CISSP (Chapter 4 - Security Architecture and Design) Flashcards
What is the final step in authorizing a system for use in an environment? A. Certification B. Security evaluation and rating C. Accreditation D. Verification
C. Certification is a technical review of a product, and accreditation is management’s formal approval of the findings of the certification process. This question asked you which step was the final step in authorizing a system before it is used in an environment, and that is what accreditation is all about.
What feature enables code to be executed without the usual security checks? A. Temporal isolation B. Maintenance hook C. Race conditions D. Process multiplexing
B. Maintenance hooks get around the system’s or application’s security and access control checks by allowing whomever knows the key sequence to access the application and most likely its code. Maintenance hooks should be removed from any code before it gets into production.
If a component fails, a system should be designed to do which of the following?
A. Change to a protected execution domain
B. Change to a problem state
C. Change to a more secure state
D. Release all data held in volatile memory
C. The state machine model dictates that a system should start up securely, carry out secure state transitions, and even fail securely. This means that if the system encounters something it deems unsafe, it should change to a more secure state for self-preservation and protection.
Which is the first level of the Orange Book that requires classification labeling of data? A. B3 B. B2 C. B1 D. C2
C. These assurance ratings are from the Orange Book. B levels on up require security labels be used, but the question asks which is the first level to require this. B1 comes before B2 and B3, so it is the correct answer.
The Information Technology Security Evaluation Criteria was developed for which of the following? A. International use B. U.S. use C. European use D. Global use
C. In ITSEC, the I does not stand for international; it stands for information. This set of criteria was developed to be used by European countries to evaluate and rate their products.
A guard is commonly used with a classified system. What is the main purpose of implementing and using a guard?
A. To ensure that less trusted systems only receive acknowledgments and not messages
B. To ensure proper information flow
C. To ensure that less trusted and more trusted systems have open architectures and interoperability
D. To allow multilevel and dedicated mode systems to communicate
B. The guard accepts requests from the less trusted entity, reviews the request to make sure it is allowed, and then submits the request on behalf of the less trusted system. The goal is to ensure that information does not flow from a high security level to a low security level in an unauthorized manner.
The trusted computing base (TCB) contains which of the following?
A. All trusted processes and software components
B. All trusted security policies and implementation mechanisms
C. All trusted software and design mechanisms
D. All trusted software and hardware components
D. The TCB contains and controls all protection mechanisms within the system, whether they are software, hardware, or firmware.
What is the imaginary boundary that separates components that maintain security from components that are not security related? A. Reference monitor B. Security kernel C. Security perimeter D. Security policy
C. The security perimeter is a boundary between items that are within the TCB and items that are outside the TCB. It is just a mark of delineation between these two groups of items.
Which model deals only with confidentiality? A. Bell-LaPadula B. Clark-Wilson C. Biba D. Reference monitor
A. The Bell-LaPadula model was developed for the U.S. government with the main goal of keeping sensitive data unreachable to those who were not authorized to access and view it. This was the first mathematical model of a multilevel security policy used to define the concepts of a security state and mode of access and to outline rules of access. The Biba and Clark-Wilson models do not deal with confidentiality, but with integrity instead.
What is the best description of a security kernel from a security point of view? A. Reference monitor B. Resource manager C. Memory mapper D. Security perimeter
A. The security kernel is a portion of the operating system’s kernel and enforces the rules outlined in the reference monitor. It is the enforcer of the rules and is invoked each time a subject makes a request to access an object.
In secure computing systems, why is there a logical form of separation used between processes?
A. Processes are contained within their own security domains so each does not make unauthorized accesses to other processes or their resources.
B. Processes are contained within their own security perimeter so they can only access protection levels above them.
C. Processes are contained within their own security perimeter so they can only access protection levels equal to them.
D. The separation is hardware and not logical in nature.
A. Processes are assigned their own variables, system resources, and memory segments, which make up their domain. This is done so they do not corrupt each other’s data or processing activities.
What type of attack is taking place when a higher-level subject writes data to a storage area and a lower-level subject reads it? A. TOC/TOU B. Covert storage attack C. Covert timing attack D. Buffer overflow
B. A covert channel is being used when something is using a resource for communication purposes, and that is not the reason this resource was created. A process can write to some type of shared media or storage place that another process will be able to access. The first process writes to this media, and the second process reads it. This action goes against the security policy of the system.
What type of rating is used within the Common Criteria framework? A. PP B. EPL C. EAL D. A–D
C. The Common Criteria uses a different assurance rating system than the previously used criteria. It has packages of specifications that must be met for a product to obtain the corresponding rating. These ratings and packages are called Evaluation Assurance Levels (EALs). Once a product achieves any type of rating, customers can view this information on an Evaluated Products List (EPL).
Which best describes the *-integrity axiom?
A. No write up in the Biba model
B. No read down in the Biba model
C. No write down in the Bell-LaPadula model
D. No read up in the Bell-LaPadula model
A. The *-integrity axiom (or star integrity axiom) indicates that a subject of a lower integrity level cannot write to an object of a higher integrity level. This rule is put into place to protect the integrity of the data that resides at the higher level.
Which best describes the simple security rule?
A. No write up in the Biba model
B. No read down in the Biba model
C. No write down in the Bell-LaPadula model
D. No read up in the Bell-LaPadula model
D. The simple security rule is implemented to ensure that any subject at a lower security level cannot view data that resides at a higher level. The reason this type of rule is put into place is to protect the confidentiality of the data that resides at the higher level. This rule is used in the Bell-LaPadula model. Remember that if you see “simple” in a rule, it pertains to reading, while * or “star” pertains to writing.