Security Operations Flashcards
(38 cards)
C2 is the lowest classification (TCSEC) that requires?
No data remanance
Which of the following represents the highest possible guarantee of security?
Assurance
What is the classification evaluation criterion for the B1 Level of TCSEC?
restrictions against covert channels
Which of the following is secure in each and every instance of its existence?
State Machine Model
Which TCSEC label represents systems that employ security domains?
B3
Which TCSEC security label requires mandatory protection mechanisms for controls?
B
TCSEC level that directly addresses covert channels?
B2
What security mode is represented by the state when users are limited to resources formal access approvals?
compartmented security zones
Within what security mode does the system function at a single security level?
dedicated security mode
Which of the following is not an element of the Clark Wilson Security model?
The classification of or levels of access are defined
Method used to restrict communication to detailed and controlled intervals in order to maintain the security of a system
Layering
Which of the operating states is exemplified by a process that will resume execution as soon as its print job is fully sent to the print server?
Wait state
The more complex a system.
Less assurance it provides
Which is the fastest form of memory
cache
What type of memory storage requires constant updates because the data it stores dissipates and decays?
dynamic RAM or RAM
What mechanism is used for a lower protection ring entity to communicate with a higher ring entity?
system call
Which ring of protection do device drivers operate?
Ring 2
What mode of operation exists when all users have the authority and need to know to access all resources?
Dedicated security mode
Which O/S state represents a process in normal execution?
Problem State
Which of the following components dictates when data is processed by the systems processor?
control unit
What is the best description of a security kernel from a security point of view?
reference monitor
The Orange book states that the Trusted Computing Base should uniquely identify each user for access purposes and__?
Assess the identity with all auditable actions taken by the individual
What is the best description of the reference monitor?
a software component that determines if a user is authorized to perform a required operation.
If an operating system allows sequential use of an object without refreshing it what security issue can arise?
Disclosure of residual data
