SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Based on a known address with an offset value applied.
Continuous protection - O/B
Security Policy
The rule is talking about "Reading"
Relative Addresses
2. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
The Rule is talking about writing
Life-cycle assurance - O/B
Enforces the rules
Orange Book - A1
3. Execute one instruction at a time.
Scalar processors
Thrashing
Overt channel
Invocation Property
4. Which describe a condition when RAM and Secondary storage are used together?
Types of covert channels
No read down
Attributable data
Virtual storage
5. When the contents of the address defined in the program's instruction is added to that of an index register.
A security kernel
Primary storage
Direct Addressing
Indexed addressing
6. What is called the formal acceptance of the adequacy of a system's overall security by management?
Life Cycle Assurance Requirement
Process isolation
Accreditation
TCB (Trusted Computing Base)
7. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.
C1 - Discretionary Security Protection
attributability
Prevent secret information from being accessed
Continuous protection - O/B
8. Succesfully Evaluated products are placed on?
The Evaluated Products List (EPL) with their corresponding rating
State machine model
Be protected from modification
The security kernel
9. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
B3 - Security Domains
Covert channels
Enforces the rules
Identification - Orange Book
10. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.
C1
Continuous protection - O/B
Secondary Storage
C2 - Controlled Access Protection
11. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
The security perimeter
B2 rating
Attributable - original - accurate - contemporaneous and legible
Compare the security labels
12. Data in Cache can be accessed much more quickly than Data
Virtual Memory
Orange Book - A1
A security domain
Stored in Reak Memory
13. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
Division B - Mandatory Protection Architecture
An abstract machine
The Simple Security Property
Access control to the objects by the subjects
14. Which increases the performance in a computer by overlapping the steps of different instructions?
Networks and Communications
Assigned labels
Pipelining
Orange Book - B3
15. Operating System Kernel
A single classification and a Compartment Set
Examples of Layered Operating Systems
Ring 0
The Simple Security Property
16. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
Orange Book - B2
C1 - Discrection Security Protection is a type of environment
Its classification label (Top Secret - Secret or confidential)
Models concerned with integrity
17. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.
The security perimeter
The Clark Wilson integrity model
Orange Book - B1
Division C - Discretionary Protection
18. As per FDA data should be ______________________________.
Dedicated Security Mode
Attributable - original - accurate - contemporaneous and legible
The National Computer Security Center (NCSC)
Covert channels
19. Which would be designated as objects on a MAC system?
Its classification label (Top Secret - Secret or confidential)
Files - directories and devices
Programmable Read-Only Memory (PROM)
D
20. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
Ring 2
Attributable - original - accurate - contemporaneous and legible
In C2 - Controlled Access Protection environment
B3 - Security Domains
21. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain
Security rating B
B3 - Security Domains
Orange Book C
Constrained
22. Discretionary protection
Orange Book C
The Trusted Computing Base (TCB)
Division D - Minimal Protection
Physical security
23. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m
Compare the security labels
Clark-Wilson
C2 - Controlled Access Protection
Multilevel Security Policies
24. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
Integrity
Swap Space
B2 - Structured Protection
Controls the checks
25. The C2 evaluation class of the _________________ offers controlled access protection.
NOT Integrity
Labels - Orange Book
Trusted Network Interpretation (TNI)
Overt channel
26. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
A security kernel
Division B - Mandatory Protection Architecture
The trustworthiness of an information system
Swap Space
27. Users need to be Identified individually to provide more precise acces control and auditing functionality.
B2 - Structured Protection
Orange Book - D
C2 - Controlled Access Protection
Division B - Mandatory Protection
28. Should always trace to individuals responsible for observing and recording the data
Ring 3
Attributable data
A1
C2 - Controlled Access Protection
29. Used by Windows systems to reserve the "Swap Space"
Need-to-know
Stored in Reak Memory
Pagefile.sys file
Basic Security Theorem (used in computer science) definition
30. According to the Orange Book - trusted facility management is not required for which security levels?
A Limit Register (Memory Management)
B1
B3 - Security Domains
The "No write Down" Rule
31. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.
Orange Book - B2
First evaluation class
Ring 3
Orange Book A
32. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Orange Book A
Evaluated separately
B1
First evaluation class
33. Each data object must contain a classification label and each subject must have a clearance label.
Logical addresses
B1 - Labeled Security
Evaluated separately
B2 - Structured Protection
34. When a vendor submits a product for evaluation - it submits it to the ____________.
The National Computer Security Center (NCSC)
Government and military applications
Models concerned with integrity
Relative Addresses
35. Mandatory access control is enfored by the use of security labels.
Division B - Mandatory Protection
Orange Book - B1
No read down
Secondary Storage
36. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.
State machine model
Most commonly used approach
The Common Criteria
No read down
37. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma
Discretionary Security Property (ds-property)
The TCSEC - Aka Orange Book
Simple Security Rule
Division B - Mandatory Protection
38. Mandatory Access requires that _____________ be attached to all objects.
Operational assurance requirements
Pipelining
NOT Integrity
Sensitivity labels
39. Which addresses a portion of the primary memory by specifying the actual address of the memory location?
Totality of protection mechanisms
Stored in Reak Memory
The Security Kernel
Direct Addressing
40. The subject must have Need to Know for ONLY the information they are trying to access.
Disclosure of residual data
Virtual storage
Prohibits
System High Security Mode
41. When a portion of primary memory is accessed by specifying the actual address of the memory location
Evaluated separately
The trustworthiness of an information system
Labels - Orange Book
Direct addressing
42. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
The National Computer Security Center (NCSC)
Buffer overflows
Orange Book ratings
Prevent secret information from being accessed
43. In access control terms - the word "dominate" refers to ___________.
Higher or equal to access class
Accountability - Orange Book
The National Computer Security Center (NCSC)
Dedicated Security Mode
44. What model use an access control triples and requires that the system maintain separation of duty ?
Trusted Products Evaluation Program (TPEP)
Totality of protection mechanisms
Clark-Wilson
security protection mechanisms
45. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
attributability
A1 - Rating
Fail safe
International Standard 15408
46. Intended for environments that require systems to handle classified data.
Virtual Memory
Mandatory Access Control (MAC)
B1 - Labeled Security rating
A and B
47. Permits a database to have two records that are identical except for Their classifications
The "No read Up" rule
Dedicated Security Mode
Cache Memory
Polyinstantiation
48. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.
Accreditation
The TCSEC - Aka Orange Book
Life Cycle Assurance Requirement
B3
49. I/O drivers and utilities
The "No read Up" rule
Ring 2
NOT Integrity
Buffer (temporary data storage area)
50. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
Process isolation
Orange Book ratings
Models concerned with integrity
All Mandatory Access Control (MAC) systems
