[5] CISSP – MCQ – Security Architecture and models

CISSP Multiple Choice Questions MCQ With Answers Techhyme

This article offers you a solid foundation for the Certified Information Systems Security Professional (CISSP) exam. This article is designed for readers and students who want to study for the CISSP certification exam.

The CISSP exam is governed by the International Information Systems Security Certification Consortium, Inc. (ISC)2 organization.

  1. CISSP – MCQ – Security Management Practices
  2. CISSP – MCQ – Access Control Systems
  3. CISSP – MCQ – Telecommunications and Network Security
  4. CISSP – MCQ – Cryptography
  5. CISSP – MCQ – Security Architecture and models
  6. CISSP – MCQ – Operations Security
  7. CISSP – MCQ – Applications and Systems Development
  8. CISSP – MCQ – Business Continuity Planning and Disaster Recovery Planning
  9. CISSP – MCQ – Law, Investigation and Ethics
  10. CISSP – MCQ – Physical Security
  11. CISSP – MCQ – Systems Security Engineering
  12. CISSP – MCQ – Certification and Accreditation
  13. CISSP – MCQ – Technical Management
  14. CISSP – MCQ – U.S. Government Information Assurance (IA) Regulations

(ISC)2 is a global not-for-profit organization. It has four primary mission goals:

  • Maintain the Common Body of Knowledge for the field of information systems security
  • Provide certification for information systems security professionals and practitioners
  • Conduct certification training and administer the certification exams
  • Oversee the ongoing accreditation of qualified certification candidates through continued education

In this article, all the questions are related to “Telecommunications and Network Security” and are as follows:

1) What does the Bell-LaPadula model NOT allow?

  • Subjects to read from a higher level of security relative to their level of security
  • Subjects to read from a lower level of security relative to their level of security
  • Subjects to write to a higher level of security relative to their level of security
  • Subjects to read at their same level of security

2) In the * (star) property of the Bell-LaPadula model:

  • Subjects cannot read from a higher level of security relative to their level of security
  • Subjects cannot read from a lower level of security relative to their level of security.
  • Subjects cannot write to a lower level of security relative to their level of security
  • Subjects cannot read from their same level of security

3) The Clark-Wilson model focuses on data’s:

  • Integrity
  • Confidentiality
  • Availability
  • Format

4) The * (star) property of the Biba model states that:

  • Subjects cannot write to a lower level of integrity relative to their level of integrity.
  • Subjects cannot write to a higher level of integrity relative to their level of integrity.
  • Subjects cannot read from a lower level of integrity relative to their level of integrity.
  • Subjects cannot read from a higher level of integrity relative to their level of integrity.

5) Which of the following does the Clark-wilson model NOT involve?

  • Constrained data items
  • Transformational procedures
  • Confidentiality items
  • Well-formed transactions

6) The Take-Grant model:

  • Focuses on confidentiality
  • Specifies the rights that a subject can transfer to an object
  • Specifies the levels of integrity
  • Specifies the levels of availability

7) The Biba model addresses:

  • Data disclosure
  • Transformation procedures
  • Constrained data items
  • Unauthorized modification of data

8) Mandatory access controls first appear in the Trusted Computer System Evaluation Criteria (TCSEC) at the rating of:

  • D
  • C
  • B
  • A

9) In the access control matrix, the rows are:

  • Access Control Lists (ACLs)
  • Tuples
  • Domains
  • Capability lists

10) What information security model formalizes the U.S. Department of Defense multi-level security policy?

  • Clark-Wilson
  • Stark-Wilson
  • Biba
  • Bell-LaPadula

11) A Trusted computing Base (TCB) is defined as:

  • The total combination of protection mechanisms within a computer system that is trusted to enforce a security policy.
  • The boundary separating the trusted mechanisms from the remainder of the system.
  • A trusted path that permits a user to access resources.
  • A system that employs the necessary hardware and software assurance measures to enable the processing of multiple levels of classified or sensitive information to occur.

12) Memory space insulated from other running processes in a multi-processing system is part of a:

  • Protection domain
  • Security perimeter
  • Least upper bound
  • Constrained data item

13) The boundary separating the TCB from the remainder of the system is called the:

  • Star property
  • Simple security property
  • Discretionary control boundary
  • Security perimeter

14) The system component that enforces access controls on an object is the :

  • Security perimeter
  • Trusted domain
  • Reference monitor
  • Access control matrix

15) Which one of the following is NOT one of the three major parts of the Common Criteria (CC)?

  • Introduction and General Model
  • Security Evaluation Requirements
  • Security Functional Requirements
  • Security Assurance Requirements

16) A computer system that employs the necessary hardware and software assurance measures to enable it to process multiple levels of classified or sensitive information is called a:

  • Closed system
  • Open system
  • Trusted system
  • Safe system

17) For fault-tolerance to operate, a system must be:

  • Capable of detecting and correcting the fault
  • Capable only of detecting the fault
  • Capable of terminating operations in a safe mode
  • Capable of a cold start

18) Which of the following choices describes the four phases of the National Information Assurance Certification and Accreditation Process (NIACAP)?

  • Definition, Verification, Validation, and Confirmation
  • Definition, Verification, Validation, and Post Accreditation
  • Verification, Validation, Authentication, and Post Accreditation
  • Definition, Authentication, Verification, and Post Accreditation

19) In the Common Criteria, an implementation-independent statement of security needs for a set of IT security products that could be built is called as:

  • Security Target (ST)
  • Package
  • Protection Profile (PP)
  • Target of Evaluation (TOE)

20) The termination of selected, non-critical processing when a hardware or software failure occurs and is detected is referred to as:

  • Fail safe
  • Fault tolerant
  • Fail soft
  • An exception

21) Which one of the following is NOT a component of a CC Protection Profile?

  • Target of Evaluation (TOE) description
  • Threats against the product that must be addressed
  • Product-specific security requirements
  • Security objectives

22) Content-dependent control makes access decisions based on:

  • The object’s data
  • The object’s environment
  • The object’s owner
  • The object’s view

23) The term failover refers to:

  • Switching to a duplicate, “hot” backup component
  • Terminating processing in a controlled fashion
  • Resiliency
  • A fail-soft system

24) Primary storage is the:

  • Memory directly addressable by the CPU, which is for storage of instructions and data that are associated with the program being executed
  • Memory, such as magnetic disks, that provides non-volatile storage
  • Memory used in conjunction with real memory to present a CPU with a larger, apparent address space
  • Memory where information must be obtained by sequentially searching from the beginning of the memory space

25) In the Common Criteria, a Protection Profile:

  • Specifies the mandatory protection in the product to be evaluated
  • Is also known as the Target of Evaluation (TOE)
  • Is also known as the Orange Book
  • Specifies the security requirements and protections of the products to be evaluated

26) Context-dependent control uses which of the following to make decisions?

  • Subject or object attributes or environmental characteristics
  • Data
  • Formal models
  • Operating system characteristics

27) The secure path between a user and the Trusted Computing Base (TCB) is called:

  • Trusted distribution
  • Trusted path
  • Trusted facility management
  • The security perimeter

28) In a ring protection system, where is the security kernel usually located?

  • Highest ring number
  • Arbitrarily placed
  • Lowest ring number
  • Middle ring number

29) Increasing performance in a computer by overlapping the steps of different instructions is called:

  • A reduced instruction set computer
  • A complex instruction set computer
  • Vector processing
  • Pipelining

30) Random access memory is:

  • Non-volatile
  • Sequentially addressable
  • Programmed by using fusible links
  • Volatile

31) In the National Information Assurance Certification and Accreditation Process (NIACAP), a type accreditation performs which one of the following functions?

  • Evaluates a major application or general support system
  • Verifies the evolving or modified system’s compliance with the information agreed on in the system Security Authorization Agreement (SSAA)
  • Evaluates an application or system that is distributed to a number of different locations
  • Evaluates the applications and systems at a specific, self-contained location

32) Processes are placed in a ring structure according to:

  • Least privilege
  • Separation of duty
  • Owner classification
  • First in, first out

33) The MULTICS operating system is a classic example of:

  • An open system
  • Object orientation
  • Database security
  • Ring protection system

34) What are the hardware, firmware, and software elements of a Trusted Computing Base (TCB) that implement the reference monitor concept called?

  • The trusted path
  • A security kernel
  • An Operating System (OS)
  • A trusted computing system

Leave a Reply