SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
Division D - Minimal Protection
First evaluation class
B3 - Security Domains
Labels - Orange Book
2. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?
B3
C1
B3 - Security Domains
Stored in Reak Memory
3. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
Access control to the objects by the subjects
Division C - Discretionary Protection
The Clark Wilson integrity model
Attributable data
4. What prevents a process from accessing another process' data?
Process isolation
Protection Rings Support
Isolate processes
Buffer overflows
5. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain
*-Integrity Axiom
The National Computer Security Center (NCSC)
Networks and Communications
Constrained
6. Involves sharing the processor amoung all ready processes
Buffer overflows
Ring 3
Multitasking
Assigned labels
7. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.
Simple Security Rule
The Clark Wilson integrity model
Dedicated Security Mode
Stored in Reak Memory
8. In access control terms - the word "dominate" refers to ___________.
B3
B2 rating
Higher or equal to access class
Firmware
9. Discretionary protection
Orange Book C
Files - directories and devices
Assigned labels
Government and military applications
10. When a vendor submits a product for evaluation - it submits it to the ____________.
The National Computer Security Center (NCSC)
Trusted hardware - Software and Firmware
TCB (Trusted Computing Base)
Compare the security labels
11. Which would be designated as objects on a MAC system?
Prohibits
The Simple Security Property
Files - directories and devices
Networks and Communications
12. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
Its classification label (Top Secret - Secret or confidential)
Ring 0
Implement software or systems in a production environment
A single classification and a Compartment Set
13. The Physical memory address that the CPU uses
B3 - Rating
Security Policy
Absolute addresses
Erasable and Programmable Read-Only Memory (EPROM)
14. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
Clark-Wilson
In C2 - Controlled Access Protection environment
C2 - Controlled Access Protection
Bell-LaPadula Model
15. Operating System Kernel
Accreditation
Ring 0
Its Clearance Label (Top Secret - Secret - or Confidential)
Multilevel Security Policies
16. Which increases the performance in a computer by overlapping the steps of different instructions?
Pipelining
Direct Addressing
Clark-Wilson Model
Simple Security Rule
17. For a subject to have read access to an object in a Multi-Level Security Policy - it is necessary that the subject's sensitivity label must ____________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
18. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
Orange Book interpretations
The security kernel
Certification
Pipelining
19. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
Security mechanisms and evalautes their effectivenes
The security perimeter
Dedicated Security Mode
Controlling unauthorized downgrading of information
20. Which can be used as a covert channel?
A1
Storage and timing
Certification
C2 - Controlled Access Protection
21. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.
Security rating B
The Trusted Computing Base (TCB)
Trusted Distribution
security protection mechanisms
22. I/O drivers and utilities
Attributable data
Ring 2
Complex Instruction Set Computers (CISC)
Simple Security Rule
23. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
C1 - Discretionary Security Protection
The security perimeter
The Strong star property rule
Evaluated separately
24. What are the components of an object's sensitivity label?
The security perimeter
Pagefile.sys file
A single classification and a Compartment Set
Mandatory access control
25. In the Bell-LaPadula Model the Subject's Label contains ___________________.
Its Clearance Label (Top Secret - Secret - or Confidential)
Orange Book - B2
Networks and Communications
C2
26. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
In C2 - Controlled Access Protection environment
Files - directories and devices
Orange Book - A1
The reference monitor
27. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
The security perimeter
B3
Orange Book - B3
Swap Space
28. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.
Dominate the object's sensitivity label
Programmable Read-Only Memory (PROM)
Orange Book - D
The security perimeter
29. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
First evaluation class
The security perimeter
Division C - Discretionary Protection
Basic Security Theorem (used in computer science) definition
30. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.
The Security Kernel
The rule is talking about "Reading"
Thrashing
Scalar processors
31. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
All Mandatory Access Control (MAC) systems
C2
Controls the checks
Isolate processes
32. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
Enforces the rules
A security kernel
Secondary Storage
Subject to Object Model
33. As per FDA data should be ______________________________.
Implement software or systems in a production environment
Attributable - original - accurate - contemporaneous and legible
B2
The National Computer Security Center (NCSC)
34. Data in Cache can be accessed much more quickly than Data
Stored in Reak Memory
B3 - Rating
Division B - Mandatory Protection Architecture
Need-to-know
35. Which is a straightforward approach that provides access rights to subjects for objects?
Basic Security Theorem (used in computer science) definition
Access Matrix model
Models concerned with integrity
The Common Criteria
36. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
TCB (Trusted Computing Base)
The "No read Up" rule
Be protected from modification
Life-cycle assurance - O/B
37. What does the simple security (ss) property mean in the Bell-LaPadula model?
No read up
Polyinstantiation
Implement software or systems in a production environment
The Evaluated Products List (EPL) with their corresponding rating
38. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)
The Biba Model
Stored in Reak Memory
*-Integrity Axiom
The "No read Up" rule
39. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
Invocation Property
The Security Kernel
Isolate processes
Most commonly used approach
40. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.
Identification - Orange Book
Logical addresses
State machine model
Networks and Communications
41. Contains the beginning address
Simple Security Rule
A Base Register (Memory Management)
Continuous protection - O/B
A1 - Rating
42. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
Controls the checks
The Simple Security Property
D
All Mandatory Access Control (MAC) systems
43. Remaining parts of the operating system
Multilevel Security Policies
Ring 1
The security kernel
Reduced Instruction Set Computers (RISC)
44. Bell-LaPadula model was proposed for enforcing access control in _____________________.
Absolute addresses
Government and military applications
Labels - Orange Book
A single classification and a Compartment Set
45. The reserved hard drive space used to Extend RAM capabilities. Windows system use the pagefile.sys file to reserve this space
The National Computer Security Center (NCSC)
Swap Space
Security Policy
The Common Criteria
46. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)
Prohibits
Firmware
Division B - Mandatory Protection Architecture
State machine model
47. In both the Bell-LaPadula and Biba Models if the word "* or Star is used - _______________.
Most commonly used approach
Division B - Mandatory Protection
The Rule is talking about writing
Logical addresses
48. All users have a clearance for and a formal need to know about - all data processed with the system.
Basic Security Theorem (used in computer science) definition
Subject to Object Model
Prohibits
Dedicated Security Mode
49. Permits a database to have two records that are identical except for Their classifications
Polyinstantiation
System High Security Mode
Its Clearance Label (Top Secret - Secret - or Confidential)
Direct Addressing
50. A Policy based control. All objects and systems have a sensitivity level assigned to them
Cache Memory
Security Policy - Orange Book
Mandatory Access Control (MAC)
B1 - Labeled Security