Chapter 8 Flashcards

1
Q

What type of exception handling technique tries handle errors in an application?

A

Try…Catch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What term describes where a system is allowed to continue operations after a component fails.

A

Fail-Soft

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What term describes that when a system fails, it will revert to a state that protects the health and safety of people.

A

Fail-Safe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What term describes prioritizing the physical security of assets over anything else ?

A

Fail-Secure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What describes allowing a process to read from and write only to certain memory locations?

A

Confinement/Sandboxing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is responsible for ensuring a system behaves properly and is the combination of hardware, software, and components that work together to enforce security policies.

A

TCB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a channel that allows communication between the TCB and system without exposing the TCB to Security exploitations.

A

Trusted Paths

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What allows a subject from being able to break out of isolation to affect the TCB and allows a subject to perform command line ops without risk to the TCB.

A

Trusted Shell

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What describes a system that is always secure no matter what state it’s in ?

A

State Machine Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a table of subjects and objects that indicates the actions that each subject can perform on each object.

A

ACM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What Bell-LaPadula property states that a subject may not read information at a higher security level ?

A

Simple Security Property

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What Bell-LaPadula property states that a subject may not write information to an object at a lower level ?

A

Star Security Property

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What Bell-LaPadula property states that the system uses an access matrix to enforce discretionary access controls?

A

Discretionary Security Property

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What model is based on the information flow model and focuses on integrity.

A

Biba Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What Biba model property states that a subject cannot read an object at a lower security level ?

A

Simple Security Property

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What Biba model property states that a subject cannot modify an object at a higher security level ?

A

Star Security Model

17
Q

What model focuses on integrity and uses a three part relationship of subject/programs/objects?

A

Clark-Wilson Model

18
Q

What model applies to a single integrated database, and creates security domains that are sensitive to the notion of conflict of interest ?

A

Brewer and Nash Model

19
Q

What model permits access controls to change dynamically based on the user’s previous activity ?

A

Brewer and Nash Model

20
Q

What model is where subjects are allowed to only perform predetermined actions against predetermined objects?

A

Goguen–Meseguer Model

21
Q

What model is based on automation theory and domain separation ?

A

Goguen–Meseguer Model

22
Q

What model is based on the idea of defining a set of system states, initial states, and state transitions?

A

Sutherland Model

23
Q

What model is focused on the secure creation and deletion of both subjects and objects?

A

Graham-Denning Model

24
Q

What model is an extension of the Graham-Denning model?

A

HRU Model

25
Q

What focuses on the assignment of object access rights to subjects as well as the resilience of those assigned rights?

A

HRU Model

26
Q

What are the two key elements of the common criteria?

A

Protection Profiles
Security Targets

27
Q

What element of the common criteria specified the “I Want” from a customer ?

A

Protection Profiles

28
Q

What element of the common criteria specifies the “I Will” from the vendor ?

A

Security Targets

29
Q

What EAL level is when some confidence in correct operation is required but where threats to security is not serious ?

A

EAL1 / Functionally Tested

30
Q

What EAL level is when delivery of design information and test results are in keeping with good commercial practices.

A

EAL 2 / Structurally Tested

31
Q

What EAL level is when security engineering begins at the design stage and is carried through without substantial subsequent alteration.

A

EAL 3 / Methodically Tested and Checked

32
Q

What EAL level is when rigorous positive security engineering and good commercial development practices are used ?

A

EAL 4 / Methodically Designed, Tested, and Reviewed

33
Q

What EAL level uses rigorous security engineering and commercial development practices, including specialist security engineering techniques, for semi-formal testing.

A

EAL 5 / Semi-Formally Designed and Tested

34
Q

What EAL level uses direct, rigorous security engineering techniques at all phases of design, development, and testing to produce a premium TOE.

A

EAL 6 / Semi-Formally Verified, Designed, and Tested

35
Q

What EAL level is used only for highest-risk situations or where high value assets are involved?

A

EAL 7 / Formally Verified, Designed, and Tested

36
Q

What authorization decision does an AO give when a security control is inherited from another provider?

A

Common Control Authorization

37
Q

What authorization does an AO give when a third-party provider provides an IT/IS servers that are deemed to have risk at an acceptable level ?

A

Authorization to Use