Chapter 6 - Security Architecture and Design Flashcards Preview

My Notes of CISSP CBK > Chapter 6 - Security Architecture and Design > Flashcards

Flashcards in Chapter 6 - Security Architecture and Design Deck (80)
Loading flashcards...
1

A holistic Life Cycle for developing security architecture that begins with accessing business requirements and subsequently creating a "chain of traceability" through phases of strategy, concept, design, implementation and metrics is characteristic of which of the following frameworks?

A. Zachman

B. SABSA

C. ISO 27000

D. TOGAF

B. SABSA

2

Which of the following component of ITIL's Service Portfolio is primarily  focused on translating designs into operational services through a project management standard?

A. Service Strategy

B. Service Design

C. Service Transition

D, Service Operations

C. Service Transition

3

Which of the following can best  be used to capture detailed security requirements?

A. Threat modeling, covert channels, and data classification

B. Data classification, risk assessments, and covert channels

C. Risk assessments, covert channels, and threat modeling

D. Threat modeling; data classification and risk assessments

D. Threat modeling; data classification and risk assessments

4

Which of the following security standards is internationally recogonized as sthe standards for sound security practice and is focused on the standardization and certification of an organization's information security management system (ISMS)

A. ISO 15408

B. ISO 27001

C. ISO 9001

D. ISO 9146

B. ISO 27001

5

Which of the following describes the rules that need to be implemented to ensure that the security requirements are met?

A. Security Kernel

B. Security Policy

C. Security Model

D. Security Reference Monitor

B. Security Policy

6

A two dimensional grouping of individual subjects into groups or roles and granting access to groups to objects is an example of which of the following types of models?

A. Multi-level lattice

B. State Machine

C. Non-interference

D. Matrix based

D. Matrix based

7

Which of the following models ensures that a subject  with clearance level of Secret has the ability to write only to objects classified as Secret or Top Secret but is prevented from writing information classified as Public?

A. Biba - Integrity

B. Clark-Wilson

C. Brewer-Nash

D. Bell-LaPadula

D. Bell-LaPadula

8

Which of the following is unique to Biba Integrity Model?

A. Simple Property

B. *(star) property

C. Invocation Property

D. Strong * Property

C. Invocation Property

9

Which of the following models is best considered in a shared data hosting environment so that they data of one customer is not disclosed to a competitor or other customers sharing that hosted environment?

A. Brewer Nash

B. Clark - Wilson

C. Bell-LaPadula

D. Lipner

A. Brewer Nash - Chinese Wall

10

Which of the following security models is primarily concerned with how the  subjects and objects are created and how subjects assigned rights and privileges?

A. Bell-LaPadula

B. Biba-Integrity

C. Chinese Wall

D. Graham Denning

D. Graham Denning

11

Which of the following ISO standards provides the Evaluation Criteria that can be used to evaluate Security Requirments of different products with different functions?

A. ISO 15408

B. ISO 27000

C. ISO 9100

D. ISO 27002

 

A. ISO 15408

12

In the common criteria the common set of functional and assurance requirements for a category of vendor producs deployed ina particular type of environment are known as:

A. Protection Profiles

B. Security Target

C. Trusted Computing Base

D. Ring Protection

A. Protection Profiles

13

Which of the following evaluation assurance level that is formally verified, designed, and tested is expected for a high risk situation?

A. EAL1

B. EAL3

C. EAL5

D. EAL7

D. EAL7

14

Formal acceptance of an evaluated system by management is known as:

A. Certification

B. Accreditation

C. Validation

D. Verification

B. Accreditation

15

Which stage of the Capability Maturity Model (CMM) is characterized by having organizational processes that are proactive?

A. Initial

B. Managed

C. Defined

D. OPtimizing

C. Defined

16

Which of the following best provides a method of quantifying risks associated with information technology when validating the abilities of new security controls and countermeasures to address the identified risks?

A. Threat/Risk Assessment

B. Penetration Testing

C. Vulenrability Assessment

D. Data Classification

A. Threat/Risk Assessment

17

The use of proxies to protect more trusted assests from less sensitive ones is an example of which of the following types of security services?

A. Access Control

B. Boundary Control

C. Integrity

D. Audit and Monitoring

B. Boundary Control

18

Which of the following is the main reason for security concerns in mobile computing devices?

A. The 3G protocol is inherently insecure

B. Lower Processing Power

C. Hackers are targeting mobile devices

D. The lack of anti-virus software

B. Lower Processing Power

19

In decentralized environments device drivers that enable the OS to control and communicate with hardware need to be securely designed, developed and deployed because they are

A. typically installed by end users granted access to the supervisor state

B. typically installed by administrators and granted access to user mode state

C. typically installed by software without human interaction

D. integrated as part of the operating system

A. typically installed by end users granted access to the supervisor state

20

A system administrator grants rights to a group of individuals called Accounting instead of granting rights to each individual. This is an example of whilch of the following security mechanisms?

A. Layering

B. Data hiding

C. Cryptographic protections

D. Abstraction

D. Abstraction

21

4 Main components Processors, storage, peripherals, and the OS

CPU, motherboard and memory operate together -4 main tasks - fetching, decoding, executing and storing

22

multitasking system

switches from one process to another to quickly speed up processing

23

threads

series of instructions, multithreading is a process where the OS time slices the threads and gives one thread some time on the CPU and then switches to another thread

24

primary storage

memory, cache or registers - high probablity of being requested by the CPU - RAM (Volatile) SDRAM CACHE (high speed RAM)

25

secondary storage

holds data not being used by the CPU

26

firmware

storage of programs or instructions in ROM (Non-volatile)

27

system kernal

core of OS - provides access to system resources

28

Enterprise Security Architecture

implements the building blocks of information security across the entire organization - long term strategy

29

Boundary Control Services

how and whether information is allowed to flow from one set of systems to another, or from one state to another - firewalls, border routers, proxies. Intended to enforce security zones of control by isolating entry points

30

Access Control Service

identification, authentication, authorization of subject entities