SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. There is only only one class in Division D. Reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
Multilevel Security Policies
B3 - Rating
NOT Integrity
Division D - Minimal Protection
2. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain
Constrained
First evaluation class
Security Policy
Identification - Orange Book
3. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.
C2 - Controlled Access Protection
Orange Book - B1
Absolute addresses
Trusted hardware - Software and Firmware
4. Which uses Protection Profiles and Security Targets?
International Standard 15408
Security Policy
Virtual Memory
A lattice of Intergrity Levels
5. The type of environment that would require A1 systems is the most secure of secure environments. It deals with top-secret information and cannot adequately trust anyone using the systems without strict authentication - restrictions and auditing.
Attributable - original - accurate - contemporaneous and legible
B3
A1 - Rating
The reference monitor
6. A1 is also called "Verified Design" and requires formal verification of the design and specifications.
Orange Book - A1
Orange Book - B3
The Rule is talking about writing
Division B - Mandatory Protection
7. TCSEC provides a means to evaluate ______________________.
A and B
The trustworthiness of an information system
A1 - Rating
A Domain
8. What is called the formal acceptance of the adequacy of a system's overall security by management?
A Thread
Orange Book B
Accreditation
Trusted Network Interpretation (TNI)
9. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
Physical security
Thrashing
Division B - Mandatory Protection Architecture
B3 - Security Domains
10. The Bell-LaPaula Model's main goal was to ___________________ in an unauthorized manner. (Developed by the US gov)
B1 - Labeled Security
Orange Book B
Prevent secret information from being accessed
Orange Book A
11. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
Indexed addressing
B1
Certification
No read up
12. System Architecture that separates system functionality into Hierarchical layers
attributability
Ring 0
A Layered Operating System Architecure
A single classification and a Compartment Set
13. A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
An abstract machine
No read up
Overt channel
A Base Register (Memory Management)
14. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
The Clark Wilson integrity model
The TCSEC - Aka Orange Book
First evaluation class
International Standard 15408
15. What prevents a process from accessing another process' data?
Process isolation
A lattice of Intergrity Levels
Execution Domain
Pipelining
16. In ______________ the subject must have: Need to Know for ALL the information contained within the system.
Labels - Orange Book
Pagefile.sys file
The Common Criteria
Dedicated Security Mode
17. Subjects and Objects cannot change their security levels once they have been instantiated (created)
A security domain
The Tranqulity principle (The Bell-LaPadula Model)
B2
Be protected from modification
18. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.
Division D - Minimal Protection
Highly secure systems (B2 - B3 and A1)
Operational assurance requirements
Integrity
19. Which is a straightforward approach that provides access rights to subjects for objects?
No write down
NOT Integrity
Disclosure of residual data
Access Matrix model
20. When a computer spends more time moving data from one small portion of memory to another THAN Actually processing the data
Continuous protection - O/B
Trusted hardware - Software and Firmware
C2 - Controlled Access Protection
Thrashing
21. Can be erased - modified and upgraded.
Erasable and Programmable Read-Only Memory (EPROM)
Mandatory Access Control (MAC)
Attributable data
The Thread (memory Management)
22. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?
'Dominate'
The TCSEC - Aka Orange Book
System High Security Mode
B3
23. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.
C2 - Controlled Access Protection
Programmable Read-Only Memory (PROM)
A Layered Operating System Architecure
The Thread (memory Management)
24. Which addresses a portion of the primary memory by specifying the actual address of the memory location?
Process isolation
Direct Addressing
C2 - Controlled Access Protection
A1
25. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
B3
No read down
Accountability - Orange Book
Complex Instruction Set Computers (CISC)
26. What are the components of an object's sensitivity label?
B3
B3 - Rating
The Common Criteria
A single classification and a Compartment Set
27. A domain of trust that shares a single security policy and single management
A security domain
A lattice of Intergrity Levels
Multilevel Security Policies
A Base Register (Memory Management)
28. The *-Property rule is refered to as ____________.
The security kernel
The "No write Down" Rule
The Rule is talking about writing
Operational assurance requirements
29. Developed after the Bell-LaPadula model. Its a state machine model and is very similar to the Bell-LaPadula Model.
The Integrity of data within applications
Security mechanisms and evalautes their effectivenes
B3
The Biba Model
30. What is defined as the hardware - firmware and software elements of a trusted computing base that implement the reference monitor concept?
The National Computer Security Center (NCSC)
Clark-Wilson Model
A security kernel
Direct addressing
31. When the address location that is specified in the program instruction contains the address of the final desired location.
The reference monitor
Models concerned with integrity
Indirect addressing
Accountability - Orange Book
32. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.
Relative Addresses
A and B
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Attributable - original - accurate - contemporaneous and legible
33. Levels of Security and Levels of Trust Lower Letters of the alphabet represent higher levels of security. Higher numbers indicate a greater level of trust.
The Rule is talking about writing
Orange Book ratings
C2
The security kernel
34. Simpler instructions that require fewer clock cycles to execute.
The Common Criteria
The Trusted Computing Base (TCB)
In C2 - Controlled Access Protection environment
Reduced Instruction Set Computers (RISC)
35. For a subject to have read access to an object in a Multi-Level Security Policy - it is necessary that the subject's sensitivity label must ____________________.
36. Audit data must be captured and protected to enforce accountability
Accountability - Orange Book
First evaluation class
Indexed addressing
The Red Book
37. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
A lattice of Intergrity Levels
Accountability - Orange Book
Controlling unauthorized downgrading of information
Orange Book C
38. Permits a database to have two records that are identical except for Their classifications
Controls the checks
Totality of protection mechanisms
Polyinstantiation
Life Cycle Assurance Requirement
39. Components considered as part of the Trusted Computing Base (from the Orange Book) are?
Enforces the rules
Trusted hardware - Software and Firmware
C2 - Controlled Access Protection
Identification - Orange Book
40. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
Life-cycle assurance - O/B
Attributable - original - accurate - contemporaneous and legible
Identification - Orange Book
C1 - Discrection Security Protection is a type of environment
41. In B1 the security policy is based on Informal statement and the design specifications are reviewed and verified where as in B2 the ___________________ - and the system design and implementation are subject to more thorough review and testing procedu
B3 - Rating
Security Policy is clearly defined and documented
Buffer overflows
Orange Book - A1
42. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use
The Trusted Computing Base (TCB)
The "No write Down" Rule
Examples of Layered Operating Systems
Compare the security labels
43. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.
C1 - Discretionary Security Protection
The Rule is talking about writing
Swap Space
The rule is talking about "Reading"
44. Individual subjects must be uniquely identified.
Identification - Orange Book
The Biba Model
Dominate the object's sensitivity label
Accreditation
45. The Biba Model - ______________: A subject cannot request service (invoke) to subjects of higher integrity
Multitasking
B3
Virtual Memory
Invocation Property
46. When a computer uses more than one CPU in parallel to execute instructions is known as?
Multiprocessing
A security kernel
Polyinstantiation
The Thread (memory Management)
47. Buffer overflows occurs when a program or process tries to store more data in a _____________ than it was intended to hold.
Multiprocessing
Buffer (temporary data storage area)
A single classification and a Compartment Set
Clark-Wilson Model
48. According to the Orange Book - trusted facility management is not required for which security levels?
B1
Cache Memory
*-Integrity Axiom
The Common Criteria
49. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?
Ring 2
Accountability - Orange Book
Fail safe
Orange Book - D
50. Mandatory Access requires that _____________ be attached to all objects.
The Security Kernel
Sensitivity labels
The security perimeter
Attributable - original - accurate - contemporaneous and legible
