Test your basic knowledge |

CISSP Security Architecture And Design

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.






2. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.






3. The group that oversees the processes of evaluation within TCSEC is?






4. Applications and user activity






5. Happen because input data is not checked for appropriate length at time of input






6. Which computer design approaches is based on the fact that in earlier technologies - the instruction fetch was the longest part of the cycle






7. Remaining parts of the operating system






8. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.






9. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.






10. A process that resides in a privileged domain to be able to execute its instructions and process its data with the assurance that programs in a different domain can NOT negatively affect its environment.






11. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.






12. Which describe a condition when RAM and Secondary storage are used together?






13. What are the components of an object's sensitivity label?






14. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)






15. Based on The Bell-LaPadula model - because it allows for multilevel security to be integrated into the code.






16. Logical access control mechanisms are used to enforce authentication and the uniquenes of each individual's identification.






17. When a computer uses more than one CPU in parallel to execute instructions is known as?






18. A type of memory used for High-speed writing and reading activities.






19. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.






20. Individual subjects must be uniquely identified.






21. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.






22. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.






23. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.






24. A system uses the Reference Monitor to ___________________ of a subject and an object?






25. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.






26. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.






27. Contains the beginning address






28. Components considered as part of the Trusted Computing Base (from the Orange Book) are?






29. The Policy must be explicit and well defined and enforced by the mechanisms within the system






30. Used by Windows systems to reserve the "Swap Space"






31. In the Bell-LaPadula Model the Subject's Label contains ___________________.






32. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.






33. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use






34. When the RAM and secondary storage are combined the result is __________.






35. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)






36. Based on a known address with an offset value applied.






37. Access control labels must be associated properly with objects.






38. I/O drivers and utilities






39. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities






40. Reference Monitor is responsible for ______________ it compares the security labels of a subject and an object






41. A domain of trust that shares a single security policy and single management






42. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.






43. Which can be used as a covert channel?






44. The total(sum)combination of protection mechanisms within a computer system. The TCB includes hardware - software - and firmware.






45. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?






46. A Policy based control. All objects and systems have a sensitivity level assigned to them






47. Verification Protection






48. What model use an access control triples and requires that the system maintain separation of duty ?






49. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.






50. Which uses Protection Profiles and Security Targets?







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests