SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISSP Security Architecture And Design
Start Test
Study First
Subjects
:
certifications
,
it-skills
,
cissp
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Bell-LaPadula Model - ______________: A subject that has read and write capabilities can only perform those functions at the same security level - nothing higher and nothing lower.
Be protected from modification
B2 - Structured Protection
The Strong star property rule
Isolate processes
2. Which evaluation class of the Trusted Network Interpretation (TNI) offers security domains?
Division D - Minimal Protection
Fail safe
B3
The rule is talking about "Reading"
3. Bell-LaPadula model was proposed for enforcing access control in _____________________.
Invocation Property
Storage and timing
B2 rating
Government and military applications
4. Bell-LaPadula Model -______________: A subject in a given security level can NOT WRITE information to a LOWER security level.
Multiprocessing
Physical security
The *-Property rule (Star property)
Covert channels
5. A is a form of EPROM - but its data storage can be erased and modified electrically by onboard programming circuitry and signals.
Stored in Reak Memory
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
Its classification label (Top Secret - Secret or confidential)
Enforces the rules
6. Bell-LaPadula Model - ____________ : A subject at a given security level can NOT READ data that reside at a higher security level.
Orange Book C
Access Matrix model
Simple Security Rule
State machine model
7. The Biba model (introduced in 1977) - The Sutherland model (published in 1986) - The Brewer-Nash model (published in 1989)
Models concerned with integrity
C1 - Discrection Security Protection is a type of environment
Absolute addresses
A Domain
8. The Bell-LaPadula Model is a _______________.
Subject to Object Model
C2 - Controlled Access Protection
Highly secure systems (B2 - B3 and A1)
Enforces the rules
9. What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?
Labels - Orange Book
D
C2 - Controlled Access Protection
Access Matrix model
10. Documentation must be provided - including test - design - and specification document - user guides and manuals
Fail safe
C2
C2 - Controlled Access Protection
Documentation - Orange Book
11. The Orange book requires protection against two_____________ - which are these Timing and Storage
Types of covert channels
A1 - Rating
The "No write Down" Rule
Relative Addresses
12. Subjects and Objects cannot change their security levels once they have been instantiated (created)
A Limit Register (Memory Management)
The Tranqulity principle (The Bell-LaPadula Model)
Identification - Orange Book
In C2 - Controlled Access Protection environment
13. In which users are processing information at the same sensitivity level; thus - strict access control and auditing measures are not required. It would be a trusted envirnment with low security concerns.
Trusted Network Interpretation (TNI)
The "No read Up" rule
C1 - Discrection Security Protection is a type of environment
Dedicated Security Mode
14. n this class more granularity is provided in each protection mechanism - and the programming code that is not necessary to support the security policy is excluded.
Programmable Read-Only Memory (PROM)
Its Clearance Label (Top Secret - Secret - or Confidential)
Accreditation
B3 - Security Domains
15. Bell-LaPadula - ______________: This rule is based on named subjects and objects. It specifies that specific permissions allow a subject to pass on permissions to pass on permissions at its own discretion. These permissions are stored in an access ma
Accountability - Orange Book
Discretionary Security Property (ds-property)
Most commonly used approach
B3 - Rating
16. What access control technique is also known as multilevel security?
Direct addressing
Mandatory access control
Orange Book A
Indirect addressing
17. The total combination of protection mechanisms within a computer system
TCB (Trusted Computing Base)
Trusted Products Evaluation Program (TPEP)
Execution Domain
Overt channel
18. Certification is a Technical review that assesses the _____________ - where as Accreditation is management's Official acceptance of the information in the Certification process findings.
Invocation Property
Access control to the objects by the subjects
The Security Kernel
Security mechanisms and evalautes their effectivenes
19. In B2 Subjects and devices requre labels and the system must NOT allow ________. No Trapdoors exists.
Highly secure systems (B2 - B3 and A1)
Covert channels
C2
Orange Book - B2
20. The Physical memory address that the CPU uses
Primary storage
security protection mechanisms
Absolute addresses
Virtual Memory
21. This class ("Structured Protection") requires more stringent authentication mechanisms and well-defined interfaces between layers. Subjects and devices require labels and the system must not allow covert channels.
'Dominate'
Life-cycle assurance - O/B
Orange Book - B2
NOT Integrity
22. Access control labels must be associated properly with objects.
D
Pagefile.sys file
The Biba Model
Labels - Orange Book
23. Mediates all access and Functions between subjects and objects.
Continuous protection - O/B
The Biba Model
The Security Kernel
Trusted Products Evaluation Program (TPEP)
24. In an automated system ________________ could be achieved by: A computer system designed to identify individuals responsible for any input.
Direct addressing
attributability
The Red Book
Implement software or systems in a production environment
25. B1 is also called "Labeled Security" and each data object must have a classification label and each subject a clearance label. On each access attempt - the classification and clearance are checked to verify that the access is permissible.
Orange Book - B1
The "No read Up" rule
Dedicated Security Mode
Models concerned with integrity
26. A form of ROM(Read-Only Memory) that can be modified after it has been manufactured. It can only be programmed only one time.
Trusted Products Evaluation Program (TPEP)
Execution Domain
Programmable Read-Only Memory (PROM)
Electrically Erasable and Programmable Read-Only Memory (EEPROM)
27. Includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.
Real storage
Enforces the rules
The Common Criteria
The security perimeter
28. Which describe a condition when RAM and Secondary storage are used together?
Discretionary Security Property (ds-property)
C2
Virtual storage
B1 - Labeled Security rating
29. A ring protection system ________: User mode programs from direct access to peripherals and requires them to make use of services running at more privileged levels.
B3
Direct Addressing
Prohibits
The TCSEC - Aka Orange Book
30. As per FDA data should be ______________________________.
B2 - Structured Protection
A1
Attributable - original - accurate - contemporaneous and legible
Trusted Products Evaluation Program (TPEP)
31. Users need to be Identified individually to provide more precise acces control and auditing functionality.
Be protected from modification
No write down
C2 - Controlled Access Protection
The "No write Down" Rule
32. Discretionary protection
Orange Book C
Primary storage
Dedicated Security Mode
Models concerned with integrity
33. A portion of a process. When the thread is generated - it shares the same domain(resources) as its process.
Disclosure of residual data
Relative Addresses
Scalar processors
A Thread
34. The reference monitor - in accordance with the security policy - ____________ that are made in the access control database.
The trustworthiness of an information system
Controls the checks
Mandatory Access Control (MAC)
Access Matrix model
35. In access control terms - the word "dominate" refers to ___________.
B2
The reference monitor
Higher or equal to access class
B3
36. If an operating system permits executable objects to be used sequentially by multiple users without a refresh of the objects - what security problem is most likely to exist?
The Monolithic Operation system Architecture
Programmable Read-Only Memory (PROM)
Disclosure of residual data
The trustworthiness of an information system
37. The Security Kernel is the Core of The TCB and is the _____________ to building trusted computing systems.
Secondary Storage
Most commonly used approach
No read up
In C2 - Controlled Access Protection environment
38. What does the simple integrity axiom mean in the Biba model?
No read down
The security perimeter
C2
Types of covert channels
39. The reference monitor must mediate all access - _____________ - be verifiable as correct - and must always be invoked.
Be protected from modification
Bell-LaPadula Model
Complex Instruction Set Computers (CISC)
Sensitivity labels
40. The omission of networks and network components in the TCSEC was recognized and addressed in the "Trusted Network Interpretation of the TCSEC" otherwise known as ___________.
Swap Space
The Red Book
The Strong star property rule
Erasable and Programmable Read-Only Memory (EPROM)
41. Security Labels are not required until __________; thus C2 does not require security labels but B1 does
Clark-Wilson
security protection mechanisms
Accreditation
Security rating B
42. The _________________ specified in the Orange Book are: System architecture - System integrity - Covert channel analysis - Trusted facility management and Trusted recovery.
Operational assurance requirements
Overt channel
Sensitivity labels
B1 - Labeled Security rating
43. I/O drivers and utilities
Attributable - original - accurate - contemporaneous and legible
Enforces the rules
Ring 2
Be protected from modification
44. Which addresses a portion of the primary memory by specifying the actual address of the memory location?
Division D - Minimal Protection
Direct Addressing
Orange Book interpretations
Government and military applications
45. Applications and user activity
Ring 3
The Integrity of data within applications
Relative Addresses
Isolate processes
46. For rhe type of environment that processes sensitive data that require a higher degree of security. It requires systems that are relatively resistant to peneration and compromise
Logical addresses
Basic Security Theorem (used in computer science) definition
B2 rating
Virtual storage
47. The C2 evaluation class of the _________________ offers controlled access protection.
A1
Trusted Network Interpretation (TNI)
Sensitivity labels
Most commonly used approach
48. Requires more stringent authentication mechanisms and well-defined interfaces among layers.
Orange Book interpretations
A Layered Operating System Architecure
B2 - Structured Protection
Complex Instruction Set Computers (CISC)
49. Ssoftware that is stored within ROM (Read-Only Memory) - (ROM is nonvolatile)
A Limit Register (Memory Management)
Bell-LaPadula Model
Life-cycle assurance - O/B
Firmware
50. Mandatory access control is enfored by the use of security labels.
Division B - Mandatory Protection
C1 - Discretionary Security Protection
Buffer overflows
C2