Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.






2. System Architecture that separates system functionality into Hierarchical layers






3. Remaining parts of the operating system






4. The Bell-LaPadula Model is a _______________.






5. A nonvolatile storage media etc computer hard drive - floppy disks and CD-ROMs






6. Using TPs (Transformation Procedures) to modify CDIs (Constrained Data) items is refered to as Well-Formed transaction






7. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma






8. For a subject to have read access to an object in a Multi-Level Security Policy - it is necessary that the subject's sensitivity label must ____________________.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


9. According to the Orange Book - trusted facility management is not required for which security levels?






10. Permits a database to have two records that are identical except for Their classifications






11. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.






12. In the Bell-LaPadula Model the Object's Label contains ___________________.






13. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.






14. A type of memory used for High-speed writing and reading activities.






15. Trusted facility management is an assurance requirement only for ________________.






16. Security Policies that prevent information from flowing from a higher security level to a lower security level are called ____________.






17. Applications and user activity






18. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.






19. The group that oversees the processes of evaluation within TCSEC is?






20. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.






21. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)






22. Can be erased - modified and upgraded.






23. Which can be used as a covert channel?






24. What does the * (star) property mean in the Bell-LaPadula model?






25. Users need to be Identified individually to provide more precise acces control and auditing functionality.






26. A domain of trust that shares a single security policy and single management






27. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?






28. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.






29. Which would be designated as objects on a MAC system?






30. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise






31. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)






32. TCSEC provides a means to evaluate ______________________.






33. Bell-LaPadula model was proposed for enforcing access control in _____________________.






34. When a computer uses more than one CPU in parallel to execute instructions is known as?






35. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use






36. Subjects and Objects cannot change their security levels once they have been instantiated (created)






37. Used by Windows systems to reserve the "Swap Space"






38. Mediates all access and Functions between subjects and objects.






39. Levels of Security and Levels of Trust Lower Letters of the alphabet represent higher levels of security. Higher numbers indicate a greater level of trust.






40. Which Orange Book evaluation level is described as "Verified Design"?






41. The Availability - Integrity and confidentiality requirements of multitasking operating systems






42. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.






43. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system






44. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data






45. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.






46. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards






47. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.






48. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.






49. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?






50. The reserved hard drive space used to Extend RAM capabilities. Windows system use the pagefile.sys file to reserve this space







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests