Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Can be erased - modified and upgraded.






2. The Indexed memory addresses that software uses






3. TCB contains The Security Kernel and all ______________.






4. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.






5. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?






6. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.






7. In the Bell-LaPadula Model the Object's Label contains ___________________.






8. Operating System Kernel






9. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.






10. Individual subjects must be uniquely identified.






11. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object






12. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.






13. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.






14. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)






15. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle






16. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.






17. Which increases the performance in a computer by overlapping the steps of different instructions?






18. The Biba Model adresses _____________________.






19. In the Bell-LaPadula Model the Subject's Label contains ___________________.






20. A1 is also called "Verified Design" and requires formal verification of the design and specifications.






21. A type of memory used for High-speed writing and reading activities.






22. Which Orange Book evaluation level is described as "Verified Design"?






23. A set of objects that a subject is able to access






24. Which Orange Book evaluation level is described as "Controlled Access Protection"? - This class requires a more granular method of providing access control. The system must enforce strict logon procedures and provide decision-making capabilites when






25. When a computer uses more than one CPU in parallel to execute instructions is known as?






26. Mediates all access and Functions between subjects and objects.






27. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.






28. The C2 evaluation class of the _________________ offers controlled access protection.






29. The Policy must be explicit and well defined and enforced by the mechanisms within the system






30. Should always trace to individuals responsible for observing and recording the data






31. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"






32. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.






33. Mandatory Protection






34. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?






35. All users have a clearance for and a formal need to know about - all data processed with the system.






36. The security kernel is the mechanism that _____________ of the reference monitor concept.






37. The Physical memory address that the CPU uses






38. Permits a database to have two records that are identical except for Their classifications






39. Mandatory Access requires that _____________ be attached to all objects.






40. Certification is a Technical review that assesses the _____________ - where as Accreditation is management's Official acceptance of the information in the Certification process findings.






41. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu






42. Based on a known address with an offset value applied.






43. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?






44. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?






45. The Orange book does NOT Cover ________________ - And Database management systems






46. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain






47. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.






48. Subjects and Objects cannot change their security levels once they have been instantiated (created)






49. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data






50. B1 is the ___________________ of the Trusted Network Interpretation (TNI) or TCSEC that offers labeled security protection.