Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISSP > Domain 3: Security Engineering: Evaluation Methods, Certification, and Accreditation > Flashcards

Domain 3: Security Engineering: Evaluation Methods, Certification, and Accreditation Flashcards

1
Q

TCSEC, ITSEC, and the Common Criteria were designed to answer what questions?

A

When choosing a security product, how do you know which is best?
How do you know a specific vendor’s software will not introduce malicious code?
How do you know how well a software was tested and what the results were?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the Trusted Computer System Evaluation Criteria (TCSEC) also known as?

A

The Orange Book.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the four divisions of protection as described by TCSEC? What are the classes?

A 
D: Minimal Protection
C: Discretionary Protection
 C1: Discretionary Security Protection
 C2: Controlled Access Protection
B: Mandatory Protection
 B1: Labeled Security Protection
 B2: Structured Protection
 B3: Security Domains
A: Verified Protection
 A1: Verified Design
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the TNI / Red Book (Trusted Network Interpretation)?

A

It brings TCSEC concepts to network systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is ITSEC (The European Information Technology Security Evaluation Criteria)?

A

The first successful international evaluation model. It refers to the TCSEC Orange Book levels, separating functionality (F, how well a system works) from assurance (the ability to evaluate the security of a system). There are two types of assurance: effectiveness (Q) and correctness (E).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the International Common Criteria?

A

It is an internationally agreed upon standard for describing and testing the security of IT products.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the Target of Evaluation (ToE)?

A

The system or product being evaluated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the Security Target (ST)?

A

The documentation describing the TOE, including the security requirements and operational environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the Protection Profile?

A

An independent set of security requirements and objectives for a specific category of products or systems, such as firewalls or intrusion detection systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Evaluation Assurance Level (EAL) ?

A

The evaluation score of the tested product or system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Within the Common Criteria, how many levels are there in the EAL? What are they?

A

There are seven:
EAL1: Functionally tested
EAL2: Structurally tested
EAL3: Methodically tested and checked
EAL4: Methodically designed, tested, and reviewed
EAL5: Semi-formally designed and tested
EAL6: Semi-formally verified, designed, and tested
EAL7: Formally verified, designed, and tested

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Regarding the four divisions, which has the highest level of security and which has the lowest?

A

A is the highest security and D is the lowest.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CISSP (20 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions