SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Data in Cache can be accessed much more quickly than Data
No read down
Stored in Reak Memory
Assigned labels
Polyinstantiation
2. In the Bell-LaPadula Model the Object's Label contains ___________________.
Its classification label (Top Secret - Secret or confidential)
Ring 3
Documentation - Orange Book
Division B - Mandatory Protection
3. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
B3 - Security Domains
Ring 1
Storage and timing
The TCSEC - Aka Orange Book
4. Which integrity model defines a constrained data item - an integrity verification procedure and a transformation procedure?
The Clark Wilson integrity model
B2 - Structured Protection
C2 - Controlled Access Protection
Logical addresses
5. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
C2 - Controlled Access Protection
C1
Sensitivity labels
A Thread
6. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.
Orange Book - B2
The Trusted Computing Base (TCB)
The security perimeter
The National Computer Security Center (NCSC)
7. In ______________ the subject must have: Need to Know for ALL the information contained within the system.
Sensitivity labels
Dedicated Security Mode
Orange Book - B1
Indirect addressing
8. According to the Orange Book - which security level is the first to require a system to protect against covert timing channels?
Accreditation
B3
Sensitivity labels
The Clark Wilson integrity model
9. THE (Technische Hogeschool Eindhoven) - VAX/VMS - Multics and Unix . THE and Multics are no longer in use
Examples of Layered Operating Systems
B2 - Structured Protection
A security domain
Secondary Storage
10. The Orange book requires protection against two_____________ - which are these Timing and Storage
A1 - Rating
Trusted hardware - Software and Firmware
Direct addressing
Types of covert channels
11. Software - hardware and firmware must be able to be tested individually to ensure that each enforces the security policy in an effective manner throughout their lifetimes.
C2 - Controlled Access Protection
Life-cycle assurance - O/B
Access Matrix model
C1 - Discretionary Security Protection
12. Users need to be Identified individually to provide more precise acces control and auditing functionality.
Accountability - Orange Book
Orange Book ratings
C2 - Controlled Access Protection
Its Clearance Label (Top Secret - Secret - or Confidential)
13. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.
Need-to-know
Documentation - Orange Book
B3 - Security Domains
Ring 3
14. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.
Covert channels
Its classification label (Top Secret - Secret or confidential)
The security perimeter
NOT Integrity
15. System Architecture that separates system functionality into Hierarchical layers
Orange Book A
A Layered Operating System Architecure
Dedicated Security Mode
Direct Addressing
16. Security Labels are not required until __________; thus C2 does not require security labels but B1 does
Orange Book - B1
Security rating B
Trusted Network Interpretation (TNI)
Security Policy - Orange Book
17. The Security Model Incorporates the ____________ that should be enforced in the system.
Integrity
The Integrity of data within applications
Security Policy
Subject to Object Model
18. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)
The Thread (memory Management)
The security kernel
Assigned labels
Firmware
19. Commonly referred to as The Big Mess Because of its lack of structure. MS-DOS is an example of a monolithic operation system
Life-cycle assurance - O/B
The Monolithic Operation system Architecture
The security kernel
Security Policy is clearly defined and documented
20. The Biba Model adresses _____________________.
Security mechanisms and evalautes their effectivenes
The reference monitor
Erasable and Programmable Read-Only Memory (EPROM)
The Integrity of data within applications
21. The Biba Model is not concerned with security levels and confidentiality. It uses _________________.
Complex Instruction Set Computers (CISC)
A lattice of Intergrity Levels
Constrained
No read up
22. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
The "No read Up" rule
Accountability - Orange Book
Prohibits
Disclosure of residual data
23. Which can be used as a covert channel?
Storage and timing
The Rule is talking about writing
Trusted Distribution
Administrative declaration
24. What are the components of an object's sensitivity label?
A single classification and a Compartment Set
Simple Integrity Axiom
Division B - Mandatory Protection Architecture
Orange Book - A1
25. A system uses the Reference Monitor to ___________________ of a subject and an object?
Compare the security labels
Security Policy - Orange Book
Swap Space
C2 - Controlled Access Protection
26. A domain of trust that shares a single security policy and single management
The "No read Up" rule
Disclosure of residual data
B2
A security domain
27. B3 is also called "Security Domains" and imposes more granularity in each protection mechanism.
Basic Security Theorem (used in computer science) definition
C2 - Controlled Access Protection
B2
Orange Book - B3
28. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.
C1 - Discrection Security Protection is a type of environment
The Strong star property rule
Orange Book - B2
Security mechanisms and evalautes their effectivenes
29. When the contents of the address defined in the program's instruction is added to that of an index register.
C2
Orange Book A
Sensitivity labels
Indexed addressing
30. An abstract machine which must mediate all access to subjects to objects - be protected from modification - be verifiable as correct - and is always invoked
B1
The "No write Down" Rule
Security rating B
The reference monitor
31. Operating System Kernel
Trusted Network Interpretation (TNI)
Ring 0
Real storage
Labels - Orange Book
32. As per FDA data should be ______________________________.
Sensitivity labels
Attributable - original - accurate - contemporaneous and legible
NOT Integrity
Life-cycle assurance - O/B
33. The total combination of protection mechanisms within a computer system
Enforces the rules
C2 - Controlled Access Protection
Buffer overflows
TCB (Trusted Computing Base)
34. Which is a straightforward approach that provides access rights to subjects for objects?
Trusted Products Evaluation Program (TPEP)
A Limit Register (Memory Management)
Overt channel
Access Matrix model
35. A Policy based control. All objects and systems have a sensitivity level assigned to them
Mandatory Access Control (MAC)
C1
Orange Book - B1
A Domain
36. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
Division B - Mandatory Protection Architecture
Swap Space
Indirect addressing
B3
37. Best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in the system?
Fail safe
Security rating B
Logical addresses
C2 - Controlled Access Protection
38. Execute one instruction at a time.
Scalar processors
Reduced Instruction Set Computers (RISC)
Trusted Products Evaluation Program (TPEP)
B3 - Security Domains
39. The TCB is the ________________ within a computer system that work together to enforce a security policy.
A single classification and a Compartment Set
Totality of protection mechanisms
Attributable data
Highly secure systems (B2 - B3 and A1)
40. The Simple Security rule is refered to as______________.
The "No read Up" rule
The security perimeter
System High Security Mode
Execution Domain
41. To ensure that the Trusted Computing Base is not tampered with during shipment or installation.
A1 - Rating
Mandatory Access Control (MAC)
Firmware
Trusted Distribution
42. The first mathematical model of a multi-level security policy used to define the concept of a secure state - the modes of access - and rules for granting access?
Orange Book B
Labels - Orange Book
Security Policy
Bell-LaPadula Model
43. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
C1 - Discretionary Security Protection
The trustworthiness of an information system
Fail safe
The Red Book
44. An organization within the National Security Agency (NSA) is responsible for Evaluating computer systems and products. The Trusted Product Evaluation program (TPEP) oversees the testing by approved entities of commercial products against a specific s
The National Computer Security Center (NCSC)
C2 - Controlled Access Protection
Orange Book C
*-Integrity Axiom
45. Based on a known address with an offset value applied.
The security perimeter
Clark-Wilson Model
The Trusted Computing Base (TCB)
Relative Addresses
46. Components considered as part of the Trusted Computing Base (from the Orange Book) are?
Trusted hardware - Software and Firmware
Life Cycle Assurance Requirement
TCB (Trusted Computing Base)
The security perimeter
47. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.
Evaluated separately
A single classification and a Compartment Set
The Strong star property rule
Types of covert channels
48. A type of memory used for High-speed writing and reading activities.
Real storage
Identification - Orange Book
A Layered Operating System Architecure
Cache Memory
49. According to the Orange Book - trusted facility management is not required for which security levels?
The Tranqulity principle (The Bell-LaPadula Model)
B1
State machine model
Clark-Wilson
50. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)
*-Integrity Axiom
Identification - Orange Book
The security perimeter
Simple Integrity Axiom
