1. | The four CPU operating states include all the following except
|
|
2. | A computer system that alternates execution of multiple subprograms on a single processordescribes what type of system?
|
|
3. | An address used as the origin for calculating other addresses describes
|
|
4. | The four main functions of the operating system include all the following except
|
|
5. | The total combination of protection mechanisms within a computer system, including hardware, firmware, and software, which is responsible for enforcing a security policydefines
|
|
6. | A system that continues to operate following failure of a network component describes which type of system?
|
|
7. | Which of the following access control models addresses availability issues?
|
|
8. | The four basic control requirements identified in the Orange Book include all the following except
|
|
9. | All the following Orange Book classes require mandatory access control protection except
|
|
10. | Which of the following ITSEC classification levels is equivalent to TCSEC level B3?
|
|
Answers
1. | D. Virtual.The four CPU operating states are operating (or run), problem (or application, supervisory, and wait. Review “CPU.” |
2. | B. Multitasking. A multiprogramming computer alternates execution of multiple programs on a single processor. A multiuser computer supports several users. A multiprocessing computer executes multiple programs on multiple processors. Review “CPU.” |
3. | A. Base addressing. Indexed addressing specifies an address relative to an index register. Indirect addressing specifies the address of the desired location. Direct addressing specifies the desired location. Review “Memory.” |
4. | B. BIOS management.The four main functions of an OS are process management, I/O device management, memory management, and file management. The system BIOS operates independently of the OS. Review “Software.” |
5. | C. Trusted Computing Base. A reference monitor enforces access controls on an object. A security kernel implements the reference monitor concept. A protection ring is a security concept that implements the principle of least privilege. Review “Trusted Computing Base (TCB).” |
6. | A. Fault-tolerant. A fail-safe system terminates program execution. A fail-soft system continues functioning in a degraded mode. A failover system automatically switches to a hot backup. Review “Recovery procedures.” |
7. | D. None of the above. Bell-LaPadula addresses confidentiality issues. Biba and Clark-Wilson address integrity issues. Review “Access Control Models.” |
8. | A. Role-based access control.The four basic control requirements identified in the Orange Book are discretionary access control, mandatory access control, object reuse, and labels. Review “Trusted Computer System Evaluation Criteria (TCSEC).” |
9. | D. A2. Orange Book levels B1, B2, B3, and A1 all require mandatory access control protection. A2 is a non-existent level. Review “Trusted Computer System Evaluation Criteria (TCSEC).” |
10. | C. E5. E3 is equivalent toTCSEC level B1, E4 to B2, and E6 to A1. Review “European Information Technology Security Evaluation Criteria (ITSEC).” |