Test your basic knowledge |

CISSP Security Architecture And Design

Subjects : certifications, it-skills, cissp

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
Security Policy - Orange Book
Virtual Memory
Orange Book - B3
Most commonly used approach

2. System Architecture that separates system functionality into Hierarchical layers
Stored in Reak Memory
C2 - Controlled Access Protection
A Layered Operating System Architecure
Multiprocessing

3. Remaining parts of the operating system
Orange Book - D
Erasable and Programmable Read-Only Memory (EPROM)
Ring 1
Types of covert channels

4. The Bell-LaPadula Model is a _______________.
C2
Subject to Object Model
Orange Book interpretations
Attributable data

5. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs
Assigned labels
Mandatory Access Control (MAC)
Buffer overflows
Secondary Storage

6. Using TPs (Transformation Procedures) to modify CDIs (Constrained Data) items is refered to as Well-Formed transaction
Life Cycle Assurance Requirement
Government and military applications
Documentation - Orange Book
Clark-Wilson Model

7. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma
Files - directories and devices
Discretionary Security Property (ds-property)
Higher or equal to access class
In C2 - Controlled Access Protection environment

8. For a subject to have read access to an object in a Multi-Level Security Policy - it is necessary that the subject's sensitivity label must ____________________.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

9. According to the Orange Book - trusted facility management is not required for which security levels?
Virtual storage
The security perimeter
Constrained
B1

10. Permits a database to have two records that are identical except for Their classifications
Polyinstantiation
attributability
An abstract machine
Division C - Discretionary Protection

11. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.
A Thread
Firmware
All Mandatory Access Control (MAC) systems
C2 - Controlled Access Protection

12. In the Bell-LaPadula Model the Object's Label contains ___________________.
Its classification label (Top Secret - Secret or confidential)
Erasable and Programmable Read-Only Memory (EPROM)
The Integrity of data within applications
Life Cycle Assurance Requirement

13. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
A Layered Operating System Architecure
Be protected from modification
Security rating B
C1 - Discrection Security Protection is a type of environment

14. A type of memory used for High-speed writing and reading activities.
A1 - Rating
Swap Space
Cache Memory
Attributable data

15. Trusted facility management is an assurance requirement only for ________________.
Mandatory access control
Basic Security Theorem (used in computer science) definition
Highly secure systems (B2 - B3 and A1)
Orange Book interpretations

16. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.
Constrained
Controls the checks
Multitasking
Multilevel Security Policies

17. Applications and user activity
Ring 3
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Need-to-know
International Standard 15408

18. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.
Cache Memory
Execution Domain
The Strong star property rule
All Mandatory Access Control (MAC) systems

19. The group that oversees the processes of evaluation within TCSEC is?
Enforces the rules
Security Policy - Orange Book
Trusted Products Evaluation Program (TPEP)
Trusted Network Interpretation (TNI)

20. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.
Orange Book - B2
Storage and timing
Trusted facility management
Identification - Orange Book

21. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)
Division D - Minimal Protection
Reduced Instruction Set Computers (RISC)
*-Integrity Axiom
Trusted hardware - Software and Firmware

22. Can be erased - modified and upgraded.
Most commonly used approach
Attributable - original - accurate - contemporaneous and legible
Erasable and Programmable Read-Only Memory (EPROM)
Stored in Reak Memory

23. Which can be used as a covert channel?
The National Computer Security Center (NCSC)
Programmable Read-Only Memory (PROM)
Ring 2
Storage and timing

24. What does the * (star) property mean in the Bell-LaPadula model?
A security kernel
System High Security Mode
No write down
Secondary Storage

25. Users need to be Identified individually to provide more precise acces control and auditing functionality.
The Integrity of data within applications
C2 - Controlled Access Protection
Clark-Wilson
Files - directories and devices

26. A domain of trust that shares a single security policy and single management
A security domain
Constrained
C1
Cache Memory

27. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?
Integrity
Reduced Instruction Set Computers (RISC)
The security perimeter
B3

28. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
Ring 2
Ring 3
Documentation - Orange Book
An abstract machine

29. Which would be designated as objects on a MAC system?
D
Models concerned with integrity
Files - directories and devices
Constrained

30. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
Multilevel Security Policies
Its classification label (Top Secret - Secret or confidential)
In C2 - Controlled Access Protection environment
B2 rating

31. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
The "No read Up" rule
Direct Addressing
Thrashing
Models concerned with integrity

32. TCSEC provides a means to evaluate ______________________.
B3
The trustworthiness of an information system
Storage and timing
Models concerned with integrity

33. Bell-LaPadula model was proposed for enforcing access control in _____________________.
Direct Addressing
Government and military applications
The Monolithic Operation system Architecture
Absolute addresses

34. When a computer uses more than one CPU in parallel to execute instructions is known as?
Mandatory Access Control (MAC)
A1 - Rating
The reference monitor
Multiprocessing

35. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use
Real storage
Examples of Layered Operating Systems
A Limit Register (Memory Management)
'Dominate'

36. Subjects and Objects cannot change their security levels once they have been instantiated (created)
Ring 2
C1 - Discrection Security Protection is a type of environment
The Tranqulity principle (The Bell-LaPadula Model)
The trustworthiness of an information system

37. Used by Windows systems to reserve the "Swap Space"
C2 - Controlled Access Protection
Pagefile.sys file
Orange Book - B2
A lattice of Intergrity Levels

38. Mediates all access and Functions between subjects and objects.
Assigned labels
The Security Kernel
Controls the checks
Scalar processors

39. Levels of Security and Levels of Trust Lower Letters of the alphabet represent higher levels of security. Higher numbers indicate a greater level of trust.
The rule is talking about "Reading"
Ring 3
Examples of Layered Operating Systems
Orange Book ratings

40. Which Orange Book evaluation level is described as "Verified Design"?
Division B - Mandatory Protection
Operational assurance requirements
The security perimeter
A1

41. The Availability - Integrity and confidentiality requirements of multitasking operating systems
Complex Instruction Set Computers (CISC)
Protection Rings Support
A1 - Rating
No read down

42. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
The National Computer Security Center (NCSC)
Primary storage
In C2 - Controlled Access Protection environment
Overt channel

43. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system
Ring 1
The Monolithic Operation system Architecture
Dominate the object's sensitivity label
TCB (Trusted Computing Base)

44. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
Thrashing
Execution Domain
Totality of protection mechanisms
Clark-Wilson

45. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
Division B - Mandatory Protection Architecture
A Layered Operating System Architecure
Dominate the object's sensitivity label
Accreditation

46. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards
Models concerned with integrity
Administrative declaration
Covert channels
Pagefile.sys file

47. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
Implement software or systems in a production environment
Virtual Memory
Ring 0
Types of covert channels

48. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
Attributable data
The Rule is talking about writing
A Thread
The Clark Wilson integrity model

49. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
A and B
Orange Book - B1
B3
Types of covert channels

50. The reserved hard drive space used to Extend RAM capabilities. Windows system use the pagefile.sys file to reserve this space
Direct addressing
Swap Space
Security mechanisms and evalautes their effectivenes
The Red Book

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Major Subjects
Tests & Exams AP CLEP DSST GRE SAT GMAT	Certifications CISSP go to https://www.isc2.org/ PMP ITIL RHCE MCTS More...	IT Skills Android Programming Data Modeling Objective C Programming Basic Python Programming Adobe Illustrator More...	Business Skills Advertising Techniques Business Accounting Basics Business Strategy Human Resource Management Marketing Basics More...
Soft Skills Body Language People Skills Public Speaking Persuasion Job Hunting And Resumes More...	Vocabulary GRE Vocab SAT Vocab TOEFL Essential Vocab Basic English Words For All Global Words You Should Know Business English More...	Languages AP German Vocab AP Latin Vocab SAT Subject Test: French Italian Survival Norwegian Survival More...	Engineering Audio Engineering Computer Science Engineering Aerospace Engineering Chemical Engineering Structural Engineering More...
Health Sciences Basic Nursing Skills Health Science Language Fundamentals Veterinary Technology Medical Language Cardiology Clinical Surgery More...	English Grammar Fundamentals Literary And Rhetorical Vocab Elements Of Style Vocab Introduction To English Major Complete Advanced Sentences Literature Homonyms More...	Math Algebra Formulas Basic Arithmetic: Measurements Metric Conversions Geometric Properties Important Math Facts Number Sense Vocab Business Math More...	Other Major Subjects Science Economics History Law Performing-arts Cooking Logic & Reasoning Trivia

Test your basic knowledge |

CISSP Security Architecture And Design

Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?

Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests

Major Subjects

Tests & Exams

Certifications

IT Skills

Business Skills

Soft Skills

Vocabulary

Languages

Engineering

Health Sciences

English

Math

Other Major Subjects

Browse all subjects

Browse all tests

Most popular tests