Security Operations

Question 1

C2 is the lowest classification (TCSEC) that requires?

Answer 1

No data remanance

Question 2

Which of the following represents the highest possible guarantee of security?

Answer 2

Assurance

Question 3

What is the classification evaluation criterion for the B1 Level of TCSEC?

Answer 3

restrictions against covert channels

Question 4

Which of the following is secure in each and every instance of its existence?

Answer 4

State Machine Model

Question 5

Which TCSEC label represents systems that employ security domains?

Answer 5

B3

Question 6

Which TCSEC security label requires mandatory protection mechanisms for controls?

Answer 6

B

Question 7

TCSEC level that directly addresses covert channels?

Answer 7

B2

Question 8

What security mode is represented by the state when users are limited to resources formal access approvals?

Answer 8

compartmented security zones

Question 9

Within what security mode does the system function at a single security level?

Answer 9

dedicated security mode

Question 10

Which of the following is not an element of the Clark Wilson Security model?

Answer 10

The classification of or levels of access are defined

Question 11

Method used to restrict communication to detailed and controlled intervals in order to maintain the security of a system

Answer 11

Layering

Question 12

Which of the operating states is exemplified by a process that will resume execution as soon as its print job is fully sent to the print server?

Answer 12

Wait state

Question 13

The more complex a system.

Answer 13

Less assurance it provides

Question 14

Which is the fastest form of memory

Answer 14

cache

Question 15

What type of memory storage requires constant updates because the data it stores dissipates and decays?

Answer 15

dynamic RAM or RAM

Question 16

What mechanism is used for a lower protection ring entity to communicate with a higher ring entity?

Answer 16

system call

Question 17

Which ring of protection do device drivers operate?

Answer 17

Ring 2

Question 18

What mode of operation exists when all users have the authority and need to know to access all resources?

Answer 18

Dedicated security mode

Question 19

Which O/S state represents a process in normal execution?

Answer 19

Problem State

Question 20

Which of the following components dictates when data is processed by the systems processor?

Answer 20

control unit

Question 21

What is the best description of a security kernel from a security point of view?

Answer 21

reference monitor

Question 22

The Orange book states that the Trusted Computing Base should uniquely identify each user for access purposes and__?

Answer 22

Assess the identity with all auditable actions taken by the individual

Question 23

What is the best description of the reference monitor?

Answer 23

a software component that determines if a user is authorized to perform a required operation.

Question 24

If an operating system allows sequential use of an object without refreshing it what security issue can arise?

Answer 24

Disclosure of residual data

Question 25

Which is the first level that requires classification labeling of data?

Answer 25

B1

Question 26

What are cognitive passwords?

Answer 26

Fact or opinion based information used to verify an individual ID

Question 27

What advantage does hardware have over software?

Answer 27

Difference to access without physical access

Question 28

Behavioral Based Systems AKA

Answer 28

Profile Based

Question 29

Kerberos

Answer 29

Trusted Third Party Authorization Protocol

Question 30

What is a straightforward approach that provides access rights to subjects for objects?

Answer 30

Access Control Matrix

Question 31

What represents the columns of the table if a db?

Answer 31

Attributes

Question 32

Rows in a db are called __?

Answer 32

Tuples

Question 33

database views

Answer 33

restrict user access to data in a db

Question 34

Primary service provided by Kerberos?

Answer 34

Authentication

Question 35

Which model introduces access to objects only through programs?

Answer 35

Clark Wilson

Question 36

What does not apply to system generated passwords?

Answer 36

Passwords are more vulnerable to brute force and dictionary attacks

Question 37

Which access control model is also called non-discretionary access control?

Answer 37

Role Based access control

Question 38

Which access control model uses directed graph?

Answer 38

Take Grant