - Secret or confidential)
Relative Addresses
10. What does the simple integrity axiom mean in the Biba model?
Enforces the rules
Division B - Mandatory Protection Architecture
No read down
Stored in Reak Memory
11. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
Disclosure of residual data
International Standard 15408
Controls the checks
A1 - Rating
12. Can be erased - modified and upgraded.
Erasable and Programmable Read-Only Memory (EPROM)
Division C - Discretionary Protection
A Layered Operating System Architecure
Mandatory Access Control (MAC)
13. Bell-LaPadula Model -______________: A subject in a given security level can NOT WRITE information to a LOWER security level.
The *-Property rule (Star property)
Dedicated Security Mode
Scalar processors
The National Computer Security Center (NCSC)
14. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.
International Standard 15408
Trusted Network Interpretation (TNI)
Multilevel Security Policies
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
15. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
No write down
Files - directories and devices
Continuous protection - O/B
Division B - Mandatory Protection Architecture
16. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?
Enforces the rules
The TCSEC - Aka Orange Book
The Simple Security Property
The Monolithic Operation system Architecture
17. TCB contains The Security Kernel and all ______________.
Multiprocessing
security protection mechanisms
Highly secure systems (B2 - B3 and A1)
The security kernel
18. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs
C1 - Discretionary Security Protection
International Standard 15408
Orange Book interpretations
Secondary Storage
19. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.
B2 - Structured Protection
The Trusted Computing Base (TCB)
Prohibits
Attributable - original - accurate - contemporaneous and legible
20. The Orange book does NOT Cover ________________ - And Database management systems
Networks and Communications
Isolate processes
All Mandatory Access Control (MAC) systems
Dedicated Security Mode
21. When the contents of the address defined in the program's instruction is added to that of an index register.
The Thread (memory Management)
D
Logical addresses
Indexed addressing
22. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.
B2 - Structured Protection
C1 - Discrection Security Protection is a type of environment
Thrashing
Trusted Distribution
23. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
attributability
C1 - Discretionary Security Protection
Orange Book - B3
Polyinstantiation
24. Execute one instruction at a time.
State machine model
Division B - Mandatory Protection Architecture
No write down
Scalar processors
25. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.
B3 - Rating
Types of covert channels
Direct Addressing
The TCSEC - Aka Orange Book
26. The reserved hard drive space used to Extend RAM capabilities. Windows system use the pagefile.sys file to reserve this space
A security domain
Swap Space
TCB (Trusted Computing Base)
Controls the checks
27. Which would be designated as objects on a MAC system?
Virtual Memory
The Simple Security Property
Overt channel
Files - directories and devices
28. Documentation must be provided - including test - design - and specification document - user guides and manuals
The Biba Model
Accreditation
Documentation - Orange Book
Models concerned with integrity
29. The group that oversees the processes of evaluation within TCSEC is?
Trusted Products Evaluation Program (TPEP)
Continuous protection - O/B
Administrative declaration
Invocation Property
30. Which Orange Book evaluation level is described as "Verified Design"?
Division B - Mandatory Protection
Indexed addressing
A1
Ring 2
31. Should always trace to individuals responsible for observing and recording the data
The rule is talking about "Reading"
Models concerned with integrity
No read up
Attributable data
32. Which can be used as a covert channel?
Orange Book - D
Identification - Orange Book
Security Policy - Orange Book
Storage and timing
33. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
Division C - Discretionary Protection
Ring 3
Continuous protection - O/B
Disclosure of residual data
34. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
attributability
The reference monitor
Dominate the object's sensitivity label
Most commonly used approach
35. Certification is a Technical review that assesses the _____________ - where as Accreditation is management's Official acceptance of the information in the Certification process findings.
Security mechanisms and evalautes their effectivenes
Multitasking
A Base Register (Memory Management)
Orange Book ratings
36. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.
Covert channels
The rule is talking about "Reading"
Cache Memory
The Tranqulity principle (The Bell-LaPadula Model)
37. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
TCB (Trusted Computing Base)
Division D - Minimal Protection
The Security Kernel
The Rule is talking about writing
38. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
Invocation Property
The trustworthiness of an information system
Controlling unauthorized downgrading of information
Ring 3
39. Which describe a condition when RAM and Secondary storage are used together?
B2
No read down
Virtual storage
Complex Instruction Set Computers (CISC)
40. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
Prevent secret information from being accessed
System High Security Mode
Life-cycle assurance - O/B
An abstract machine
41. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.
Multitasking
Physical security
The trustworthiness of an information system
A Domain
42. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.
Indirect addressing
The Trusted Computing Base (TCB)
The security perimeter
A1
43. A1 is also called "Verified Design" and requires formal verification of the design and specifications.
First evaluation class
Orange Book - A1
Primary storage
Polyinstantiation
44. Which is a straightforward approach that provides access rights to subjects for objects?
Multitasking
Ring 0
Access Matrix model
Erasable and Programmable Read-Only Memory (EPROM)
45. Bell-LaPadula model was proposed for enforcing access control in _____________________.
C2
Prevent secret information from being accessed
Government and military applications
Compare the security labels
46. A set of objects that a subject is able to access
Certification
Swap Space
Trusted Products Evaluation Program (TPEP)
A Domain
47. Operating System Kernel
The TCSEC - Aka Orange Book
Ring 0
Orange Book - B1
Security mechanisms and evalautes their effectivenes
48. Users need to be Identified individually to provide more precise acces control and auditing functionality.
C2 - Controlled Access Protection
Reduced Instruction Set Computers (RISC)
Operational assurance requirements
Swap Space
49. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
In C2 - Controlled Access Protection environment
Basic Security Theorem (used in computer science) definition
B2 rating
The Red Book
50. TCSEC provides a means to evaluate ______________________.
The trustworthiness of an information system
The reference monitor
Examples of Layered Operating Systems
A single classification and a Compartment Set
