Test your basic knowledge |

CISSP Security Architecture And Design

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system
Isolate processes
The Simple Security Property
Orange Book B
*-Integrity Axiom

2. Which is an ISO standard product evaluation criteria that supersedes several different criteria
Orange Book B
Types of covert channels
The Monolithic Operation system Architecture
The Common Criteria

3. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
Division D - Minimal Protection
Operational assurance requirements
B2 - Structured Protection
Division C - Discretionary Protection

4. Can be erased - modified and upgraded.
A and B
Indirect addressing
Security rating B
Erasable and Programmable Read-Only Memory (EPROM)

5. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
Division D - Minimal Protection
D
The Thread (memory Management)
Operational assurance requirements

6. A system uses the Reference Monitor to ___________________ of a subject and an object?
Compare the security labels
Integrity
Security mechanisms and evalautes their effectivenes
Indirect addressing

7. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
The Trusted Computing Base (TCB)
Highly secure systems (B2 - B3 and A1)
Orange Book A
Implement software or systems in a production environment

8. The TCB is the ________________ within a computer system that work together to enforce a security policy.
Trusted facility management
Totality of protection mechanisms
Virtual Memory
Stored in Reak Memory

9. As per FDA data should be ______________________________.
Orange Book B
Relative Addresses
Attributable - original - accurate - contemporaneous and legible
Security Policy - Orange Book

10. The Policy must be explicit and well defined and enforced by the mechanisms within the system
B3
Security Policy - Orange Book
C1 - Discretionary Security Protection
Life Cycle Assurance Requirement

11. Another word for Primary storage and distinguishes physical memory from virtual memory.
Enforces the rules
The Monolithic Operation system Architecture
Real storage
All Mandatory Access Control (MAC) systems

12. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma
Relative Addresses
Trusted facility management
The Rule is talking about writing
Discretionary Security Property (ds-property)

13. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
Networks and Communications
A security kernel
Mandatory Access Control (MAC)
Covert channels

14. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.
B1 - Labeled Security rating
Controlling unauthorized downgrading of information
Real storage
Electrically Erasable and Programmable Read-Only Memory (EEPROM)

15. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
Reduced Instruction Set Computers (RISC)
Ring 1
C1 - Discrection Security Protection is a type of environment
C2

16. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.
Indexed addressing
Orange Book A
C2 - Controlled Access Protection
The Strong star property rule

17. Involves sharing the processor amoung all ready processes
Orange Book A
Multitasking
Dominate the object's sensitivity label
Orange Book - A1

18. In Access Control terms it means to be higher than or equal to. In the Bell-Lapadula Model - this is refered to as the dominance relation - which is the relationship of the subject's clearance to the object's classification

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

19. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.
security protection mechanisms
Types of covert channels
The Biba Model
Most commonly used approach

20. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
Mandatory Access Control (MAC)
Totality of protection mechanisms
In C2 - Controlled Access Protection environment
Clark-Wilson

21. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.
Orange Book - B2
The Common Criteria
Security rating B
Reduced Instruction Set Computers (RISC)

22. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.
The Biba Model
B2 - Structured Protection
A and B
Assigned labels

23. The Physical memory address that the CPU uses
Overt channel
First evaluation class
Absolute addresses
Examples of Layered Operating Systems

24. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
Access Matrix model
Real storage
The Clark Wilson integrity model
security protection mechanisms

25. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
C1 - Discretionary Security Protection
Covert channels
A Limit Register (Memory Management)
Continuous protection - O/B

26. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
Scalar processors
Security Policy
Division D - Minimal Protection
Controlling unauthorized downgrading of information

27. Contains an Address of where the instruction and dara reside that need to be processed.
A and B
Life-cycle assurance - O/B
The Thread (memory Management)
Stored in Reak Memory

28. Happen because input data is not checked for appropriate length at time of input
Buffer overflows
B3 - Rating
B2 - Structured Protection
Security Policy is clearly defined and documented

29. Certification is a Technical review that assesses the _____________ - where as Accreditation is management's Official acceptance of the information in the Certification process findings.
Security mechanisms and evalautes their effectivenes
Isolate processes
A1
Buffer (temporary data storage area)

30. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
Indexed addressing
Assigned labels
Operational assurance requirements
B3

31. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
Swap Space
Thrashing
A1
Accreditation

32. Mediates all access and Functions between subjects and objects.
A single classification and a Compartment Set
Orange Book C
Primary storage
The Security Kernel

33. Execute one instruction at a time.
Simple Security Rule
Scalar processors
'Dominate'
Continuous protection - O/B

34. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.
Mandatory access control
A Domain
Compare the security labels
A lattice of Intergrity Levels

35. The total combination of protection mechanisms within a computer system
C2 - Controlled Access Protection
Life Cycle Assurance Requirement
TCB (Trusted Computing Base)
The Evaluated Products List (EPL) with their corresponding rating

36. The *-Property rule is refered to as ____________.
The "No write Down" Rule
Its classification label (Top Secret - Secret or confidential)
Continuous protection - O/B
B3 - Security Domains

37. Which Orange Book evaluation level is described as "Discretionary Security Protection"?
A Limit Register (Memory Management)
Networks and Communications
C1
Trusted facility management

38. What access control technique is also known as multilevel security?
Prohibits
C2
Labels - Orange Book
Mandatory access control

39. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
The Security Kernel
Most commonly used approach
B2 - Structured Protection
Totality of protection mechanisms

40. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.
C1 - Discrection Security Protection is a type of environment
Orange Book - B3
Programmable Read-Only Memory (PROM)
Execution Domain

41. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.
C2 - Controlled Access Protection
Pipelining
The "No read Up" rule
The trustworthiness of an information system

42. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.
Cache Memory
The Trusted Computing Base (TCB)
A security kernel
No read down

43. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
A Layered Operating System Architecure
Orange Book interpretations
A1 - Rating
B1 - Labeled Security rating

44. When a computer uses more than one CPU in parallel to execute instructions is known as?
B2
Models concerned with integrity
Multiprocessing
Virtual storage

45. Operating System Kernel
Ring 0
Evaluated separately
Ring 2
Logical addresses

46. Each data object must contain a classification label and each subject must have a clearance label.
Implement software or systems in a production environment
B1 - Labeled Security
Continuous protection - O/B
Ring 0

47. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle
Complex Instruction Set Computers (CISC)
Administrative declaration
Division C - Discretionary Protection
The TCSEC - Aka Orange Book

48. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
B3 - Security Domains
Attributable - original - accurate - contemporaneous and legible
B1
Complex Instruction Set Computers (CISC)

49. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
Clark-Wilson Model
Clark-Wilson
Models concerned with integrity
Trusted hardware - Software and Firmware

50. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.
State machine model
Division C - Discretionary Protection
Multitasking
Higher or equal to access class