SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An organization within the National Security Agency (NSA) is responsible for Evaluating computer systems and products. The Trusted Product Evaluation program (TPEP) oversees the testing by approved entities of commercial products against a specific s
The National Computer Security Center (NCSC)
Simple Security Rule
The security kernel
The Common Criteria
2. Which is a straightforward approach that provides access rights to subjects for objects?
Ring 0
Access Matrix model
Multilevel Security Policies
Execution Domain
3. Data in Cache can be accessed much more quickly than Data
Security Policy is clearly defined and documented
Stored in Reak Memory
The Trusted Computing Base (TCB)
Indexed addressing
4. Bell-LaPadula Model -______________: A subject in a given security level can NOT WRITE information to a LOWER security level.
The Security Kernel
Clark-Wilson Model
The *-Property rule (Star property)
Multiprocessing
5. Contains an Address of where the instruction and dara reside that need to be processed.
Assigned labels
The Thread (memory Management)
Reduced Instruction Set Computers (RISC)
Ring 3
6. Succesfully Evaluated products are placed on?
Trusted facility management
Networks and Communications
The Evaluated Products List (EPL) with their corresponding rating
C2 - Controlled Access Protection
7. Which would be designated as objects on a MAC system?
Files - directories and devices
Logical addresses
Direct Addressing
Stored in Reak Memory
8. TCB contains The Security Kernel and all ______________.
Bell-LaPadula Model
Pipelining
Indexed addressing
security protection mechanisms
9. If a system initializes in a secure state and all allowed state transitions are secure - the every subsequent state will be secure no matter what inputs occur.
Basic Security Theorem (used in computer science) definition
Pipelining
Buffer overflows
attributability
10. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
Integrity
The security perimeter
Discretionary Security Property (ds-property)
B3
11. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
B3
Division C - Discretionary Protection
Disclosure of residual data
Its Clearance Label (Top Secret - Secret - or Confidential)
12. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
A1 - Rating
B3
Security Policy - Orange Book
Government and military applications
13. Minimal Security
Simple Security Rule
Orange Book - D
A Domain
Secondary Storage
14. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.
State machine model
Security rating B
B1 - Labeled Security rating
Protection Rings Support
15. A1 is also called "Verified Design" and requires formal verification of the design and specifications.
A1 - Rating
Orange Book - A1
International Standard 15408
Clark-Wilson
16. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
Direct addressing
Relative Addresses
Prohibits
B2 rating
17. In ______________ the subject must have: Need to Know for ALL the information contained within the system.
C2 - Controlled Access Protection
Attributable - original - accurate - contemporaneous and legible
B2 - Structured Protection
Dedicated Security Mode
18. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
Indexed addressing
Division B - Mandatory Protection Architecture
The rule is talking about "Reading"
Protection Rings Support
19. Contains the beginning address
Orange Book - D
A Base Register (Memory Management)
The Common Criteria
Buffer (temporary data storage area)
20. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
Sensitivity labels
The Strong star property rule
Orange Book - B1
A Thread
21. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.
Scalar processors
Constrained
Covert channels
Orange Book - D
22. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
The reference monitor
Security Policy is clearly defined and documented
Thrashing
Reduced Instruction Set Computers (RISC)
23. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
Be protected from modification
No read down
Orange Book B
Swap Space
24. Audit data must be captured and protected to enforce accountability
A and B
Mandatory access control
Orange Book interpretations
Accountability - Orange Book
25. Intended for environments that require systems to handle classified data.
The TCSEC - Aka Orange Book
Trusted hardware - Software and Firmware
B1 - Labeled Security rating
Division C - Discretionary Protection
26. What prevents a process from accessing another process' data?
The Evaluated Products List (EPL) with their corresponding rating
Process isolation
A Limit Register (Memory Management)
Orange Book A
27. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
A lattice of Intergrity Levels
The Clark Wilson integrity model
Buffer (temporary data storage area)
Swap Space
28. The *-Property rule is refered to as ____________.
The Integrity of data within applications
The "No write Down" Rule
The security kernel
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
29. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?
Scalar processors
Fail safe
Mandatory access control
Ring 3
30. The Simple Security rule is refered to as______________.
The "No read Up" rule
Direct Addressing
Clark-Wilson Model
The National Computer Security Center (NCSC)
31. In the Bell-LaPadula Model the Subject's Label contains ___________________.
Its Clearance Label (Top Secret - Secret - or Confidential)
Stored in Reak Memory
Simple Security Rule
Overt channel
32. The C2 evaluation class of the _________________ offers controlled access protection.
Division B - Mandatory Protection Architecture
Trusted Network Interpretation (TNI)
*-Integrity Axiom
The security perimeter
33. Which can be used as a covert channel?
Trusted hardware - Software and Firmware
B2 rating
Storage and timing
A security domain
34. A type of memory used for High-speed writing and reading activities.
Accreditation
Cache Memory
security protection mechanisms
The TCSEC - Aka Orange Book
35. What does the * (star) property mean in the Bell-LaPadula model?
Orange Book - A1
No write down
B3
TCB (Trusted Computing Base)
36. In the Bell-LaPadula Model the Object's Label contains ___________________.
Its classification label (Top Secret - Secret or confidential)
The rule is talking about "Reading"
The trustworthiness of an information system
Networks and Communications
37. According to the Orange Book - trusted facility management is not required for which security levels?
TCB (Trusted Computing Base)
C1
B1
Polyinstantiation
38. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
Ring 1
In C2 - Controlled Access Protection environment
Certification
Government and military applications
39. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)
A security domain
A1 - Rating
Clark-Wilson Model
*-Integrity Axiom
40. Simpler instructions that require fewer clock cycles to execute.
C1 - Discretionary Security Protection
Disclosure of residual data
Reduced Instruction Set Computers (RISC)
The Integrity of data within applications
41. The total combination of protection mechanisms within a computer system
Programmable Read-Only Memory (PROM)
NOT Integrity
Be protected from modification
TCB (Trusted Computing Base)
42. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.
Certification
C1 - Discrection Security Protection is a type of environment
Attributable data
Prevent secret information from being accessed
43. Happen because input data is not checked for appropriate length at time of input
Logical addresses
Buffer overflows
Firmware
Continuous protection - O/B
44. The Bell-LaPadula Model is a _______________.
Subject to Object Model
Accreditation
The National Computer Security Center (NCSC)
The security kernel
45. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.
The Strong star property rule
Process isolation
Stored in Reak Memory
Labels - Orange Book
46. The Biba Model - _____________: A subject cannot read data from a lower Integrity level " No Read Down"
Simple Integrity Axiom
The Strong star property rule
Buffer overflows
Polyinstantiation
47. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
Access Matrix model
C1 - Discretionary Security Protection
Accreditation
No read up
48. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.
Physical security
'Dominate'
The Monolithic Operation system Architecture
B3
49. Discretionary protection
Orange Book C
Relative Addresses
attributability
Simple Security Rule
50. In B2 Distinct address spaces must be provided to _________ - and a covert channel analysis is conducted. B2 adds assurance by adding requirements to the design of the system
Multitasking
Clark-Wilson Model
Multiprocessing
Isolate processes
