Test your basic knowledge |

CISSP Security Architecture And Design

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Based on a known address with an offset value applied.
Programmable Read-Only Memory (PROM)
Orange Book B
Relative Addresses
Accreditation

2. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
Evaluated separately
State machine model
All Mandatory Access Control (MAC) systems
A and B

3. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system
Isolate processes
Orange Book A
Buffer (temporary data storage area)
The National Computer Security Center (NCSC)

4. The Biba Model adresses _____________________.
The Integrity of data within applications
Identification - Orange Book
Need-to-know
Polyinstantiation

5. The *-Property rule is refered to as ____________.
The "No write Down" Rule
A Limit Register (Memory Management)
C2 - Controlled Access Protection
Execution Domain

6. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
Enforces the rules
A Thread
Prevent secret information from being accessed
Orange Book B

7. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs
Direct addressing
Ring 1
Secondary Storage
Access Matrix model

8. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
A1 - Rating
Attributable data
Multitasking
In C2 - Controlled Access Protection environment

9. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.
Need-to-know
Mandatory access control
Life Cycle Assurance Requirement
Physical security

10. The Availability - Integrity and confidentiality requirements of multitasking operating systems
C2
B2 rating
C1 - Discrection Security Protection is a type of environment
Protection Rings Support

11. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.
Swap Space
Buffer (temporary data storage area)
Need-to-know
B2 - Structured Protection

12. Contains an Address of where the instruction and dara reside that need to be processed.
The Thread (memory Management)
The security kernel
Virtual Memory
'Dominate'

13. Subjects and Objects cannot change their security levels once they have been instantiated (created)
Multitasking
Buffer (temporary data storage area)
The Tranqulity principle (The Bell-LaPadula Model)
Totality of protection mechanisms

14. A set of objects that a subject is able to access
Fail safe
Cache Memory
Secondary Storage
A Domain

15. When the address location that is specified in the program instruction contains the address of the final desired location.
Indirect addressing
Indexed addressing
The Red Book
Firmware

16. Which can be used as a covert channel?
Storage and timing
Integrity
Be protected from modification
Pipelining

17. What does the * (star) property mean in the Bell-LaPadula model?
The "No write Down" Rule
No write down
Orange Book interpretations
Prohibits

18. What are the components of an object's sensitivity label?
C2 - Controlled Access Protection
Orange Book ratings
A single classification and a Compartment Set
First evaluation class

19. TCSEC provides a means to evaluate ______________________.
Files - directories and devices
Orange Book B
C2 - Controlled Access Protection
The trustworthiness of an information system

20. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.
The security perimeter
The "No read Up" rule
attributability
Reduced Instruction Set Computers (RISC)

21. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
The National Computer Security Center (NCSC)
Orange Book - B3
All Mandatory Access Control (MAC) systems
B3

22. When the RAM and secondary storage are combined the result is __________.
Orange Book - A1
Orange Book B
Division C - Discretionary Protection
Virtual Memory

23. Access control labels must be associated properly with objects.
Orange Book A
Identification - Orange Book
Covert channels
Labels - Orange Book

24. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
B2 rating
Continuous protection - O/B
Polyinstantiation
Buffer (temporary data storage area)

25. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
All Mandatory Access Control (MAC) systems
A1
The security perimeter
Orange Book - B3

26. Which is an ISO standard product evaluation criteria that supersedes several different criteria
Compare the security labels
A Base Register (Memory Management)
B2 - Structured Protection
The Common Criteria

27. What prevents a process from accessing another process' data?
Subject to Object Model
Relative Addresses
The Tranqulity principle (The Bell-LaPadula Model)
Process isolation

28. Mediates all access and Functions between subjects and objects.
Higher or equal to access class
The Security Kernel
In C2 - Controlled Access Protection environment
C2

29. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.
The Thread (memory Management)
Accountability - Orange Book
C2 - Controlled Access Protection
A Base Register (Memory Management)

30. The Red Book aka Trusted Network Interpretation (TNI) - provides _________________ for Trusted computer and communications network systems under the areas of assurance requirements
TCB (Trusted Computing Base)
Orange Book interpretations
Mandatory access control
C1 - Discrection Security Protection is a type of environment

31. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.
B3 - Rating
The Tranqulity principle (The Bell-LaPadula Model)
Controls the checks
Electrically Erasable and Programmable Read-Only Memory (EEPROM)

32. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
A Base Register (Memory Management)
Operational assurance requirements
Overt channel
Certification

33. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.
Indexed addressing
The Trusted Computing Base (TCB)
Division B - Mandatory Protection
A security kernel

34. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
Attributable - original - accurate - contemporaneous and legible
Identification - Orange Book
First evaluation class
The security kernel

35. A Policy based control. All objects and systems have a sensitivity level assigned to them
The Clark Wilson integrity model
In C2 - Controlled Access Protection environment
Access control to the objects by the subjects
Mandatory Access Control (MAC)

36. Certification is a Technical review that assesses the _____________ - where as Accreditation is management's Official acceptance of the information in the Certification process findings.
The Trusted Computing Base (TCB)
Security mechanisms and evalautes their effectivenes
Operational assurance requirements
In C2 - Controlled Access Protection environment

37. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
Highly secure systems (B2 - B3 and A1)
Orange Book - B2
Prevent secret information from being accessed
The rule is talking about "Reading"

38. When a portion of primary memory is accessed by specifying the actual address of the memory location
Direct addressing
Relative Addresses
Security mechanisms and evalautes their effectivenes
The security kernel

39. The Security Model Incorporates the ____________ that should be enforced in the system.
Assigned labels
Security Policy
The trustworthiness of an information system
Physical security

40. Intended for environments that require systems to handle classified data.
The Evaluated Products List (EPL) with their corresponding rating
B1 - Labeled Security rating
The Strong star property rule
Complex Instruction Set Computers (CISC)

41. The Simple Security rule is refered to as______________.
The "No read Up" rule
Clark-Wilson
The Integrity of data within applications
A1 - Rating

42. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
Reduced Instruction Set Computers (RISC)
Constrained
Networks and Communications
Invocation Property

43. Operating System Kernel
Ring 0
Enforces the rules
Constrained
Assigned labels

44. Which TCSEC level first addresses object reuse?
Controls the checks
Stored in Reak Memory
C2
Protection Rings Support

45. The Policy must be explicit and well defined and enforced by the mechanisms within the system
Security Policy - Orange Book
Assigned labels
A Limit Register (Memory Management)
Relative Addresses

46. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
Multilevel Security Policies
A security kernel
C2 - Controlled Access Protection
Absolute addresses

47. The Bell-LaPadula model Subjects and Objects are ___________.
Assigned labels
Access control to the objects by the subjects
In C2 - Controlled Access Protection environment
Models concerned with integrity

48. Each data object must contain a classification label and each subject must have a clearance label.
Division B - Mandatory Protection Architecture
Security Policy
Sensitivity labels
B1 - Labeled Security

49. Bell-LaPadula model was proposed for enforcing access control in _____________________.
A Limit Register (Memory Management)
The security perimeter
B1 - Labeled Security rating
Government and military applications

50. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
Primary storage
Trusted Distribution
Clark-Wilson
Security rating B

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Major Subjects
Tests & Exams AP CLEP DSST GRE SAT GMAT	Certifications CISSP go to https://www.isc2.org/ PMP ITIL RHCE MCTS More...	IT Skills Android Programming Data Modeling Objective C Programming Basic Python Programming Adobe Illustrator More...	Business Skills Advertising Techniques Business Accounting Basics Business Strategy Human Resource Management Marketing Basics More...
Soft Skills Body Language People Skills Public Speaking Persuasion Job Hunting And Resumes More...	Vocabulary GRE Vocab SAT Vocab TOEFL Essential Vocab Basic English Words For All Global Words You Should Know Business English More...	Languages AP German Vocab AP Latin Vocab SAT Subject Test: French Italian Survival Norwegian Survival More...	Engineering Audio Engineering Computer Science Engineering Aerospace Engineering Chemical Engineering Structural Engineering More...
Health Sciences Basic Nursing Skills Health Science Language Fundamentals Veterinary Technology Medical Language Cardiology Clinical Surgery More...	English Grammar Fundamentals Literary And Rhetorical Vocab Elements Of Style Vocab Introduction To English Major Complete Advanced Sentences Literature Homonyms More...	Math Algebra Formulas Basic Arithmetic: Measurements Metric Conversions Geometric Properties Important Math Facts Number Sense Vocab Business Math More...	Other Major Subjects Science Economics History Law Performing-arts Cooking Logic & Reasoning Trivia

Test your basic knowledge |

CISSP Security Architecture And Design

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests

Major Subjects

Tests & Exams

Certifications

IT Skills

Business Skills

Soft Skills

Vocabulary

Languages

Engineering

Health Sciences

English

Math

Other Major Subjects

Browse all subjects

Browse all tests

Most popular tests