Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.






2. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.






3. Intended for environments that require systems to handle classified data.






4. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.






5. The centerpiece of the DoD Rainbow Series publications.Developed by the National Computer Security Center (NCSC)?






6. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.






7. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.






8. Used by Windows systems to reserve the "Swap Space"






9. Which is an ISO standard product evaluation criteria that supersedes several different criteria






10. Which describe a condition when RAM and Secondary storage are used together?






11. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)






12. Contains an Address of where the instruction and dara reside that need to be processed.






13. When a portion of primary memory is accessed by specifying the actual address of the memory location






14. The Orange book does NOT Cover ________________ - And Database management systems






15. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle






16. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.






17. Involves sharing the processor amoung all ready processes






18. When the RAM and secondary storage are combined the result is __________.






19. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.






20. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.






21. The *-Property rule is refered to as ____________.






22. Applications and user activity






23. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object






24. When a vendor submits a product for evaluation - it submits it to the ____________.






25. An organization within the National Security Agency (NSA) is responsible for Evaluating computer systems and products. The Trusted Product Evaluation program (TPEP) oversees the testing by approved entities of commercial products against a specific s






26. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.






27. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.






28. The Availability - Integrity and confidentiality requirements of multitasking operating systems






29. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity






30. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.






31. What does the simple integrity axiom mean in the Biba model?






32. Which addresses a portion of the primary memory by specifying the actual address of the memory location?






33. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.






34. Which Orange Book evaluation level is described as "Discretionary Security Protection"?






35. A subject at a given clearance may not read an object at a higher classification






36. What are the components of an object's sensitivity label?






37. All users have a clearance for and a formal need to know about - all data processed with the system.






38. What prevents a process from accessing another process' data?






39. As per FDA data should be ______________________________.






40. The Security Model Incorporates the ____________ that should be enforced in the system.






41. In ______________ the subject must have: Need to Know for ALL the information contained within the system.






42. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection






43. Requires more stringent authentication mechanisms and well-defined interfaces among layers.






44. A1 is also called "Verified Design" and requires formal verification of the design and specifications.






45. A system uses the Reference Monitor to ___________________ of a subject and an object?






46. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.






47. Users need to be Identified individually to provide more precise acces control and auditing functionality.






48. Which in the Orange Book ratings represents the highest level of trust?






49. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.






50. Certification is a Technical review that assesses the _____________ - where as Accreditation is management's Official acceptance of the information in the Certification process findings.