CH 14 - Security Architecture & Design Flashcards
Which of the security triad properties does the Biba security model relate to?
A. Confidentiality
B. Integrity
C. Availability
D. All of them
B.
Integrity
How many tiers are there in an n‐tier application design?
A. Two
B. Three
C. Four
D. Depends on the application
D.
Depends on the application
What type of database may JSON be most likely to represent?
A. Relational
B. SQL
C. Key‐value
D. Document‐based
C.
Key‐value
How many functions are specified by NIST’s cybersecurity framework?
A. None
B. Three
C. Five
D. Four
C.
Five
How many steps are there in the ISO 27001 cycle?
A. Two
B. Three
C. Four
D. Five
C.
Four
What is the highest level of classification used by the U.S. government?
A. Top secret
B. Confidential
C. Restricted
D. Eyes only
A.
Top secret
Which of these is microservices a specific implementation of?
A. Service object architecture
B. Micro Channel architecture
C. Microservices architecture
D. Service‐oriented architecture
D.
Service‐oriented architecture
What is an application referred to if it is only using AWS Lambda functions?
A. Service‐oriented
B. Virtualized
C. Serverless
D. Infrastructure as a service
C.
Serverless
What does the Clark–Wilson model use to refer to objects?
A. UTI and CDI
B. CDI and CTI
C. UDI and CDI
D. UTI and UDI
C.
UDI and CDI
What type of application virtualization would you use without going all the way to using a hypervisor?
A. Emulation
B. AWS
C. Paravirtualization
D. Containers
D.
Containers
What is the first function specified by NIST in its Cybersecurity Framework?
A. Identify
B. Protect
C. Risk management
D. Defend
A.
Identify
What is a common middle tier in an n‐tier application design?
A. Web server
B. Database server
C. Logic server
D. Application server
D.
Application server
What is a common open source relational database server that may be used in web applications?
A. MongoDB
B. MySQL
C. SQL
D. Oracle
B.
MySQL
Which of the following is true about the Bell–LaPadula Simple Security Property?
A. A subject cannot write up to an object.
B. A subject cannot write down to an object.
C. A subject cannot read up to an object.
D. A subject cannot read down to an object.
C.
A subject cannot read up to an object.
What are the phases of the ISO 27001 cycle?
A. Plan, Identify, Act, Detect
B. Plan, Detect, Act, Do
C. Act, Do, Identify, Play
D. Plan, Do, Check, Act
D.
Plan, Do, Check, Act