CISSP (Chapter 4 - Security Architecture and Design)

Question 1

CISSP (Chapter 4 - Security Architecture and Design)

What is the final step in authorizing a system for use in an environment?A. CertificationB. Security evaluation and ratingC. AccreditationD. Verification

Answer 1

C. Certification is a technical review of a product, and accreditation is management’s formal approval of the findings of the certification process. This question asked you which step was the final step in authorizing a system before it is used in an environment, and that is what accreditation is all about.

Question 2

CISSP (Chapter 4 - Security Architecture and Design)

What feature enables code to be executed without the usual security checks?A. Temporal isolationB. Maintenance hookC. Race conditionsD. Process multiplexing

Answer 2

B. Maintenance hooks get around the system’s or application’s security and access control checks by allowing whomever knows the key sequence to access the application and most likely its code. Maintenance hooks should be removed from any code before it gets into production.

Question 3

CISSP (Chapter 4 - Security Architecture and Design)

If a component fails, a system should be designed to do which of the following?A. Change to a protected execution domainB. Change to a problem stateC. Change to a more secure stateD. Release all data held in volatile memory

Answer 3

C. The state machine model dictates that a system should start up securely, carry out secure state transitions, and even fail securely. This means that if the system encounters something it deems unsafe, it should change to a more secure state for self-preservation and protection.

Question 4

CISSP (Chapter 4 - Security Architecture and Design)

Which is the first level of the Orange Book that requires classification labeling of data?A. B3B. B2C. B1D. C2

Answer 4

C. These assurance ratings are from the Orange Book. B levels on up require security labels be used, but the question asks which is the first level to require this. B1 comes before B2 and B3, so it is the correct answer.

Question 5

CISSP (Chapter 4 - Security Architecture and Design)

The Information Technology Security Evaluation Criteria was developed for which of the following?A. International useB. U.S. useC. European useD. Global use

Answer 5

C. In ITSEC, the I does not stand for international; it stands for information. This set of criteria was developed to be used by European countries to evaluate and rate their products.

Question 6

CISSP (Chapter 4 - Security Architecture and Design)

A guard is commonly used with a classified system. What is the main purpose of implementing and using a guard?A. To ensure that less trusted systems only receive acknowledgments and not messagesB. To ensure proper information flowC. To ensure that less trusted and more trusted systems have open architectures and interoperabilityD. To allow multilevel and dedicated mode systems to communicate

Answer 6

B. The guard accepts requests from the less trusted entity, reviews the request to make sure it is allowed, and then submits the request on behalf of the less trusted system. The goal is to ensure that information does not flow from a high security level to a low security level in an unauthorized manner.

Question 7

CISSP (Chapter 4 - Security Architecture and Design)

The trusted computing base (TCB) contains which of the following?A. All trusted processes and software componentsB. All trusted security policies and implementation mechanismsC. All trusted software and design mechanismsD. All trusted software and hardware components

Answer 7

D. The TCB contains and controls all protection mechanisms within the system, whether they are software, hardware, or firmware.

Question 8

CISSP (Chapter 4 - Security Architecture and Design)

What is the imaginary boundary that separates components that maintain security from components that are not security related?A. Reference monitorB. Security kernelC. Security perimeterD. Security policy

Answer 8

C. The security perimeter is a boundary between items that are within the TCB and items that are outside the TCB. It is just a mark of delineation between these two groups of items.

Question 9

CISSP (Chapter 4 - Security Architecture and Design)

Which model deals only with confidentiality?A. Bell-LaPadulaB. Clark-WilsonC. BibaD. Reference monitor

Answer 9

A. The Bell-LaPadula model was developed for the U.S. government with the main goal of keeping sensitive data unreachable to those who were not authorized to access and view it. This was the first mathematical model of a multilevel security policy used to define the concepts of a security state and mode of access and to outline rules of access. The Biba and Clark-Wilson models do not deal with confidentiality, but with integrity instead.

Question 10

CISSP (Chapter 4 - Security Architecture and Design)

What is the best description of a security kernel from a security point of view?A. Reference monitorB. Resource managerC. Memory mapperD. Security perimeter

Answer 10

A. The security kernel is a portion of the operating system’s kernel and enforces the rules outlined in the reference monitor. It is the enforcer of the rules and is invoked each time a subject makes a request to access an object.

Question 11

CISSP (Chapter 4 - Security Architecture and Design)

In secure computing systems, why is there a logical form of separation used between processes?A. Processes are contained within their own security domains so each does not make unauthorized accesses to other processes or their resources.B. Processes are contained within their own security perimeter so they can only access protection levels above them.C. Processes are contained within their own security perimeter so they can only access protection levels equal to them.D. The separation is hardware and not logical in nature.

Answer 11

A. Processes are assigned their own variables, system resources, and memory segments, which make up their domain. This is done so they do not corrupt each other’s data or processing activities.

Question 12

CISSP (Chapter 4 - Security Architecture and Design)

What type of attack is taking place when a higher-level subject writes data to a storage area and a lower-level subject reads it?A. TOC/TOUB. Covert storage attackC. Covert timing attackD. Buffer overflow

Answer 12

B. A covert channel is being used when something is using a resource for communication purposes, and that is not the reason this resource was created. A process can write to some type of shared media or storage place that another process will be able to access. The first process writes to this media, and the second process reads it. This action goes against the security policy of the system.

Question 13

CISSP (Chapter 4 - Security Architecture and Design)

What type of rating is used within the Common Criteria framework?A. PPB. EPLC. EALD. A–D

Answer 13

C. The Common Criteria uses a different assurance rating system than the previously used criteria. It has packages of specifications that must be met for a product to obtain the corresponding rating. These ratings and packages are called Evaluation Assurance Levels (EALs). Once a product achieves any type of rating, customers can view this information on an Evaluated Products List (EPL).

Question 14

CISSP (Chapter 4 - Security Architecture and Design)

Which best describes the *-integrity axiom?A. No write up in the Biba modelB. No read down in the Biba modelC. No write down in the Bell-LaPadula modelD. No read up in the Bell-LaPadula model

Answer 14

A. The *-integrity axiom (or star integrity axiom) indicates that a subject of a lower integrity level cannot write to an object of a higher integrity level. This rule is put into place to protect the integrity of the data that resides at the higher level.

Question 15

CISSP (Chapter 4 - Security Architecture and Design)

Which best describes the simple security rule?A. No write up in the Biba modelB. No read down in the Biba modelC. No write down in the Bell-LaPadula modelD. No read up in the Bell-LaPadula model

Answer 15

D. The simple security rule is implemented to ensure that any subject at a lower security level cannot view data that resides at a higher level. The reason this type of rule is put into place is to protect the confidentiality of the data that resides at the higher level. This rule is used in the Bell-LaPadula model. Remember that if you see “simple” in a rule, it pertains to reading, while * or “star” pertains to writing.

Question 16

CISSP (Chapter 4 - Security Architecture and Design)

Which of the following was the first mathematical model of a multilevel security policy used to define the concepts of a security state and mode of access, and to outline rules of access?A. BibaB. Bell-LaPadulaC. Clark-WilsonD. State machine

Answer 16

B. This is a formal definition of the Bell-LaPadula model, which was created and implemented to protect confidential government and military information.

Question 17

CISSP (Chapter 4 - Security Architecture and Design)

Which of the following is a true statement pertaining to memory addressing?A. The CPU uses absolute addresses. Applications use logical addresses. Relative addresses are based on a known address and an offset value.B. The CPU uses logical addresses. Applications use absolute addresses. Relative addresses are based on a known address and an offset value.C. The CPU uses absolute addresses. Applications use relative addresses. Logical addresses are based on a known address and an offset value.D. The CPU uses absolute addresses. Applications use logical addresses. Absolute addresses are based on a known address and an offset value.

Answer 17

A. The physical memory addresses that the CPU uses are called absolute addresses. The indexed memory addresses that software uses are referred to as logical addresses. A relative address is a logical address which incorporates the correct offset value.

Question 18

CISSP (Chapter 4 - Security Architecture and Design)

Pete is a new security manager at a financial institution that develops its own internal software for specific proprietary functionality. The financial institution has several locations distributed throughout the world and has bought several individual companies over the last ten years, each with its own heterogeneous environment. Since each purchased company had its own unique environment, it has been difficult to develop and deploy internally developed software in an effective manner that meets all the necessary business unit requirements. Which of the following best describes a standard that Pete should ensure the software development team starts to implement so that various business needs can be met?A. ISO/IEC 42010:2007B. Common CriteriaC. ISO/IEC 43010:2007D. ISO/IEC 15408

Answer 18

A. ISO/IEC 42010:2007 is an international standard that outlines specifications for system architecture frameworks and architecture languages. It allows for systems to be developed in a manner that addresses all of the stakeholder’s concerns.

Question 19

CISSP (Chapter 4 - Security Architecture and Design)

Which of the following is an incorrect description pertaining to the common components that make up computer systems?i. General registers are commonly used to hold temporary processing data, while special registers are used to hold process characteristic data as in condition bits.ii. A processer sends a memory address and a “read” request down an address bus and a memory address and “write” request down an I/O bus.iii. Process-to-process communication commonly takes place through memory stacks, which are made up of individually addressed buffer locations.iv. A CPU uses a stack return pointer to keep track of the next instruction sets it needs to process.A. iB. i, iiC. ii, iiiD. ii, iv

Answer 19

D. A processer sends a memory address and a “read” request down an address bus. The system reads data from that memory address and puts the requested data on the data bus. A CPU uses a program counter to keep track of the memory addresses containing the instruction sets it needs to process in sequence. A stack pointer is a component used within memory stack communication processes. An I/O bus is used by a peripheral device.

Question 20

CISSP (Chapter 4 - Security Architecture and Design)

Mark is a security administrator who is responsible for purchasing new computer systems for a co-location facility his company is starting up. The company has several time-sensitive applications that require extensive processing capabilities. The co-location facility is not as large as the main facility, so it can only fit a smaller number of computers, which still must carry the same processing load as the systems in the main building. Which of the following best describes the most important aspects of the products Mark needs to purchase for these purposes?A. Systems must provide symmetric multiprocessing capabilities and virtualized environments.B. Systems must provide asymmetric multiprocessing capabilities and virtualized environments.C. Systems must provide multiprogramming multiprocessing capabilities and virtualized environments.D. Systems must provide multiprogramming multiprocessing capabilities and symmetric multiprocessing environments.

Answer 20

B. When systems provide asymmetric multiprocessing, this means multiple CPUs can be used for processing. Asymmetric indicates the capability of assigning specific applications to one CPU so that they do not have to share computing capabilities with other competing processes, which increases performance. Since a smaller number of computers can fit in the new location, virtualization should be deployed to allow for several different systems to share the same physical computer platforms.

Question 21

CISSP (Chapter 4 - Security Architecture and Design)

Tom is a new security manager who is responsible for reviewing the current software that the company has developed internally. He finds that some of the software is outdated, which causes performance and functionality issues. During his testing procedures he sees that when one program stops functioning, it negatively affects other programs on the same system. He also finds out that as systems run over a period of a month, they start to perform more slowly, but by rebooting the systems this issue goes away. He also notices that the identification, authentication, and authorization steps built into one software package are carried out by individual and distinct software procedures.Which of the following best describes a characteristic of the software that may be causing issues?A. Cooperative multitaskingB. Preemptive multitaskingC. Maskable interrupt useD. Nonmaskable interrupt use

Answer 21

A. Cooperative multitasking means that a developer of an application has to properly code his software to release system resources when the application is finished using them, or the other software running on the system could be negatively affected. In this type of situation an application could be poorly coded and not release system resources, which would negatively affect other software running on the system. In a preemptive multitasking environment, the operating system would have more control of system resource allocation and provide more protection for these types of situations.

Question 22

CISSP (Chapter 4 - Security Architecture and Design)

Tom is a new security manager who is responsible for reviewing the current software that the company has developed internally. He finds that some of the software is outdated, which causes performance and functionality issues. During his testing procedures he sees that when one program stops functioning, it negatively affects other programs on the same system. He also finds out that as systems run over a period of a month, they start to perform more slowly, but by rebooting the systems this issue goes away. He also notices that the identification, authentication, and authorization steps built into one software package are carried out by individual and distinct software procedures.Which of the following best describes why rebooting helps with system performance in the situation described in this scenario?A. Software is not using cache memory properly.B. Software is carrying out too many mode transitions.C. Software is working in ring 0.D. Software is not releasing unused memory

Answer 22

D. When software is poorly written, it could be allocating memory and not properly releasing it. This can affect the performance of the whole system, since all software processes have to share a limited supply of memory. Whena system is rebooted, the memory allocation constructs are reset.

Question 23

CISSP (Chapter 4 - Security Architecture and Design)

Tom is a new security manager who is responsible for reviewing the current software that the company has developed internally. He finds that some of the software is outdated, which causes performance and functionality issues. During his testing procedures he sees that when one program stops functioning, it negatively affects other programs on the same system. He also finds out that as systems run over a period of a month, they start to perform more slowly, but by rebooting the systems this issue goes away. He also notices that the identification, authentication, and authorization steps built into one software package are carried out by individual and distinct software procedures.What security issue is Tom most likely concerned with in this situation?A. Time of check\time of useB. Maintenance hooksC. Input validation errorsD. Unauthorized loaded kernel modules

Answer 23

A. A time-of-check\time-of-use attack takes place when an attacker is able to change an important parameter while the software is carrying out a sequence of steps. If an attacker could manipulate the authentication steps, she could potentially gain access to resources in an unauthorized manner before being properly identified and authenticated.

Question 24

CISSP (Chapter 4 - Security Architecture and Design)

Sarah’s team must build a new operating system for her company’s internal functionality requirements. The system must be able to process data at different classifications levels and allow users of different clearances to be able to interact with only the data that maps to their profile. She is told that the system must provide data hiding, and her boss suggests that her team implement a hybrid microkernel design. Sarah knows that the resulting system must be able to achieve a rating of EAL 6 once it goes through the Common Criteria evaluation process.Which of the following is a required characteristic of the system Sarah’s team must build?A. Multilevel securityB. Dedicated mode capabilityC. Simple security ruleD. Clark-Wilson constructs

Answer 24

A. A multilevel security system allows for data at different classification levels to be processed and allows users with different clearance levels to interact with the system securely.

Question 25

CISSP (Chapter 4 - Security Architecture and Design)

Sarah’s team must build a new operating system for her company’s internal functionality requirements. The system must be able to process data at different classifications levels and allow users of different clearances to be able to interact with only the data that maps to their profile. She is told that the system must provide data hiding, and her boss suggests that her team implement a hybrid microkernel design. Sarah knows that the resulting system must be able to achieve a rating of EAL 6 once it goes through the Common Criteria evaluation process.Which of the following reasons best describes her boss’s suggestion on the kernel design of the new system?A. Hardware layer abstraction for portability capabilityB. Layered functionality structureC. Reduced mode transition requirementsD. Central location of all critical operating system processes

Answer 25

C. A hybrid microkernel architecture means that all kernel processes work within kernel mode, which reduces the amount of mode transitions. The reduction of mode transitions reduces performance issues because the CPU does not have to change from user mode to kernel mode as many times during its operation.

Question 26

CISSP (Chapter 4 - Security Architecture and Design)

Sarah’s team must build a new operating system for her company’s internal functionality requirements. The system must be able to process data at different classifications levels and allow users of different clearances to be able to interact with only the data that maps to their profile. She is told that the system must provide data hiding, and her boss suggests that her team implement a hybrid microkernel design. Sarah knows that the resulting system must be able to achieve a rating of EAL 6 once it goes through the Common Criteria evaluation process.Which of the following is a characteristic that this new system will need to implement?A. MultiprogrammingB. Simple integrity axiomC. Mandatory access controlD. Formal verification

Answer 26

C. Since the new system must achieve a rating of EAL 6, it must implement mandatory access control capabilities. This is an access control model that allows users with different clearances to be able to interact with a system that processes data of different classification levels in a secure manner. The rating of EAL 6 requires semiformally verified design and testing, whereas EAL 7 requires verified design and testing.

Question 27

CISSP (Chapter 4 - Security Architecture and Design)

Sarah’s team must build a new operating system for her company’s internal functionality requirements. The system must be able to process data at different classifications levels and allow users of different clearances to be able to interact with only the data that maps to their profile. She is told that the system must provide data hiding, and her boss suggests that her team implement a hybrid microkernel design. Sarah knows that the resulting system must be able to achieve a rating of EAL 6 once it goes through the Common Criteria evaluation process.Which of the following best describes one of the system requirements outlined in this scenario and how it should be implemented?A. Data hiding should be implemented through memory deallocation.B. Data hiding should be implemented through properly developed interfaces.C. Data hiding should be implemented through a monolithic architecture.D. Data hiding should be implemented through multiprogramming.

Answer 27

B. Data hiding means that certain functionality and/or data is “hidden,” or not available to specific processes. For processes to be able to interact with other processes and system services, they need to be developed with the necessary interfaces that restrict communication flows between processes. Data hiding is a protection mechanism that segregates trusted and untrusted processes from each other through the use of strict software interface design.

Question 28

CISSP (Chapter 4 - Security Architecture and Design)

Steve has found out that the software product that his team submitted for evaluation did not achieve the actual rating they were hoping for. He was confused about this issue since the software passed the necessary certification and accreditation processes before being deployed. Steve was told that the system allows for unauthorized device drivers to be loaded and that there was a key sequence that could be used to bypass the software access control protection mechanisms. Some feedback Steve received from the product testers is that it should implement address space layout randomization and data execution protection.Which of the following best describes Steve’s confusion?A. Certification must happen first before the evaluation process can begin.B. Accreditation is the acceptance from management, which must take place before the evaluation process.C. Evaluation, certification, and accreditation are carried out by different groups with different purposes.D. Evaluation requirements include certification and accreditation components.

Answer 28

C. Evaluation, certification, and accreditation are carried out by different groups with different purposes. Evaluations are carried out by qualified third parties who use specific evaluation criteria (Orange Book, ITSEC, Common Criteria) to assign an assurance rating to a tested product. A certification process is a technical review commonly carried out internally to an organization, and accreditation is management’s formal acceptance that is carried out after the certification process. A system can be certified internally by a company and not pass an evaluation testing process because they are completely different things.

Question 29

CISSP (Chapter 4 - Security Architecture and Design)

Steve has found out that the software product that his team submitted for evaluation did not achieve the actual rating they were hoping for. He was confused about this issue since the software passed the necessary certification and accreditation processes before being deployed. Steve was told that the system allows for unauthorized device drivers to be loaded and that there was a key sequence that could be used to bypass the software access control protection mechanisms. Some feedback Steve received from the product testers is that it should implement address space layout randomization and data execution protection.Which of the following best describes an item the software development team needs to address to ensure that drivers cannot be loaded in an unauthorized manner?A. Improved security kernel processesB. Improved security perimeter processesC. Improved application programming interface processesD. Improved garbage collection processes

Answer 29

A. If device drivers can be loaded improperly, then either the access control rules outlined within the reference monitor need to be improved upon or the current rules need to be better enforced through the security kernel processes. Only authorized subjects should be able to install sensitive software components that run within ring 0 of a system.

Question 30

CISSP (Chapter 4 - Security Architecture and Design)

Steve has found out that the software product that his team submitted for evaluation did not achieve the actual rating they were hoping for. He was confused about this issue since the software passed the necessary certification and accreditation processes before being deployed. Steve was told that the system allows for unauthorized device drivers to be loaded and that there was a key sequence that could be used to bypass the software access control protection mechanisms. Some feedback Steve received from the product testers is that it should implement address space layout randomization and data execution protection.A. Non-protected ROM sectionsB. Vulnerabilities that allowed malicious code to execute in protected memory sectionsC. Lack of a predefined and implemented trusted computing baseD. Lack of a predefined and implemented security kernel

Answer 30

B. If testers suggested to the team that address space layout randomization and data execution protection should be integrated, this is most likely because the system allows for malicious code to easily execute in memory sections that would be dangerous to the system. These are both memory protection approaches.

Question 31

CISSP (Chapter 4 - Security Architecture and Design)

John has been told that one of the applications installed on a web server within the DMZ accepts any length of information that a customer using a web browser inputs into the form the web server provides to collect new customer data. Which of the following describes an issue that John should be aware of pertaining to this type of issue?A. Application is written in the C programming language.B. Application is not carrying out enforcement of the trusted computing base.C. Application is running in ring 3 of a ring-based architecture.D. Application is not interacting with the memory manager properly.

Answer 31

A. The C language is susceptible to buffer overflow attacks because it allows for direct pointer manipulations to take place. Specific commands can provide access to low-level memory addresses without carrying out bounds checking.