SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
Indirect addressing
Prevent secret information from being accessed
The *-Property rule (Star property)
A security kernel
2. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.
Absolute addresses
Invocation Property
Basic Security Theorem (used in computer science) definition
Life-cycle assurance - O/B
3. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
A1 - Rating
The security kernel
Indirect addressing
Orange Book - A1
4. The group that oversees the processes of evaluation within TCSEC is?
Integrity
Trusted Products Evaluation Program (TPEP)
Enforces the rules
Prevent secret information from being accessed
5. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
Attributable - original - accurate - contemporaneous and legible
Controlling unauthorized downgrading of information
Division D - Minimal Protection
Highly secure systems (B2 - B3 and A1)
6. For a subject to have read access to an object in a Multi-Level Security Policy - it is necessary that the subject's sensitivity label must ____________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
7. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when
The Common Criteria
A security domain
C2
A lattice of Intergrity Levels
8. Should always trace to individuals responsible for observing and recording the data
Networks and Communications
Attributable data
B3 - Security Domains
Files - directories and devices
9. A set of objects that a subject is able to access
Implement software or systems in a production environment
A Domain
C1 - Discrection Security Protection is a type of environment
The National Computer Security Center (NCSC)
10. The Security Model Incorporates the ____________ that should be enforced in the system.
Discretionary Security Property (ds-property)
The Red Book
Security Policy
Mandatory access control
11. Contains the beginning address
Identification - Orange Book
Its Clearance Label (Top Secret - Secret - or Confidential)
A Base Register (Memory Management)
NOT Integrity
12. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)
Simple Integrity Axiom
The security kernel
Firmware
Isolate processes
13. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs
System High Security Mode
The trustworthiness of an information system
Trusted facility management
Secondary Storage
14. In both the Bell-LaPadula and Biba Models if the word "* or Star is used - _______________.
Swap Space
The Rule is talking about writing
Disclosure of residual data
Integrity
15. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
Orange Book - B2
The Red Book
Indirect addressing
Enforces the rules
16. Subjects and Objects cannot change their security levels once they have been instantiated (created)
Division C - Discretionary Protection
Virtual storage
The Tranqulity principle (The Bell-LaPadula Model)
Most commonly used approach
17. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
Implement software or systems in a production environment
Networks and Communications
Orange Book - B1
Evaluated separately
18. Which in the Orange Book ratings represents the highest level of trust?
B2
Documentation - Orange Book
Programmable Read-Only Memory (PROM)
Swap Space
19. The assignment of a specific individual to administer the security-related functions of a system.
A Limit Register (Memory Management)
Covert channels
Trusted facility management
Most commonly used approach
20. What access control technique is also known as multilevel security?
Administrative declaration
security protection mechanisms
Mandatory access control
A security kernel
21. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use
Thrashing
Examples of Layered Operating Systems
'Dominate'
A and B
22. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
The security perimeter
In C2 - Controlled Access Protection environment
Thrashing
23. What does the * (star) property mean in the Bell-LaPadula model?
No write down
Polyinstantiation
Invocation Property
C1 - Discretionary Security Protection
24. Mediates all access and Functions between subjects and objects.
Orange Book A
The Security Kernel
Highly secure systems (B2 - B3 and A1)
Attributable data
25. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
An abstract machine
*-Integrity Axiom
Accreditation
B3
26. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
Cache Memory
Dedicated Security Mode
A and B
Division D - Minimal Protection
27. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
Buffer overflows
C2 - Controlled Access Protection
Evaluated separately
Controls the checks
28. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
Virtual storage
B2 - Structured Protection
Division B - Mandatory Protection Architecture
The Integrity of data within applications
29. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.
Dominate the object's sensitivity label
The reference monitor
Buffer (temporary data storage area)
Access control to the objects by the subjects
30. Access control labels must be associated properly with objects.
Continuous protection - O/B
Documentation - Orange Book
Labels - Orange Book
Administrative declaration
31. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
Life-cycle assurance - O/B
A single classification and a Compartment Set
Prohibits
A Domain
32. The reserved hard drive space used to Extend RAM capabilities. Windows system use the pagefile.sys file to reserve this space
A lattice of Intergrity Levels
Swap Space
In C2 - Controlled Access Protection environment
International Standard 15408
33. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
Access Matrix model
Life Cycle Assurance Requirement
Ring 0
A security kernel
34. A subject at a given clearance may not read an object at a higher classification
Its Clearance Label (Top Secret - Secret - or Confidential)
Orange Book B
The Simple Security Property
Direct Addressing
35. Which would be designated as objects on a MAC system?
Ring 0
Files - directories and devices
Constrained
Prohibits
36. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
A Limit Register (Memory Management)
The Clark Wilson integrity model
Certification
Division C - Discretionary Protection
37. Intended for environments that require systems to handle classified data.
The Rule is talking about writing
Trusted facility management
B1 - Labeled Security rating
Highly secure systems (B2 - B3 and A1)
38. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.
Most commonly used approach
Subject to Object Model
Buffer (temporary data storage area)
Attributable - original - accurate - contemporaneous and legible
39. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
Dominate the object's sensitivity label
Certification
No write down
C2
40. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"
In C2 - Controlled Access Protection environment
International Standard 15408
Life-cycle assurance - O/B
Simple Integrity Axiom
41. Contains the ending address
A Limit Register (Memory Management)
Its classification label (Top Secret - Secret or confidential)
The Red Book
The National Computer Security Center (NCSC)
42. The security kernel is the mechanism that _____________ of the reference monitor concept.
The Monolithic Operation system Architecture
Mandatory Access Control (MAC)
The Common Criteria
Enforces the rules
43. Using TPs (Transformation Procedures) to modify CDIs (Constrained Data) items is refered to as Well-Formed transaction
The Monolithic Operation system Architecture
B2 rating
The National Computer Security Center (NCSC)
Clark-Wilson Model
44. Mandatory Protection
A and B
Indexed addressing
Orange Book B
Division D - Minimal Protection
45. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
Integrity
Implement software or systems in a production environment
Need-to-know
Models concerned with integrity
46. Which is a straightforward approach that provides access rights to subjects for objects?
Security Policy is clearly defined and documented
Access Matrix model
Documentation - Orange Book
An abstract machine
47. What does the simple integrity axiom mean in the Biba model?
Dominate the object's sensitivity label
Orange Book - B3
Direct addressing
No read down
48. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?
Totality of protection mechanisms
Fail safe
No read up
Swap Space
49. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
Continuous protection - O/B
Virtual Memory
A1 - Rating
Compare the security labels
50. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
A1
In C2 - Controlled Access Protection environment
All Mandatory Access Control (MAC) systems
A Base Register (Memory Management)
