Security Architecture and Design Prep Test

1. 

The four CPU operating states include all the following except

1. Operating

2. Problem

3. Wait

4. Virtual

2. 

A computer system that alternates execution of multiple subprograms on a single processordescribes what type of system?

1. Multiprogramming

2. Multitasking

3. Multiuser

4. Multiprocessing

3. 

An address used as the origin for calculating other addresses describes

1. Base addressing

2. Indexed addressing

3. Indirect addressing

4. Direct addressing

4. 

The four main functions of the operating system include all the following except

1. Process management

2. BIOS management

3. I/O device management

4. File management

5. 

The total combination of protection mechanisms within a computer system, including hardware, firmware, and software, which is responsible for enforcing a security policydefines

1. Reference monitor

2. Security kernel

3. Trusted Computing Base

4. Protection domain

6. 

A system that continues to operate following failure of a network component describes which type of system?

1. Fault-tolerant

2. Fail-safe

3. Fail-soft

4. Failover

7. 

Which of the following access control models addresses availability issues?

1. Bell-LaPadula

2. Biba

3. Clark-Wilson

4. None of the above

8. 

The four basic control requirements identified in the Orange Book include all the following except

1. Role-based access control

2. Discretionary access control

3. Mandatory access control

4. Object reuse

9. 

All the following Orange Book classes require mandatory access control protection except

1. B2

2. B3

3. A1

4. A2

10. 

Which of the following ITSEC classification levels is equivalent to TCSEC level B3?

1. E3

2. E4

3. E5

4. E6

1. 

D. Virtual.The four CPU operating states are operating (or run), problem (or application, supervisory, and wait. Review “CPU.”

2. 

B. Multitasking. A multiprogramming computer alternates execution of multiple programs on a single processor. A multiuser computer supports several users. A multiprocessing computer executes multiple programs on multiple processors. Review “CPU.”

3. 

A. Base addressing. Indexed addressing specifies an address relative to an index register. Indirect addressing specifies the address of the desired location. Direct addressing specifies the desired location. Review “Memory.”

4. 

B. BIOS management.The four main functions of an OS are process management, I/O device management, memory management, and file management. The system BIOS operates independently of the OS. Review “Software.”

5. 

C. Trusted Computing Base. A reference monitor enforces access controls on an object. A security kernel implements the reference monitor concept. A protection ring is a security concept that implements the principle of least privilege. Review “Trusted Computing Base (TCB).”

6. 

A. Fault-tolerant. A fail-safe system terminates program execution. A fail-soft system continues functioning in a degraded mode. A failover system automatically switches to a hot backup. Review “Recovery procedures.”

7. 

D. None of the above. Bell-LaPadula addresses confidentiality issues. Biba and Clark-Wilson address integrity issues. Review “Access Control Models.”

8. 

A. Role-based access control.The four basic control requirements identified in the Orange Book are discretionary access control, mandatory access control, object reuse, and labels. Review “Trusted Computer System Evaluation Criteria (TCSEC).”

9. 

D. A2. Orange Book levels B1, B2, B3, and A1 all require mandatory access control protection. A2 is a non-existent level. Review “Trusted Computer System Evaluation Criteria (TCSEC).”

10. 

C. E5. E3 is equivalent toTCSEC level B1, E4 to B2, and E6 to A1. Review “European Information Technology Security Evaluation Criteria (ITSEC).”