SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"
Simple Integrity Axiom
Isolate processes
State machine model
The reference monitor
2. Using TPs (Transformation Procedures) to modify CDIs (Constrained Data) items is refered to as Well-Formed transaction
Fail safe
Scalar processors
Attributable - original - accurate - contemporaneous and legible
Clark-Wilson Model
3. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.
Life Cycle Assurance Requirement
B3
Subject to Object Model
Orange Book B
4. Discretionary protection
Accreditation
Government and military applications
Process isolation
Orange Book C
5. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.
Labels - Orange Book
Orange Book interpretations
Covert channels
The Evaluated Products List (EPL) with their corresponding rating
6. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu
Security Policy is clearly defined and documented
C1 - Discretionary Security Protection
Subject to Object Model
No write down
7. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.
A lattice of Intergrity Levels
Government and military applications
Most commonly used approach
Pagefile.sys file
8. The group that oversees the processes of evaluation within TCSEC is?
Trusted Products Evaluation Program (TPEP)
The Biba Model
Orange Book interpretations
Security Policy is clearly defined and documented
9. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
Attributable data
Virtual storage
Security Policy is clearly defined and documented
The Red Book
10. Bell-LaPadula model was proposed for enforcing access control in _____________________.
Orange Book C
attributability
B3
Government and military applications
11. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.
A Limit Register (Memory Management)
Division B - Mandatory Protection Architecture
Accreditation
C1 - Discrection Security Protection is a type of environment
12. A Policy based control. All objects and systems have a sensitivity level assigned to them
Mandatory Access Control (MAC)
A security kernel
C1 - Discretionary Security Protection
Higher or equal to access class
13. Contains the beginning address
Ring 3
The Red Book
Orange Book ratings
A Base Register (Memory Management)
14. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
Prohibits
Division C - Discretionary Protection
Clark-Wilson
Simple Integrity Axiom
15. Subjects and Objects cannot change their security levels once they have been instantiated (created)
The Tranqulity principle (The Bell-LaPadula Model)
The Rule is talking about writing
Pipelining
Polyinstantiation
16. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.
The Simple Security Property
Examples of Layered Operating Systems
Multilevel Security Policies
A Domain
17. When the contents of the address defined in the program's instruction is added to that of an index register.
Indexed addressing
C1 - Discretionary Security Protection
Simple Security Rule
B2 - Structured Protection
18. Which describe a condition when RAM and Secondary storage are used together?
Mandatory access control
The Integrity of data within applications
The Biba Model
Virtual storage
19. A system uses the Reference Monitor to ___________________ of a subject and an object?
Life-cycle assurance - O/B
C2
Compare the security labels
The "No write Down" Rule
20. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
Trusted hardware - Software and Firmware
B2
Division C - Discretionary Protection
Trusted Distribution
21. Remaining parts of the operating system
Division C - Discretionary Protection
Ring 1
Pipelining
Covert channels
22. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
The rule is talking about "Reading"
A1 - Rating
C2 - Controlled Access Protection
Process isolation
23. Which is a straightforward approach that provides access rights to subjects for objects?
Access Matrix model
International Standard 15408
Disclosure of residual data
Most commonly used approach
24. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.
Physical security
Enforces the rules
Files - directories and devices
Indirect addressing
25. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
A lattice of Intergrity Levels
Prevent secret information from being accessed
Attributable - original - accurate - contemporaneous and legible
Ring 1
26. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m
Life Cycle Assurance Requirement
C2 - Controlled Access Protection
Security Policy - Orange Book
The Security Kernel
27. What does the simple integrity axiom mean in the Biba model?
Division B - Mandatory Protection Architecture
Compare the security labels
Higher or equal to access class
No read down
28. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
Models concerned with integrity
Implement software or systems in a production environment
Dedicated Security Mode
Dominate the object's sensitivity label
29. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
Swap Space
Absolute addresses
Discretionary Security Property (ds-property)
A Thread
30. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.
Higher or equal to access class
Sensitivity labels
Operational assurance requirements
Invocation Property
31. Mediates all access and Functions between subjects and objects.
The Red Book
Totality of protection mechanisms
Orange Book - B3
The Security Kernel
32. Data in Cache can be accessed much more quickly than Data
Stored in Reak Memory
The Red Book
The Integrity of data within applications
B3 - Rating
33. Happen because input data is not checked for appropriate length at time of input
A1
Life-cycle assurance - O/B
Buffer overflows
The Simple Security Property
34. Minimal Security
The Monolithic Operation system Architecture
Relative Addresses
Orange Book - D
The security perimeter
35. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
No read down
D
Indexed addressing
The Security Kernel
36. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
C2
Accreditation
In C2 - Controlled Access Protection environment
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
37. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
Division C - Discretionary Protection
Compare the security labels
Mandatory Access Control (MAC)
Fail safe
38. Which can be used as a covert channel?
Storage and timing
The Common Criteria
B3 - Security Domains
Indirect addressing
39. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
Most commonly used approach
C1 - Discretionary Security Protection
B3
Sensitivity labels
40. Mandatory Access requires that _____________ be attached to all objects.
Physical security
The Clark Wilson integrity model
Polyinstantiation
Sensitivity labels
41. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
State machine model
C1 - Discrection Security Protection is a type of environment
First evaluation class
42. System Architecture that separates system functionality into Hierarchical layers
No read down
A Layered Operating System Architecure
Orange Book - D
Division B - Mandatory Protection Architecture
43. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
The reference monitor
Orange Book B
Primary storage
Trusted Products Evaluation Program (TPEP)
44. Security Labels are not required until __________; thus C2 does not require security labels but B1 does
Security Policy - Orange Book
Constrained
A Thread
Security rating B
45. Can be erased - modified and upgraded.
Thrashing
Isolate processes
Examples of Layered Operating Systems
Erasable and Programmable Read-Only Memory (EPROM)
46. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.
Prevent secret information from being accessed
Orange Book C
B3 - Rating
Logical addresses
47. Audit data must be captured and protected to enforce accountability
A Domain
Accountability - Orange Book
The Red Book
The Thread (memory Management)
48. What does the Clark-Wilson security model focus on
Security Policy is clearly defined and documented
C1
Firmware
Integrity
49. Which uses Protection Profiles and Security Targets?
International Standard 15408
Dominate the object's sensitivity label
Division B - Mandatory Protection Architecture
Orange Book B
50. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.
Virtual storage
Pipelining
The Strong star property rule
C1
