SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Trusted facility management is an assurance requirement only for ________________.
A Layered Operating System Architecure
Highly secure systems (B2 - B3 and A1)
Pagefile.sys file
A Domain
2. For a subject to have read access to an object in a Multi-Level Security Policy - it is necessary that the subject's sensitivity label must ____________________.
3. Certification is a Technical review that assesses the _____________ - where as Accreditation is management's Official acceptance of the information in the Certification process findings.
The Tranqulity principle (The Bell-LaPadula Model)
Certification
Swap Space
Security mechanisms and evalautes their effectivenes
4. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.
Its classification label (Top Secret - Secret or confidential)
Evaluated separately
Trusted Distribution
C2 - Controlled Access Protection
5. The Biba Model adresses _____________________.
Protection Rings Support
The Monolithic Operation system Architecture
Indexed addressing
The Integrity of data within applications
6. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
Orange Book - B3
Accreditation
Controlling unauthorized downgrading of information
The reference monitor
7. When the contents of the address defined in the program's instruction is added to that of an index register.
The Thread (memory Management)
System High Security Mode
Indexed addressing
C2 - Controlled Access Protection
8. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
The "No read Up" rule
Pipelining
C2
The security kernel
9. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object
The Tranqulity principle (The Bell-LaPadula Model)
Access control to the objects by the subjects
A Limit Register (Memory Management)
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
10. Which increases the performance in a computer by overlapping the steps of different instructions?
Simple Security Rule
Division D - Minimal Protection
Certification
Pipelining
11. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
Orange Book interpretations
The Rule is talking about writing
Higher or equal to access class
A and B
12. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.
Execution Domain
Orange Book - B3
Swap Space
B3 - Rating
13. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
Clark-Wilson Model
Clark-Wilson
Life-cycle assurance - O/B
Constrained
14. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
Invocation Property
Mandatory access control
Trusted Products Evaluation Program (TPEP)
In C2 - Controlled Access Protection environment
15. System Architecture that separates system functionality into Hierarchical layers
Execution Domain
Assigned labels
A Layered Operating System Architecure
Orange Book - B1
16. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
B1 - Labeled Security rating
Cache Memory
A security kernel
Ring 2
17. When the RAM and secondary storage are combined the result is __________.
Virtual Memory
The Trusted Computing Base (TCB)
A1 - Rating
Orange Book B
18. The Indexed memory addresses that software uses
Relative Addresses
Logical addresses
A1 - Rating
Firmware
19. Which describe a condition when RAM and Secondary storage are used together?
The National Computer Security Center (NCSC)
Virtual storage
All Mandatory Access Control (MAC) systems
'Dominate'
20. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.
'Dominate'
Sensitivity labels
B3 - Rating
Administrative declaration
21. Which addresses a portion of the primary memory by specifying the actual address of the memory location?
Accountability - Orange Book
No read down
Buffer (temporary data storage area)
Direct Addressing
22. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?
The National Computer Security Center (NCSC)
Types of covert channels
The TCSEC - Aka Orange Book
Identification - Orange Book
23. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
D
Covert channels
C2
A Thread
24. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.
Execution Domain
Fail safe
'Dominate'
Basic Security Theorem (used in computer science) definition
25. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma
Discretionary Security Property (ds-property)
Implement software or systems in a production environment
Enforces the rules
Evaluated separately
26. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.
The security perimeter
Controls the checks
Orange Book B
Firmware
27. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Evaluated separately
Attributable data
State machine model
A Base Register (Memory Management)
28. Succesfully Evaluated products are placed on?
The Simple Security Property
The Evaluated Products List (EPL) with their corresponding rating
Scalar processors
Examples of Layered Operating Systems
29. Contains the ending address
Multilevel Security Policies
Access Matrix model
Physical security
A Limit Register (Memory Management)
30. Mandatory access control is enfored by the use of security labels.
Division B - Mandatory Protection
Its Clearance Label (Top Secret - Secret - or Confidential)
Orange Book - D
Access control to the objects by the subjects
31. What are the components of an object's sensitivity label?
Subject to Object Model
A single classification and a Compartment Set
C2
C2
32. Which is a straightforward approach that provides access rights to subjects for objects?
All Mandatory Access Control (MAC) systems
Access Matrix model
Life Cycle Assurance Requirement
Mandatory Access Control (MAC)
33. Discretionary protection
Orange Book C
Fail safe
Firmware
TCB (Trusted Computing Base)
34. In access control terms - the word "dominate" refers to ___________.
Orange Book C
A Limit Register (Memory Management)
B1 - Labeled Security
Higher or equal to access class
35. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
Ring 1
C2 - Controlled Access Protection
Virtual storage
The Red Book
36. Which would be designated as objects on a MAC system?
Multiprocessing
A Domain
Totality of protection mechanisms
Files - directories and devices
37. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
Models concerned with integrity
The Trusted Computing Base (TCB)
Subject to Object Model
Most commonly used approach
38. Which can be used as a covert channel?
A Limit Register (Memory Management)
The Common Criteria
Storage and timing
security protection mechanisms
39. What prevents a process from accessing another process' data?
The National Computer Security Center (NCSC)
Division C - Discretionary Protection
Process isolation
Overt channel
40. Which TCSEC level first addresses object reuse?
Erasable and Programmable Read-Only Memory (EPROM)
B3
The Red Book
C2
41. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)
Firmware
Operational assurance requirements
The "No read Up" rule
The Security Kernel
42. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.
Ring 3
Cache Memory
The National Computer Security Center (NCSC)
The Trusted Computing Base (TCB)
43. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
The security perimeter
The Clark Wilson integrity model
B2 - Structured Protection
Trusted facility management
44. Which Orange Book evaluation level is described as "Verified Design"?
A1
The security kernel
The rule is talking about "Reading"
Execution Domain
45. What is called the formal acceptance of the adequacy of a system's overall security by management?
Invocation Property
A and B
B1 - Labeled Security rating
Accreditation
46. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?
Virtual storage
Disclosure of residual data
The *-Property rule (Star property)
Be protected from modification
47. Documentation must be provided - including test - design - and specification document - user guides and manuals
Documentation - Orange Book
TCB (Trusted Computing Base)
Scalar processors
The Integrity of data within applications
48. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
An abstract machine
Trusted Products Evaluation Program (TPEP)
A lattice of Intergrity Levels
Virtual storage
49. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
The security perimeter
Implement software or systems in a production environment
Mandatory Access Control (MAC)
Physical security
50. Simpler instructions that require fewer clock cycles to execute.
Security rating B
Multilevel Security Policies
Reduced Instruction Set Computers (RISC)
The security kernel
