SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
The Biba Model
The reference monitor
Complex Instruction Set Computers (CISC)
The Clark Wilson integrity model
2. When the address location that is specified in the program instruction contains the address of the final desired location.
Indirect addressing
The Monolithic Operation system Architecture
Swap Space
Trusted facility management
3. The Availability - Integrity and confidentiality requirements of multitasking operating systems
Protection Rings Support
Ring 0
Compare the security labels
Physical security
4. What are the components of an object's sensitivity label?
Orange Book interpretations
B2 rating
A1
A single classification and a Compartment Set
5. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.
System High Security Mode
The Common Criteria
C1 - Discrection Security Protection is a type of environment
The security perimeter
6. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.
Integrity
attributability
Absolute addresses
Administrative declaration
7. Contains the ending address
Orange Book ratings
B2 rating
A Limit Register (Memory Management)
The rule is talking about "Reading"
8. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
C2 - Controlled Access Protection
Dedicated Security Mode
A security kernel
The Thread (memory Management)
9. When a computer uses more than one CPU in parallel to execute instructions is known as?
Orange Book - B1
Virtual Memory
Multiprocessing
The "No write Down" Rule
10. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
A Limit Register (Memory Management)
A security kernel
The Security Kernel
Division B - Mandatory Protection Architecture
11. Bell-LaPadula Model -______________: A subject in a given security level can NOT WRITE information to a LOWER security level.
The Tranqulity principle (The Bell-LaPadula Model)
attributability
Ring 3
The *-Property rule (Star property)
12. The C2 evaluation class of the _________________ offers controlled access protection.
B3 - Rating
Attributable - original - accurate - contemporaneous and legible
Trusted Network Interpretation (TNI)
A Thread
13. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?
Orange Book C
Controls the checks
B3
Fail safe
14. The total combination of protection mechanisms within a computer system
A lattice of Intergrity Levels
TCB (Trusted Computing Base)
The Integrity of data within applications
The security kernel
15. Components considered as part of the Trusted Computing Base (from the Orange Book) are?
The Monolithic Operation system Architecture
A1
Pagefile.sys file
Trusted hardware - Software and Firmware
16. Which would be designated as objects on a MAC system?
Assigned labels
Process isolation
Dedicated Security Mode
Files - directories and devices
17. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object
The Monolithic Operation system Architecture
Orange Book - B2
Access control to the objects by the subjects
Basic Security Theorem (used in computer science) definition
18. Mandatory access control is enfored by the use of security labels.
Ring 1
C2
Division B - Mandatory Protection
Programmable Read-Only Memory (PROM)
19. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
Orange Book - B3
Absolute addresses
Overt channel
NOT Integrity
20. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.
A Limit Register (Memory Management)
Storage and timing
Simple Security Rule
Higher or equal to access class
21. Simpler instructions that require fewer clock cycles to execute.
Orange Book - B2
Reduced Instruction Set Computers (RISC)
Dedicated Security Mode
An abstract machine
22. Which describe a condition when RAM and Secondary storage are used together?
Virtual storage
The Clark Wilson integrity model
Ring 0
Bell-LaPadula Model
23. Based on a known address with an offset value applied.
Orange Book C
C2 - Controlled Access Protection
'Dominate'
Relative Addresses
24. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
Storage and timing
Covert channels
B2 rating
attributability
25. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
Reduced Instruction Set Computers (RISC)
The National Computer Security Center (NCSC)
Trusted Products Evaluation Program (TPEP)
A1 - Rating
26. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.
B3 - Rating
Life Cycle Assurance Requirement
Be protected from modification
A and B
27. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.
Indexed addressing
State machine model
Protection Rings Support
Buffer overflows
28. What does the Clark-Wilson security model focus on
Integrity
Need-to-know
Clark-Wilson Model
Access control to the objects by the subjects
29. The assignment of a specific individual to administer the security-related functions of a system.
The "No read Up" rule
B2
Trusted facility management
*-Integrity Axiom
30. What does the * (star) property mean in the Bell-LaPadula model?
Security rating B
The "No write Down" Rule
No write down
NOT Integrity
31. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
In C2 - Controlled Access Protection environment
Simple Integrity Axiom
Division D - Minimal Protection
Most commonly used approach
32. The security kernel is the mechanism that _____________ of the reference monitor concept.
Thrashing
Enforces the rules
A1
Ring 2
33. Should always trace to individuals responsible for observing and recording the data
Constrained
Attributable data
B3
Enforces the rules
34. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system
The Monolithic Operation system Architecture
B3 - Security Domains
Logical addresses
Buffer overflows
35. The subject must have Need to Know for ONLY the information they are trying to access.
Absolute addresses
A security domain
Invocation Property
System High Security Mode
36. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use
The security perimeter
Examples of Layered Operating Systems
The "No read Up" rule
Simple Security Rule
37. TCSEC provides a means to evaluate ______________________.
The trustworthiness of an information system
Multiprocessing
Discretionary Security Property (ds-property)
Trusted hardware - Software and Firmware
38. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
Accreditation
Overt channel
B3 - Security Domains
Secondary Storage
39. A system uses the Reference Monitor to ___________________ of a subject and an object?
Need-to-know
The "No read Up" rule
Files - directories and devices
Compare the security labels
40. Which addresses a portion of the primary memory by specifying the actual address of the memory location?
B1 - Labeled Security rating
Trusted hardware - Software and Firmware
Direct Addressing
State machine model
41. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.
Secondary Storage
The Biba Model
Division C - Discretionary Protection
Dominate the object's sensitivity label
42. Certification is a Technical review that assesses the _____________ - where as Accreditation is management's Official acceptance of the information in the Certification process findings.
D
Constrained
Security mechanisms and evalautes their effectivenes
Ring 0
43. I/O drivers and utilities
Ring 2
Most commonly used approach
Absolute addresses
Assigned labels
44. Verification Protection
Orange Book A
Controlling unauthorized downgrading of information
Attributable - original - accurate - contemporaneous and legible
In C2 - Controlled Access Protection environment
45. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
Be protected from modification
The Security Kernel
Ring 2
Types of covert channels
46. A Policy based control. All objects and systems have a sensitivity level assigned to them
Isolate processes
Dominate the object's sensitivity label
Mandatory Access Control (MAC)
A and B
47. When the contents of the address defined in the program's instruction is added to that of an index register.
attributability
Relative Addresses
Indexed addressing
First evaluation class
48. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.
Isolate processes
B3
Multiprocessing
Orange Book - B2
49. The Bell-LaPadula model Subjects and Objects are ___________.
B3 - Rating
Direct addressing
Assigned labels
Integrity
50. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.
Identification - Orange Book
Enforces the rules
Continuous protection - O/B
B2
