Card Set Information

2014-01-23 21:19:31
Study Guide

CISSP - Security Architecture Design
Show Answers:

  1. Simple Security Property, Star Security Property, and Strong Star Property are all properties of which model?
    Bell LaPadula
  2. This model formed the basis forTCSEC (the Orange Book)
  3. BLP is an informational flow model because it isconcerned with data flowing between levels

    true or false
  4. Which property allows you to have read capability, you can read data at your level of secrecy and the level below it, but you cannot read data at a higher layer of secrecy?
    Simple Security Property
  5. Which property allows you to write data at your level of secrecy, you can write your secret data to a higher layer of secrecy without compromising the secrecy of the data, but you must not write your secret data to a lower layer of secrecy?
    Star Property
  6. Which property allows you to have both read and write capabilities, you are restricted to read and write your data at your level of secrecy, but you cannot read and write to levels of higher or lower secrecy.
    • Strong Star Property
    • (Constrained/Tranquility)
  7. What are the three fundamental modes of access for BLP?
    Read only, write only, or read and write.
  8. Which models are also Lattice-Based?
    • BLP
    • Biba
  9. Which models are also State Machine models?
    • BLP
    • Biba
  10. Which model is designed to prevent conflicts of interests?
    Brewer Nash
  11. This policy defines the rules for separation anddevelops a set of rules over time. The rules change as the users makedecisions that cause conflicts of interest.
    Chinese Wall Security Policy
  12. This model was published in 1977.
  13. Which model addresses first goal of integrity?
  14. What are the three goals of integrity?
    Preventing unauthorized users from making modifications.

    Preventing authorized users from making improper modifications. 

    Maintaining internal and external consistency.
  15. Which model addresses all three goals of integrity?
    Clark Wilson
  16. Which proprty allows you to have read capability, you can read data at your level of accuracy as well as at a higher layer of accuracy, but you cannot read in data from a lower layer of accuracy?
    Simple Integrity Property
  17. Which property allows you to have write capability, you can write data at your level of accuracy as well as to the level below it, but you cannot write your data to a higher layer of accuracy
    Star Integrity Property
  18. Which property prevents a user from taking advantage of the powers of a more privileged user.
    Invocation Property
  19. This relationship forces a user making a change todata to comply with the restrictions built into the program, therebypreventing user error or intentional inappropriate manipulation of thedata.
    Access Triple
  20. This defines the relationship between subjects and objects.
    Access Tuple
  21. Which type of memory is volitile?
  22. Which type of memory is non-volitile
  23. Which type of software is permanently (or semi-permanently) embedded in hardware and typically provides low-level services and/or control of hardware.
  24. Which hardware component controls primary processing, interaction with peripheral devices, organization of memory, and control over networkin goperations
  25. Which memory component is directly accessible by the CPU and with the highest response speed.
    Primary Storage
  26. This memory component is the very fast memory directly on the CPU chip body. 
  27. Which memory componet is the main memory of the system and is provided through chips inserted into slots on the motherboard.
  28. Which software component provides the security functionality and control necessary to ensure that resources and operations execute correctly without overwriting each other, accessing the wrong areas or resources, and maintaining a log ofthe errors and activities on the system.
  29. Which software component represents all the security functionality of the operating system.
  30. Which system architecture uses standard interfaces and support standardization protocols. 
    Open Systems
  31. This system architecture uses proprietary interfaces, and implementations were customized for a specific application’s environments
    Closed System
  32. Which system architecture is only used for a single purpose.
    Dedicated System
  33. Which system architecture refers to a system where a central server, or group of servers, provides service (data storage, processing, networking, etc.) to a user who accesses the server through a network.
    Client Server
  34. Which process isolation method does not have an interface with a process at a different layer, it cannot communicate and will, therefore, not have access to the data on the different layer. It can prevent unauthorized disclosure or threats to integrity.
    Data Hiding
  35. Which system object includes the hardware, firmware, and software elements of a trusted computing base (TCB) that implement the reference monitor
    Security Kernel
  36. This is an active entity, that include users, programs, processes, logon identifiers.
  37. Which entity is passive and includes files, programs, instructions, data, and hardware.
  38. Which rainbow series book applies security concepts to networks and books dealing with passwords, access control, andphysical security, to name a few.