Chapter 6 - Security Architecture and Design Flashcards Preview

My Notes of CISSP CBK > Chapter 6 - Security Architecture and Design > Flashcards

Flashcards in Chapter 6 - Security Architecture and Design Deck (80)
Loading flashcards...

A holistic Life Cycle for developing security architecture that begins with accessing business requirements and subsequently creating a "chain of traceability" through phases of strategy, concept, design, implementation and metrics is characteristic of which of the following frameworks?

A. Zachman


C. ISO 27000




Which of the following component of ITIL's Service Portfolio is primarily  focused on translating designs into operational services through a project management standard?

A. Service Strategy

B. Service Design

C. Service Transition

D, Service Operations

C. Service Transition


Which of the following can best  be used to capture detailed security requirements?

A. Threat modeling, covert channels, and data classification

B. Data classification, risk assessments, and covert channels

C. Risk assessments, covert channels, and threat modeling

D. Threat modeling; data classification and risk assessments

D. Threat modeling; data classification and risk assessments


Which of the following security standards is internationally recogonized as sthe standards for sound security practice and is focused on the standardization and certification of an organization's information security management system (ISMS)

A. ISO 15408

B. ISO 27001

C. ISO 9001

D. ISO 9146

B. ISO 27001


Which of the following describes the rules that need to be implemented to ensure that the security requirements are met?

A. Security Kernel

B. Security Policy

C. Security Model

D. Security Reference Monitor

B. Security Policy


A two dimensional grouping of individual subjects into groups or roles and granting access to groups to objects is an example of which of the following types of models?

A. Multi-level lattice

B. State Machine

C. Non-interference

D. Matrix based

D. Matrix based


Which of the following models ensures that a subject  with clearance level of Secret has the ability to write only to objects classified as Secret or Top Secret but is prevented from writing information classified as Public?

A. Biba - Integrity

B. Clark-Wilson

C. Brewer-Nash

D. Bell-LaPadula

D. Bell-LaPadula


Which of the following is unique to Biba Integrity Model?

A. Simple Property

B. *(star) property

C. Invocation Property

D. Strong * Property

C. Invocation Property


Which of the following models is best considered in a shared data hosting environment so that they data of one customer is not disclosed to a competitor or other customers sharing that hosted environment?

A. Brewer Nash

B. Clark - Wilson

C. Bell-LaPadula

D. Lipner

A. Brewer Nash - Chinese Wall


Which of the following security models is primarily concerned with how the  subjects and objects are created and how subjects assigned rights and privileges?

A. Bell-LaPadula

B. Biba-Integrity

C. Chinese Wall

D. Graham Denning

D. Graham Denning


Which of the following ISO standards provides the Evaluation Criteria that can be used to evaluate Security Requirments of different products with different functions?

A. ISO 15408

B. ISO 27000

C. ISO 9100

D. ISO 27002


A. ISO 15408


In the common criteria the common set of functional and assurance requirements for a category of vendor producs deployed ina particular type of environment are known as:

A. Protection Profiles

B. Security Target

C. Trusted Computing Base

D. Ring Protection

A. Protection Profiles


Which of the following evaluation assurance level that is formally verified, designed, and tested is expected for a high risk situation?







Formal acceptance of an evaluated system by management is known as:

A. Certification

B. Accreditation

C. Validation

D. Verification

B. Accreditation


Which stage of the Capability Maturity Model (CMM) is characterized by having organizational processes that are proactive?

A. Initial

B. Managed

C. Defined

D. OPtimizing

C. Defined


Which of the following best provides a method of quantifying risks associated with information technology when validating the abilities of new security controls and countermeasures to address the identified risks?

A. Threat/Risk Assessment

B. Penetration Testing

C. Vulenrability Assessment

D. Data Classification

A. Threat/Risk Assessment


The use of proxies to protect more trusted assests from less sensitive ones is an example of which of the following types of security services?

A. Access Control

B. Boundary Control

C. Integrity

D. Audit and Monitoring

B. Boundary Control


Which of the following is the main reason for security concerns in mobile computing devices?

A. The 3G protocol is inherently insecure

B. Lower Processing Power

C. Hackers are targeting mobile devices

D. The lack of anti-virus software

B. Lower Processing Power


In decentralized environments device drivers that enable the OS to control and communicate with hardware need to be securely designed, developed and deployed because they are

A. typically installed by end users granted access to the supervisor state

B. typically installed by administrators and granted access to user mode state

C. typically installed by software without human interaction

D. integrated as part of the operating system

A. typically installed by end users granted access to the supervisor state


A system administrator grants rights to a group of individuals called Accounting instead of granting rights to each individual. This is an example of whilch of the following security mechanisms?

A. Layering

B. Data hiding

C. Cryptographic protections

D. Abstraction

D. Abstraction


4 Main components Processors, storage, peripherals, and the OS

CPU, motherboard and memory operate together -4 main tasks - fetching, decoding, executing and storing


multitasking system

switches from one process to another to quickly speed up processing



series of instructions, multithreading is a process where the OS time slices the threads and gives one thread some time on the CPU and then switches to another thread


primary storage

memory, cache or registers - high probablity of being requested by the CPU - RAM (Volatile) SDRAM CACHE (high speed RAM)


secondary storage

holds data not being used by the CPU



storage of programs or instructions in ROM (Non-volatile)


system kernal

core of OS - provides access to system resources


Enterprise Security Architecture

implements the building blocks of information security across the entire organization - long term strategy


Boundary Control Services

how and whether information is allowed to flow from one set of systems to another, or from one state to another - firewalls, border routers, proxies. Intended to enforce security zones of control by isolating entry points


Access Control Service

identification, authentication, authorization of subject entities