Domain 6 - Security Architecture and Design

Question 1

21. Which of the following is not a function of the System Resource Manager as pertaining to Systems Architecture?

a. It allocates CPU
b. It allocates main storage
c. It allocates input/output devices to user programs
d. It allocates user group memberships

Answer 1

Explanation: Answer d is correct, as this is human administrator function and not one performed by the Operating System. Answers a, b and c are a valid functions and are therefore incorrect.

Question 2

25. Which of the following storage mediums is regarded as the most secure against unauthorized erasure?

a. Floppy Disks
b. Virtual Memory
c. Optical Disks
d. On-board Hard Disks

Answer 2

Explanation: Answer c is correct since optical disks cannot be erased. Answer a is incorrect since floppy disks are erasable at any time. Answer b is incorrect as virtual memory is volatile. Answer d is incorrect because hard disk erase protection is achieved through system control not by the medium itself.

Question 3

47. The protection mechanisms within a computing system that collectively enforce security policy are known as the TCB. What does this acronym represent?

a. Terminal Connection Board
b. Trusted Computing Base
c. Trusted Connection Boundary
d. Trusted Cipher Base

Answer 3

Explanation: Answer b is the correct answer. Answers a, c and d are simply fictitious terms and are therefore incorrect.

Question 4

52. Which of the following best describes the security provided by process isolation in distinct address space?

a. It ensures processes running concurrently will not interfere with each other by accident or design
b. It ensures that every process executed has a unique address in memory
c. It ensures a computer user can access only one process at a time
d. It ensures that an executing process cannot communicate with any other process

Answer 4

Explanation: Answer a is correct since process isolation ensures processes cannot affect instructions by writing to each other’s memory. Answer b is a reasonable definition of Process Isolation but doesn’t explain its benefit. Answer c is a false statement. Answer d is a false statement.

Question 5

70. Which Operating System Utility interprets source code without producing an object program available for security audit?

a. Print monitor
b. Interpreter
c. Symbolic addresses
d. Compiler

Answer 5

Explanation: Answer b is correct. Answers a and c do not interpret source code. Answer d interprets source code but produces an auditable object.

Question 6

73. Pertaining to Systems Architecture the process of controlling subject access to system resources is?

a. Software mediation
b. Hardware mediation
c. Software isolation
d. Hardware isolation

Answer 6

Explanation: Answer a is the correct answer. Answer b is an invented term”. Answer c is the process of separating subjects and objects. Answer d is the process of isolating trusted parts of the system from untrusted.

Question 7

101. Which of the following is not a defined mode of access in the Bell-LaPadula model?

a. Read only
b. Write only
c. Read and Write
d. Execute

Answer 7

Explanation: Answer d is correct because Bell LaPadula has only three modes as in a, b, and c above. Answers a, b and c are valid and are therefore incorrect.

Question 8

106. The acronym ITSEC represents

a. Information Technology Security Evaluation Criteria
b. Information Transfer Systems Evaluation Criteria
c. Internationally Tested Security Evaluation Certificate
d. Information Technology Systems Evaluation Certificate

Answer 8

Explanation: Answer a is the correct answer. Answers b, c and d are merely fictitious terms.

Question 9

112. Which of the following is a major component of the Common Criteria Standard?

a. User Profile
b. Protection Profile
c. Desktop Profile
d. Network Profile

Answer 9

Explanation: Answers a and c are system specific. Answer b is correct. Answer d is a fictitious term.

Question 10

132. Under ITSEC evaluation, what assurance class represents inadequate assurance that the target of evaluation has met its requirements?

a. E0
b. E1
c. E2
d. E3

Answer 10

Explanation: Answer a is the correct answer. Answer b meets requirements to the minimum assurance level. Answer c meets requirements to a higher assurance level. Answer d meets requirements to a higher assurance level

Question 11

138. Which of the following applies to the notion of a specific security policy maintaining a “Secure State” as defined by Bell-LaPadula

a. The policy must define the hierarchy of integrity levels
b. The policy must prevent unauthorized users from making modifications
c. The policy must define logging of subject activity
d. The policy must define the permitted modes of access between subjects and objects

Answer 11

Explanation: Answer d is the correct answer. Answer a Relates to integrity – Bell LaPadula relates to confidentiality. Answer b Relates to integrity – Bell LaPadula relates to confidentiality. Answer c is not contained within the Bell La-Padula model.

Question 12

141. Which of the following is not one of the three integrity goals addressed by the Clark-Wilson model?

a. Prevent unauthorized users from making modifications
b. Prevent unauthorized users from viewing classified objects
c. Prevent authorized users from making improper modifications
d. Maintain internal and external consistency

Answer 12

Explanation: Answer a is a valid integrity goal under the model. Answer b is correct because it is a goal of confidentiality. Answer c is a valid integrity goal under the model. Answer d is a valid integrity goal under the model.

Question 13

150. Within an Access Control Model, the “Subject” is?

a. The entity which performs an action
b. The entity which is acted upon
c. The user account
d. The program

Answer 13

Explanation: Answer a is the correct answer. Answer b is the object. Answer c may be true but subjects are not limited to user entities. Answer d may be true but subjects are not limited to program entities

Question 14

174. Which of the following represents a Star Property in the Bell-LaPadula model?

a. Subject cannot read upwards to an object of higher secrecy classification
b. Subject cannot write upwards to an object of higher secrecy classification
c. Subject cannot write downwards to an object of lower secrecy classification
d. Subject cannot read or write upwards or downwards to an object outside of their own secrecy classification

Answer 14

Explanation: Answer a would represent a “Simple Security Property”. Answer b would represent a “Strong Star Property”. Answer c is correct – “No Write Down”. Answer d would represent a “Strong Star Property”

Question 15

191. Which of the following best describes the principle of hardware segmentation as it relates to systems architecture?

a. Machines are stored in different physical locations
b. Disks are split into multiple logical drive letters
c. Virtual memory is divided into segments
d. Computers are given unique IP addresses

Answer 15

Explanation: Answer a is not relevant to operating systems architecture. Answer b is not relevant to operating systems architecture. Answer c is the correct answer since user processes cannot access segments restricted to system use. Answer d is not relevant to operating systems architecture.

Question 16

202. Mandatory Access Control relates to which of the following?

a. Permanent and irreversible access rules defined within an operating system
b. Controls defined by the security administrator or within his/her policy which are classified as mandatory
c. Control capability defined within an operating system which the security administrator or his/her policy may opt to utilize
d. Controls enforced by the Reference Monitor

Answer 16

Explanation: Answer a is correct –controls are built-in and cannot be over-ridden. Answer b is incorrect because Mandatory controls must be hard coded into the operating system, not defined by user policy. Answer c is Discretionary Access Control. Answer d is incorrect because both discretionary and mandatory access controls are enforced within a system by the reference monitor.

Question 17

205. “Processes have no more privilege than is required to perform authorized functions” is a definition of which System Architecture Principle?

a. Enforcement of greatest access
b. Execution of lowest rights
c. Implementation of highest privilege
d. Enforcement of least privilege

Answer 17

Explanation: Answer a is the opposite of the correct answer. Answer b is the correct principle but using the wrong terminology. Answer c is the opposite of the correct answer. Answer d is the correct principle using the documented terminology.

Question 18

206. What class of Common Criteria protection profile enforces non-discretionary Integrity and Confidentiality?

a. CS1
b. CS1+
c. CS2
d. CS3

Answer 18

Explanation: Answer d is the correct answer. Answer a has discretionary Integrity and Confidentiality controls. Answer b has discretionary Integrity and Confidentiality controls. Answer c has discretionary Integrity and Confidentiality controls.

Question 19

208. Which of the following ITSEC functionality and assurance class ratings corresponds most closely to a C2 rating under TCSEC criteria?

a. F-B3, E6
b. F-B3, E5
c. F-C2, E2
d. F-C1, E1

Answer 19

Explanation: Answer a – the E assurance level is not relevant so FB3 roughly equates to B3. Answer b – the E assurance level is not relevant so FB3 roughly equates to B3. Answer c is correct. D– the E assurance level is not relevant so FC1 roughly equates to C1.

Question 20

209. The information flow model is also known as:

a. The noninterference model.
a. The lattice-based access control model.
b. The risk-acceptance model.
c. The discrete model.

Answer 20

Explanation: Answer b is correct. The lattice-based access control model was established in 1976 by Dorothy Denning, and refers to business process flow and identification as opposed to specific access controls. Answer a is incorrect, as it is an alternative model. Answers c and d are intentionally misleading answers and have no relevance.

Question 21

212. Which of the following represents a Simple Security Property in the Bell-LaPadula model?

a. Subject cannot read upwards to an object of higher secrecy classification
b. Subject cannot read downwards to an object of lower secrecy classification
c. Subject cannot write upwards to an object of higher secrecy classification
d. Subject cannot write downwards to an object of lower secrecy classification

Answer 21

Explanation: Answer a is correct – “No Read Up”. Answer b would represent a “Strong Star Property”. Answer c would represent a “Strong Star Property”. Answer d would represent a “Star Property”.

Question 22

227. “Secondary Storage” as it relates to systems architecture is?

a. Memory directly accessible to the CPU
b. Extending apparent size of RAM by using part of the hard disk
c. A storage location in memory with direct access to peripherals
d. A non-volatile medium to store data even after power-off

Answer 22

Explanation: Answer a is “Primary Storage”. Answer b is “Virtual Storage”. Answer c is “Real Storage”. Answer d is correct (e.g., a disk drive).

Question 23

231. Which of the following is not an attribute of an Open System?

a. It provides a standard interface
b. It provides a non-standard interface
c. It permits interoperability with other systems
d. It permits use of non-proprietary languages

Answer 23

Explanation: Answer a is an attribute of an Open System. Answer b is correct – it is a feature of a Closed System”. Answer c is an attribute of an Open System. Answer d is an attribute of an Open System.

Question 24

240. A “Single State” computer?

a. Simultaneously processes data of two or more security levels
b. Executes only non-privileged instructions
c. Processes data of a single security level at one time
d. Contains data of only one security level or classification

Answer 24

Explanation: Answer c is correct. Answer a is Multi-state computer. Answer b is a feature of Problem State. Answer d may be true but refers to the stored contents not the state of operation.

Question 25

241. “Sequential Memory” as it relates to systems architecture can be defined as?

a. Virtual memory that can be addressed by a process
b. Memory directly accessible to the CPU
c. The addresses allocated by the operating system to stored items
d. Operating system moves through all stored data items in order to reach the desired one

Answer 25

Explanation: Answer a is “Address Space”. Answer b is “Random Memory” or “Primary Storage”. Answer c refers to addressing of storage not its sequential retrieval. Answer d is correct.

Question 26

250. The statement “Subject cannot modify objects of higher integrity” represents which Property of the Biba Access Control Model?

a. Simple Integrity Property
b. Simple Security Property
c. Star Property
d. Integrity Star Property

Answer 26

Explanation: Answer a is cannot read down”. Answer b is cannot read up in Bell-LaPadula. Answer c is cannot write down in Bell-LaPadula. Answer d is correct – “No write Up”.