SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Involves sharing the processor amoung all ready processes
Multitasking
Controlling unauthorized downgrading of information
C2 - Controlled Access Protection
Ring 1
2. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Ring 1
Real storage
C2
Evaluated separately
3. Contains an Address of where the instruction and dara reside that need to be processed.
The Thread (memory Management)
security protection mechanisms
The Integrity of data within applications
Indexed addressing
4. Security Labels are not required until __________; thus C2 does not require security labels but B1 does
Security Policy
Swap Space
Security rating B
C1 - Discretionary Security Protection
5. Each data object must contain a classification label and each subject must have a clearance label.
The Strong star property rule
Firmware
Indexed addressing
B1 - Labeled Security
6. A set of objects that a subject is able to access
A Domain
Reduced Instruction Set Computers (RISC)
Types of covert channels
Trusted hardware - Software and Firmware
7. The Bell-LaPadula model Subjects and Objects are ___________.
B1 - Labeled Security rating
Assigned labels
Logical addresses
security protection mechanisms
8. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
Direct Addressing
B1
In C2 - Controlled Access Protection environment
Dominate the object's sensitivity label
9. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.
Polyinstantiation
A and B
Complex Instruction Set Computers (CISC)
Operational assurance requirements
10. Which Orange Book evaluation level is described as "Discretionary Security Protection"?
C1
Pagefile.sys file
Stored in Reak Memory
Models concerned with integrity
11. The C2 evaluation class of the _________________ offers controlled access protection.
B2
Trusted Network Interpretation (TNI)
Government and military applications
Logical addresses
12. Which Orange Book evaluation level is described as "Verified Design"?
A1
C1 - Discrection Security Protection is a type of environment
Erasable and Programmable Read-Only Memory (EPROM)
The *-Property rule (Star property)
13. The total combination of protection mechanisms within a computer system
Orange Book - B1
Clark-Wilson Model
TCB (Trusted Computing Base)
Highly secure systems (B2 - B3 and A1)
14. Another word for Primary storage and distinguishes physical memory from virtual memory.
Mandatory access control
Real storage
Division B - Mandatory Protection Architecture
Attributable - original - accurate - contemporaneous and legible
15. The security kernel is the mechanism that _____________ of the reference monitor concept.
Programmable Read-Only Memory (PROM)
Enforces the rules
Documentation - Orange Book
C2 - Controlled Access Protection
16. Trusted facility management is an assurance requirement only for ________________.
Files - directories and devices
Basic Security Theorem (used in computer science) definition
Highly secure systems (B2 - B3 and A1)
Attributable data
17. The Bell-LaPadula Model is a _______________.
Subject to Object Model
C2 - Controlled Access Protection
Be protected from modification
Controlling unauthorized downgrading of information
18. As per FDA data should be ______________________________.
The *-Property rule (Star property)
Government and military applications
Attributable - original - accurate - contemporaneous and legible
Networks and Communications
19. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
Division B - Mandatory Protection
B3
Orange Book - B3
Dedicated Security Mode
20. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
Reduced Instruction Set Computers (RISC)
The TCSEC - Aka Orange Book
Simple Integrity Axiom
Division C - Discretionary Protection
21. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards
The Evaluated Products List (EPL) with their corresponding rating
Administrative declaration
The security perimeter
Relative Addresses
22. Mandatory Access requires that _____________ be attached to all objects.
Life-cycle assurance - O/B
The Clark Wilson integrity model
Sensitivity labels
Indirect addressing
23. Permits a database to have two records that are identical except for Their classifications
B1 - Labeled Security rating
Polyinstantiation
A single classification and a Compartment Set
A1 - Rating
24. What are the components of an object's sensitivity label?
The Security Kernel
Division C - Discretionary Protection
Direct addressing
A single classification and a Compartment Set
25. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.
Life Cycle Assurance Requirement
No read up
Polyinstantiation
Accountability - Orange Book
26. Certification is a Technical review that assesses the _____________ - where as Accreditation is management's Official acceptance of the information in the Certification process findings.
Virtual storage
Security Policy - Orange Book
Ring 2
Security mechanisms and evalautes their effectivenes
27. When the RAM and secondary storage are combined the result is __________.
The security kernel
International Standard 15408
Virtual Memory
Division C - Discretionary Protection
28. Which describe a condition when RAM and Secondary storage are used together?
Buffer overflows
Virtual storage
A Layered Operating System Architecure
Isolate processes
29. The first mathematical model of a multi-level security policy used to define the concept of a secure state - the modes of access - and rules for granting access?
Enforces the rules
Multilevel Security Policies
Bell-LaPadula Model
Need-to-know
30. The security mechanisms and the system as a whole must perform predictably and acceptably in different situations continuously.
Operational assurance requirements
Continuous protection - O/B
A single classification and a Compartment Set
Security Policy is clearly defined and documented
31. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)
Firmware
Dominate the object's sensitivity label
Administrative declaration
Simple Integrity Axiom
32. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.
B3 - Rating
C1
The Trusted Computing Base (TCB)
The Evaluated Products List (EPL) with their corresponding rating
33. When the contents of the address defined in the program's instruction is added to that of an index register.
Attributable - original - accurate - contemporaneous and legible
Mandatory access control
A1
Indexed addressing
34. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
Need-to-know
Life-cycle assurance - O/B
Absolute addresses
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
35. What is called the formal acceptance of the adequacy of a system's overall security by management?
Accreditation
Security Policy
Fail safe
Relative Addresses
36. Which would be designated as objects on a MAC system?
Networks and Communications
Files - directories and devices
Buffer overflows
Clark-Wilson
37. Mandatory Protection
Orange Book - B3
Orange Book B
Networks and Communications
Security Policy - Orange Book
38. The Orange Book describes four hierarchical levels to categorize security systems. Which levels require mandatory protection?
Basic Security Theorem (used in computer science) definition
A and B
Most commonly used approach
Higher or equal to access class
39. In both the Bell-LaPadula and Biba Models if the word "* or Star is used - _______________.
Files - directories and devices
B1
The Rule is talking about writing
Orange Book A
40. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.
attributability
The rule is talking about "Reading"
Orange Book ratings
Examples of Layered Operating Systems
41. Succesfully Evaluated products are placed on?
Trusted hardware - Software and Firmware
Orange Book ratings
The Evaluated Products List (EPL) with their corresponding rating
Dedicated Security Mode
42. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.
B1 - Labeled Security rating
The Biba Model
Higher or equal to access class
Ring 0
43. All users have a clearance for and a formal need to know about - all data processed with the system.
Dedicated Security Mode
Trusted Products Evaluation Program (TPEP)
Controls the checks
Division D - Minimal Protection
44. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
Execution Domain
Mandatory access control
Certification
B2
45. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.
Execution Domain
No write down
Clark-Wilson Model
Firmware
46. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
Division B - Mandatory Protection Architecture
Models concerned with integrity
B1 - Labeled Security rating
Absolute addresses
47. The group that oversees the processes of evaluation within TCSEC is?
Trusted Products Evaluation Program (TPEP)
Be protected from modification
The Evaluated Products List (EPL) with their corresponding rating
Discretionary Security Property (ds-property)
48. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)
B3 - Rating
The Simple Security Property
B3 - Security Domains
*-Integrity Axiom
49. Components considered as part of the Trusted Computing Base (from the Orange Book) are?
Discretionary Security Property (ds-property)
Dominate the object's sensitivity label
Trusted hardware - Software and Firmware
Access Matrix model
50. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu
Life-cycle assurance - O/B
B1 - Labeled Security
A Domain
Security Policy is clearly defined and documented
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests