SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
Ring 1
Prohibits
Security rating B
The Common Criteria
2. Using TPs (Transformation Procedures) to modify CDIs (Constrained Data) items is refered to as Well-Formed transaction
Bell-LaPadula Model
Clark-Wilson Model
Government and military applications
The Common Criteria
3. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
Life-cycle assurance - O/B
Trusted Network Interpretation (TNI)
Implement software or systems in a production environment
No write down
4. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
Orange Book - A1
The Common Criteria
A Domain
The reference monitor
5. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
C1
Division D - Minimal Protection
Indirect addressing
Mandatory Access Control (MAC)
6. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.
Buffer (temporary data storage area)
Protection Rings Support
Ring 2
C1 - Discretionary Security Protection
7. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
B3
Files - directories and devices
Multiprocessing
Totality of protection mechanisms
8. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
A security kernel
The Integrity of data within applications
Indirect addressing
Division C - Discretionary Protection
9. Users are trusted but a certain level of accountability is required. C2 over is seen as the most reasonable class for commmercial applications - but the level of protection is still relatively weak.
In C2 - Controlled Access Protection environment
Totality of protection mechanisms
Orange Book - B2
Division B - Mandatory Protection Architecture
10. The Simple Security rule is refered to as______________.
The "No read Up" rule
Virtual Memory
Basic Security Theorem (used in computer science) definition
Security Policy is clearly defined and documented
11. The Bell-LaPadula model Subjects and Objects are ___________.
Multilevel Security Policies
A lattice of Intergrity Levels
Assigned labels
Orange Book interpretations
12. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
State machine model
Prevent secret information from being accessed
'Dominate'
The "No read Up" rule
13. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?
Enforces the rules
B3
Multilevel Security Policies
Division D - Minimal Protection
14. Mandatory Protection
Orange Book B
Thrashing
Security Policy
Disclosure of residual data
15. This type of environment is highly secured environment that processes very sensitive information. It requires systems that are highly resistant to penetration.
B3 - Rating
The National Computer Security Center (NCSC)
Orange Book - B2
NOT Integrity
16. An imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?
The security perimeter
The Tranqulity principle (The Bell-LaPadula Model)
Accreditation
The Biba Model
17. When a vendor submits a product for evaluation - it submits it to the ____________.
The National Computer Security Center (NCSC)
Execution Domain
Trusted facility management
Mandatory access control
18. The hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept.
The security kernel
Life Cycle Assurance Requirement
Accreditation
Swap Space
19. The TCB is the ________________ within a computer system that work together to enforce a security policy.
Totality of protection mechanisms
Need-to-know
Orange Book - A1
Swap Space
20. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
Models concerned with integrity
International Standard 15408
Operational assurance requirements
The reference monitor
21. The Bell-LaPadula Model is a _______________ that enforces Confidentiality aspect of access control. Formed by David Bell and Leonard LaPadula.
Trusted Distribution
State machine model
Mandatory access control
The Tranqulity principle (The Bell-LaPadula Model)
22. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.
Security rating B
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Orange Book - B1
Ring 0
23. A subject at a given clearance may not read an object at a higher classification
The Thread (memory Management)
First evaluation class
The Simple Security Property
Files - directories and devices
24. The security kernel is the mechanism that _____________ of the reference monitor concept.
Enforces the rules
First evaluation class
Accreditation
*-Integrity Axiom
25. TCB contains The Security Kernel and all ______________.
Real storage
security protection mechanisms
Orange Book B
Discretionary Security Property (ds-property)
26. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards
Storage and timing
Clark-Wilson Model
Trusted Products Evaluation Program (TPEP)
Administrative declaration
27. A type of memory used for High-speed writing and reading activities.
Integrity
Enforces the rules
Cache Memory
Mandatory Access Control (MAC)
28. What does the simple security (ss) property mean in the Bell-LaPadula model?
Scalar processors
No read up
Trusted Products Evaluation Program (TPEP)
Life Cycle Assurance Requirement
29. Configuration management is also defined in the Orange Book BUT As a _____________________ and NOT an operational assurance requirement.
Life Cycle Assurance Requirement
Swap Space
B3
Pipelining
30. When a portion of primary memory is accessed by specifying the actual address of the memory location
A security kernel
Orange Book B
Direct addressing
Isolate processes
31. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.
Thrashing
A lattice of Intergrity Levels
A single classification and a Compartment Set
attributability
32. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.
B2 - Structured Protection
Government and military applications
Physical security
The rule is talking about "Reading"
33. Involves sharing the processor amoung all ready processes
Bell-LaPadula Model
Orange Book - B3
Multitasking
The Security Kernel
34. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
The rule is talking about "Reading"
C2 - Controlled Access Protection
A Thread
Security rating B
35. The Orange book requires protection against two_____________ - which are these Timing and Storage
A single classification and a Compartment Set
Types of covert channels
The "No write Down" Rule
Orange Book C
36. The object reuse concept must also be invoked - meaning that any medium holding data must not contain any remnants of information after it is released for another subject to use. All data must be efficiently erased once the subject is doen with the m
Reduced Instruction Set Computers (RISC)
Isolate processes
Implement software or systems in a production environment
C2 - Controlled Access Protection
37. According to the Orange Book - trusted facility management is not required for which security levels?
Physical security
The Common Criteria
B1
B3
38. Which TCSEC level first addresses object reuse?
C2
Relative Addresses
attributability
B1
39. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
Its classification label (Top Secret - Secret or confidential)
Orange Book - B2
Be protected from modification
Identification - Orange Book
40. Which can be used as a covert channel?
Orange Book - B3
Storage and timing
The security perimeter
State machine model
41. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain
Swap Space
Constrained
Bell-LaPadula Model
C1 - Discrection Security Protection is a type of environment
42. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)
*-Integrity Axiom
The Trusted Computing Base (TCB)
Pipelining
First evaluation class
43. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.
The security kernel
Pipelining
A and B
Covert channels
44. Security Labels are not required until __________; thus C2 does not require security labels but B1 does
First evaluation class
Virtual Memory
Security rating B
Clark-Wilson Model
45. In the Orange Book - functionality and assurance are NOT _____________ as they are in the ITSEC and the Common Criteria.
Evaluated separately
Security rating B
C1 - Discrection Security Protection is a type of environment
Programmable Read-Only Memory (PROM)
46. Access control labels must be associated properly with objects.
Virtual Memory
Discretionary Security Property (ds-property)
Primary storage
Labels - Orange Book
47. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.
The rule is talking about "Reading"
Indexed addressing
Dominate the object's sensitivity label
The *-Property rule (Star property)
48. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma
Overt channel
The Monolithic Operation system Architecture
Security Policy - Orange Book
Discretionary Security Property (ds-property)
49. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
Direct addressing
The Red Book
A Thread
'Dominate'
50. Which describe a condition when RAM and Secondary storage are used together?
Highly secure systems (B2 - B3 and A1)
Types of covert channels
Clark-Wilson Model
Virtual storage
