SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Audit data must be captured and protected to enforce accountability
Accountability - Orange Book
B2 rating
Orange Book interpretations
A single classification and a Compartment Set
2. Accreditation is the authorization by management to _____________________. This authorization may be either provisional or full.
Bell-LaPadula Model
Implement software or systems in a production environment
International Standard 15408
Mandatory access control
3. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
Mandatory access control
Logical addresses
B2 rating
Enforces the rules
4. Execute one instruction at a time.
Government and military applications
Complex Instruction Set Computers (CISC)
Orange Book - B1
Scalar processors
5. The Red Book aka Trusted Network Interpretation (TNI) - provides _________________ for Trusted computer and communications network systems under the areas of assurance requirements
Orange Book interpretations
The National Computer Security Center (NCSC)
A1
Its Clearance Label (Top Secret - Secret - or Confidential)
6. Contains an Address of where the instruction and dara reside that need to be processed.
The Integrity of data within applications
The Security Kernel
The Thread (memory Management)
Need-to-know
7. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.
Real storage
The security perimeter
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Operational assurance requirements
8. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
Ring 2
Trusted hardware - Software and Firmware
Integrity
D
9. Mandatory Access requires that _____________ be attached to all objects.
Sensitivity labels
The Tranqulity principle (The Bell-LaPadula Model)
Types of covert channels
C1 - Discrection Security Protection is a type of environment
10. The reserved hard drive space used to Extend RAM capabilities. Windows system use the pagefile.sys file to reserve this space
Swap Space
Controlling unauthorized downgrading of information
All Mandatory Access Control (MAC) systems
NOT Integrity
11. Which addresses a portion of the primary memory by specifying the actual address of the memory location?
Direct Addressing
Overt channel
Clark-Wilson Model
Security Policy is clearly defined and documented
12. When the RAM and secondary storage are combined the result is __________.
Multitasking
Virtual Memory
Sensitivity labels
In C2 - Controlled Access Protection environment
13. When a computer uses more than one CPU in parallel to execute instructions is known as?
Multiprocessing
Multitasking
Security Policy - Orange Book
Continuous protection - O/B
14. Accreditation is also defined as an ____________________ by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards
Clark-Wilson
Pipelining
Scalar processors
Administrative declaration
15. Security is made up of: System administration - ________ - installation and configuration mechanisms within the environment - and other security issues.
Physical security
B3
Indexed addressing
First evaluation class
16. The assignment of a specific individual to administer the security-related functions of a system.
Invocation Property
Logical addresses
Division B - Mandatory Protection
Trusted facility management
17. In access control terms - the word "dominate" refers to ___________.
Models concerned with integrity
Higher or equal to access class
Covert channels
Files - directories and devices
18. Has two individual assurace ratings. C1 and C2. The Higher the number of assurance rating the greater the protection
Division C - Discretionary Protection
Virtual Memory
Logical addresses
Indirect addressing
19. A domain of trust that shares a single security policy and single management
Totality of protection mechanisms
All Mandatory Access Control (MAC) systems
The reference monitor
A security domain
20. All users have a clearance for and a formal need to know about - all data processed with the system.
Basic Security Theorem (used in computer science) definition
Isolate processes
Dedicated Security Mode
Types of covert channels
21. The Security Model Incorporates the ____________ that should be enforced in the system.
Indirect addressing
Security Policy
Security mechanisms and evalautes their effectivenes
Orange Book - B1
22. The *-Property rule is refered to as ____________.
C1 - Discrection Security Protection is a type of environment
Multilevel Security Policies
Implement software or systems in a production environment
The "No write Down" Rule
23. When a portion of primary memory is accessed by specifying the actual address of the memory location
Orange Book - A1
The security kernel
A Layered Operating System Architecure
Direct addressing
24. The Indexed memory addresses that software uses
C1 - Discretionary Security Protection
Logical addresses
Absolute addresses
The Monolithic Operation system Architecture
25. Ensuring thta information does not flow from a higher security lever to a lower level in the Bell-LaPadula Model is referred to as ___________________ - which would take place through a "write down" operation. (An actual compromise occurs if and when
Controls the checks
Division B - Mandatory Protection Architecture
Storage and timing
Controlling unauthorized downgrading of information
26. Which would be designated as objects on a MAC system?
Storage and timing
Files - directories and devices
Security Policy is clearly defined and documented
C1 - Discrection Security Protection is a type of environment
27. Which is an ISO standard product evaluation criteria that supersedes several different criteria
The Common Criteria
The Red Book
Reduced Instruction Set Computers (RISC)
Firmware
28. The reference monitor is an access control concept - Referring to ________________ that mediates all accesses to objects by subjects based on information in an access control database.
Clark-Wilson
The trustworthiness of an information system
An abstract machine
C2 - Controlled Access Protection
29. A logical form of separation used by secure computing systems - Processes are _____________ so that each cannot access objects outside its permitted domain
TCB (Trusted Computing Base)
Constrained
The National Computer Security Center (NCSC)
Real storage
30. Discretionary access control is based on individuals and/or groups. It requires a separation of users and information and identification and authentication of individual entities
Trusted Distribution
Erasable and Programmable Read-Only Memory (EPROM)
Files - directories and devices
C1 - Discretionary Security Protection
31. In both the Bell-LaPadula and Biba Models if the word "Simple is used ______________.
B1 - Labeled Security
Discretionary Security Property (ds-property)
The Common Criteria
The rule is talking about "Reading"
32. Which uses Protection Profiles and Security Targets?
Controls the checks
All Mandatory Access Control (MAC) systems
International Standard 15408
C2 - Controlled Access Protection
33. According to the Orange Book - trusted facility management is not required for which security levels?
The trustworthiness of an information system
Orange Book - B1
B1
Models concerned with integrity
34. The Biba Model adresses _____________________.
The Integrity of data within applications
TCB (Trusted Computing Base)
Programmable Read-Only Memory (PROM)
Secondary Storage
35. The Biba Model - ______________: A Subject cannot write data to an object at a higher integrity level (No write Up)
No write down
*-Integrity Axiom
All Mandatory Access Control (MAC) systems
The Biba Model
36. What does the simple integrity axiom mean in the Biba model?
The Tranqulity principle (The Bell-LaPadula Model)
Orange Book B
Access control to the objects by the subjects
No read down
37. The security kernel is the mechanism that _____________ of the reference monitor concept.
Assigned labels
Orange Book - D
A Layered Operating System Architecure
Enforces the rules
38. A set of objects that a subject is able to access
The Biba Model
Orange Book C
The National Computer Security Center (NCSC)
A Domain
39. Documentation must be provided - including test - design - and specification document - user guides and manuals
A Layered Operating System Architecure
Covert channels
Documentation - Orange Book
The "No write Down" Rule
40. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)
Operational assurance requirements
The Trusted Computing Base (TCB)
Firmware
Orange Book B
41. The Bell-LaPadula Model is a _______________.
C1 - Discrection Security Protection is a type of environment
Subject to Object Model
The Red Book
Orange Book interpretations
42. In both the Bell-LaPadula and Biba Models if the word "* or Star is used - _______________.
Highly secure systems (B2 - B3 and A1)
The Rule is talking about writing
Orange Book B
Simple Security Rule
43. Based on the Bell-LaPadula Security model - and evidence of reference monitor enforcement must be available.
Identification - Orange Book
Division B - Mandatory Protection Architecture
International Standard 15408
Prevent secret information from being accessed
44. Applications and user activity
Protection Rings Support
Ring 3
Absolute addresses
Discretionary Security Property (ds-property)
45. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
Trusted Network Interpretation (TNI)
B3 - Security Domains
Bell-LaPadula Model
Implement software or systems in a production environment
46. Based on a known address with an offset value applied.
Relative Addresses
The Evaluated Products List (EPL) with their corresponding rating
A1
Invocation Property
47. The biggest difference between System High Security Mode and Dedicated Security Mode is: ______.
Operational assurance requirements
Need-to-know
C2 - Controlled Access Protection
The National Computer Security Center (NCSC)
48. For a subject to have read access to an object in a Multi-Level Security Policy - it is necessary that the subject's sensitivity label must ____________________.
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
49. The process of Evaluating the security stance of the software or system against a selected set of standards or policies. This may precede accreditation but is not a required precursor.
Certification
The "No write Down" Rule
Implement software or systems in a production environment
Discretionary Security Property (ds-property)
50. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.
B1 - Labeled Security rating
Orange Book - B2
Division B - Mandatory Protection Architecture
Attributable data
