|
Which of the following is true about Kerberos? |
It depends upon symmetric ciphers. |
|
The RSA algorithm is an example of what type of cryptography? |
Asymmetric Key. |
|
Kerberos depends upon what encryption method? |
Secret Key cryptography. |
|
The DES algorithm is an example of what type of cryptography? |
Secret Key |
|
Which of the following encryption methods is known to be unbreakable? |
One-time pads. |
|
What algorithm was DES derived from? |
Brooks-Aldeman. |
|
What is a characteristic of using the Electronic Code Book mode of DES encryption? |
A given block of plaintext and a given key will always produce the same ciphertext. |
|
Where parties do not have a shared secret and large quantities of sensitive information must be passed, |
Use of public key encryption to secure a secret key, and message encryption using the secret key. |
|
Public Key Infrastructure (PKI) uses asymmetric key encryption between parties. The originator encrypts |
The recipient’s identity can be positively verified by the sender |
|
Which of the following DoD Model layer provides non-repudiation services? |
application layer. |
|
Which of the following statements is true about data encryption as a method of protecting data? |
It requires careful key management |
|
Which type of algorithm is considered to have the highest strength per bit of key length of any of the |
Elliptic Curve Cryptography (ECC) |
|
How many bits is the effective length of the key of the Data Encryption Standard algorithm? |
56 |
|
The primary purpose for using one-way hashing of user passwords within a password file is which of the |
It prevents an unauthorized person from reading the password. |
|
Which of the following issues is not addressed by digital signatures? |
denial-of-service |
|
Brute force attacks against encryption keys have increased in potency because of increased computing |
The use of session keys. |
|
The Data Encryption Standard (DES) encryption algorithm has which of the following characteristics? |
64 bit blocks with a 64 bit total key length |
|
PGP uses which of the following to encrypt data? |
A symmetric encryption algorithm |
|
A public key algorithm that does both encryption and digital signature is which of the following? |
RSA |
|
Which of the following is NOT true of Secure Sockets Layer (SSL)? |
By convention it uses ‘s-http://’ instead of ‘http://’. |
|
There are parallels between the trust models in Kerberos and Public Key Infrastructure (PKI). When we |
public-key certificates |
|
Which of the following identifies the encryption algorithm selected by NIST for the new Advanced |
Rijndael |
|
Compared to RSA, which of the following is true of Elliptic Curve Cryptography(ECC)? |
It is believed to require shorter keys for equivalent security. |
|
What are the three most important functions that Digital Signatures perform? |
Integrity, Authentication and Nonrepudiation |
|
Which of the following protocols that provide integrity and authentication for IPSec, can also provide nonrepudiation |
Authentication Header (AH) |
|
Which of the following is a cryptographic protocol and infrastructure developed to send encrypted credit |
Secure Electronic Transaction (SET) |
|
Which of the following cryptographic attacks describes when the attacker has a copy of the plaintext and |
known plaintext |
|
Which of the following is NOT a true statement regarding the implementaton of the 3DES modes? |
DES-EEE1 uses one key |
|
Which one of the following is a key agreement protocol used to enable two entities to agree and generate a |
Diffie_Hellmann |
|
Which of the following ciphers is a subset on which the Vigenere polyalphabetic cipher was based on? |
Caesar |
|
In a known plaintext attack, the cryptanalyst has knowledge of which of the following? |
both the plaintext and the associated ciphertext of several messages |
|
What is the length of an MD5 message digest? |
128 bits |
|
The Secure Hash Algorithm (SHA-1) creates: |
a fixed length message digest from a variable length input message |
|
The RSA Algorithm uses which mathematical concept as the basis of its encryption? |
Two large prime numbers |
|
The Clipper Chip utilizes which concept in public key cryptography? |
Key Escrow |
|
Which of the following are suitable protocols for securing VPN connections at the lower layers of the OSI |
IPsec and L2TP |
|
What is the role of IKE within the IPsec protocol? |
peer authentication and key exchange |
|
In which phase of Internet Key Exchange (IKE) protocol is peer authentication performed? |
Phase 1 |
|
What is NOT an authentication method within IKE and IPsec? |
CHAP |
|
What is NOT true with pre shared key authentication within IKE / IPsec protocol? |
Needs a Public Key Infrastructure (PKI) to work |
|
n a hierarchical PKI the highest CA is regularly called Root CA, it is also referred to by which one of the |
Top Level CA |
|
What is the primary role of cross certification? |
Creating trust between different PKIs |
|
What kind of encryption is realized in the S/MIME-standard? |
Public key based, hybrid encryption scheme |
|
What is the main problem of the renewal of a root CA certificate? |
It requires the authentic distribution of the new root CA certificate to all PKI participants |
|
Virus scanning and content inspection of SMIME encrypted e-mail without doing any further processing is: |
Not possible |
|
What attribute is included in a X.509-certificate? |
Distinguished name of the subject |
|
Which of the following choices is a valid Public Key Cryptography Standard (PKCS) addressing RSA? |
PKCS#1 |
|
What is the primary role of smartcards in a PKI? |
Tamper resistant, mobile storage and application of private keys of the users |
|
What kind of certificate is used to validate a user identity? |
Public key certificate |
|
What does the directive of the European Union on Electronic Signatures deal with? |
Non repudiation |
|
A X.509 public key certificate with the key usage attribute "non repudiation" can be used for which of the |
verifying signed messages |
|
Which of the following would best describe certificate path validation? |
Verification of the validity of all certificates of the certificate chain to the root certificate |
|
FIPS-140 is a standard for the security of which of the following? |
Hardware and software cryptographic modules |
|
Which of the following can best define the "revocation request grace period"? |
Time period between the arrival of a revocation request and the publication of the revocation information |
|
Which is NOT a suitable method for distributing certificate revocation information? |
CA revocation mailing list |
|
Which of the following is true about digital certificate? |
Electronic credential proving that the person the certificate was issued to is who they claim to be |
|
What kind of Encryption technology does SSL utilize? |
Hybrid (both Symmetric and Asymmetric) |
|
What is the name of a one way transformation of a string of characters into a usually shorter fixed-length |
One-way hash |
|
Which of the following is NOT an asymmetric key algorithm? |
Data Encryption System (DES) |
|
Which of the following is NOT a symmetric key algorithm? |
Digital Signature Standard (DSS) |
|
Which of the following ASYMMETRIC encryption algorithms is based on the difficulty of FACTORING |
RSA |
|
The Diffie-Hellman algorithm is primarily used to provide which of the following? |
Key Agreement |
|
Which protocol makes USE of an electronic wallet on a customer’s PC and sends encrypted credit card |
SET (Secure Electronic Transaction) |
|
Which of the following algorithms does NOT provide hashing? |
RC4 |
|
In what type of attack does an attacker try, from several encrypted messages, to figure out the key used in |
Ciphertext-only attack |
|
Which encryption algorithm is BEST suited for communication with handheld wireless devices? |
ECC (Elliptic Curve Cryptosystem) |
|
Which of the following keys has the SHORTEST lifespan? |
Session key |
|
What is the RESULT of a hash algorithm being applied to a message? |
A message digest |
|
Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose? |
message integrity. |
|
Which of the following services is NOT provided by the digital signature standard (DSS)? |
Encryption |
|
What can be defined as an instance of two different keys generating the same ciphertext from the same |
Key clustering |
|
Which of the following is true about link encryption? |
This mode does not provide protection if anyone of the nodes along the transmission path is compromised. |
|
What uses a key of the same length as the message where each bit or character from the plaintext is |
One-time pad |
|
What can be defined as secret communications where the very existence of the message is hidden? |
Steganography |
|
What is the maximum number of different keys that can be used when encrypting with Triple DES? |
3 |
|
What algorithm has been selected as the AES algorithm, replacing the DES algorithm? |
Rijndael |
|
Which of the following is a symmetric encryption algorithm? |
RC5 |
|
Which of the following is NOT a property of the Rijndael block cipher algorithm? |
Maximum key size is 512 bits |
|
Which of the following is not a property of the Rijndael block cipher algorithm? |
It operates on 64-bit plaintext blocks and uses a 128 bit key. |
|
What is the maximum allowable key size of the Rijndael encryption algorithm? |
256 bits |
|
Which of the following algorithms is used today for encryption in PGP? |
IDEA |
|
Which of the following protects Kerberos against replay attacks? |
Time stamps |
|
What is the name for a substitution cipher that shifts the alphabet by 13 places? |
ROT13 cipher |
|
Which of the following standards concerns digital certificates? |
X.509 |
|
Which of the following offers security to wireless communications? |
WTLS |
|
What is the effective key size of DES? |
56 bits |
|
Which of the following offers confidentiality to an e-mail message? |
The sender encrypting it with the receiver’s public key. |
|
Which of the following is not a DES mode of operation? |
Input feedback |
|
What size is an MD5 message digest (hash)? |
128 bits |
|
Which of the following service is not provided by a public key infrastructure (PKI)? |
Reliability |
|
In a Public Key Infrastructure, how are public keys published? |
Through digital certificates. |
|
What principle focuses on the uniqueness of separate objects that must be joined together to perform a |
Split knowledge |
|
What level of assurance for a digital certificate verifies a user’s name, address, social security number, and |
Level 2/Class 2 |
|
Which of the following statements pertaining to stream ciphers is correct? |
A stream cipher generates what is called a keystream. |
|
Which of the following statements pertaining to block ciphers is incorrect? |
Plain text is encrypted with a public key and decrypted with a private key. |
|
Cryptography does NOT help in: |
Detecting fraudulent disclosure. |
|
What is used to bind a document to its creation at a particular time? |
Digital Timestamp |
|
Which of the following is best at defeating frequency analysis? |
Polyalphabetic cipher |
|
A code, as is pertains to cryptography |
Deals with linguistic units. |
|
Which of the following is the most secure form of triple-DES encryption? |
DES-EDE3 |
|
Which of the following is NOT a known type of Message Authentication Code (MAC)? |
Signature-based MAC (SMAC) |
|
What is the maximum key size for the RC5 algorithm? |
2040 bits |
|
Which of the following algorithms is a stream cipher? |
RC4 |
|
In a SSL session between a client and a server, who is responsible for generating the master secret that |
The client’s browser |
|
Which of the following statements pertaining to PPTP (Point-to-Point Tunneling Protocol) is incorrect? |
PPTP is derived from L2TP. |
|
Which of the following is less likely to be used today in creating a Virtual Private Network? |
L2F |
|
Which of the following was not designed to be a proprietary encryption algorithm? |
Blowfish |
|
Which of the following is not an encryption algorithm? |
SHA-1 |
|
What key size is used by the Clipper Chip? |
80 bits |
|
Which of the following would best describe a Concealment cipher? |
Every X number of words within a text, is a part of the real message. |
|
Which of the following is best provided by symmetric cryptography? |
Confidentiality |
|
Which of the following is not a disadvantage of symmetric cryptography when compared with Asymmetric |
Speed |
|
Which of the following is more suitable for a hardware implementation? |
Block ciphers |
|
How many rounds are used by DES? |
16 |
|
What is the key size of the International Data Encryption Algorithm (IDEA)? |
128 bits |
|
Which of the following is not an example of a block cipher? |
RC4 |
|
The Diffie-Hellman algorithm is used for: |
Key agreement |
|
A one-way hash provides which of the following? |
Integrity |
|
Which of the following is not a one-way hashing algorithm? |
RC4 |
|
Which of the following statements pertaining to key management is incorrect? |
When not using the full keyspace, the key should be extremely random. |
|
Which of the following statements pertaining to link encryption is false? |
Information stays encrypted from one end of its journey to the other. |
|
Which of the following should be used as a replacement for Telnet for secure remote login over an insecure network? |
SSH |
|
Cryptography does not concern itself with which of the following choices? |
Validation |
|
Which of the following does NOT concern itself with key management? |
Cryptology (CRYPTO) |
|
Which of the following encryption algorithms does not deal with discrete logarithms? |
RSA |
|
Which of the following statements pertaining to message digests is incorrect? |
The message digest should be calculated using at least 128 bytes of the file. |
|
Which type of attack is based on the probability of two different messages using the same hash function |
Birthday attack |
|
Which of the following elements is NOT included in a Public Key Infrastructure (PKI)? |
Internet Key Exchange (IKE) |
|
Which of the following was developed in order to protect against fraud in electronic fund transfers (EFT) by |
Message Authentication Code (MAC) |
|
Which of the following statements pertaining to Secure Sockets Layer (SSL) is false? |
The SSL protocol’s primary use is to authenticate the client to the server using public key cryptography |
|
What is the name of the protocol use to set up and manage Security Associations (SA) for IP Security |
Internet Key Exchange (IKE) |
|
Which of the following binds a subject name to a public key value? |
A public key infrastructure |
|
What can be defined as a digital certificate that binds a set of descriptive data items, other than a public |
An attribute certificate |
|
What can be defined as a data structure that enumerates digital certificates that were issued to CAs but |
Authority revocation list |
|
Who vouches for the binding between the data items in a digital certificate? |
Certification authority |
|
What enables users to validate each other’s certificate when they are certified under different certification |
Cross-certification |
|
Which of the following would best define a digital envelope? |
A message encrypted with a secret key attached with the message. The secret key is encrypted with the public key of the receiver. |
|
What can be defined as a value computed with a cryptographic algorithm and appended to a data object in |
A digital signature |
|
Which of the following can be best defined as computing techniques for inseparably embedding |
Digital watermarking |
|
Which of the following is an Internet IPsec protocol to negotiate, establish, modify, and delete security |
Internet Security Association and Key Management Protocol (ISAKMP) |
|
Which of the following is defined as a key establishment protocol based on the Diffie-Hellman algorithm |
OAKLEY |
|
Which of the following is defined as an Internet, IPsec, key-establishment protocol, partly based on |
Internet Key exchange (IKE) |
|
Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to |
Simple Key-management for Internet Protocols (SKIP) |
|
Which of the following can best be defined as a key recovery technique for storing knowledge of a |
Key encapsulation |
|
Which of the following can best be defined as a cryptanalysis technique in which the analyst tries to |
A known-plaintext attack |
|
Which of the following is NOT a property of a one-way hash function? |
It converts a message of a fixed length into a message digest of arbitrary length. |
|
The Data Encryption Algorithm performs how many rounds of substitution and permutation? |
16 |
|
Which of the following statements is most accurate regarding a digital signature? |
It allows the recipient of data to prove the source and integrity of data. |
|
The computations involved in selecting keys and in enciphering data are complex, and are not practical for |
computing in Galois fields |
|
Which of the following concerning the Rijndael block cipher algorithm is false? |
Both block size and key length can be extended to multiples of 64 bits. |
|
This type of attack is generally most applicable to public-key cryptosystems, what type of attack am I? |
Chosen-Ciphertext attack |
|
What is NOT true about a one-way hashing function? |
It provides authentication of the message |
|
You’ve decided to authenticate the source who initiated a particular transfer while ensuring integrity of the |
Having the sender encrypt the hash with his private key. |
|
Which key agreement scheme uses implicit signatures ? |
MQV |
|
While using IPsec, the ESP and AH protocols both provides integrity services. However when using AH, |
Packet Header Source or Destination address |
|
Which of the following protocols offers native encryption? |
IPSEC, SSH, SSL, TLS |
|
What is the difference between the OCSP (Online Certificate Status Protocol) and a Certificate Revocation |
The OCSP (Online Certificate Status Protocol) provides real-time certificate checks and a Certificate Revocation List (CRL) has a delay in the updates. |
|
Which of the following protocols would BEST mitigate threats of sniffing attacks on web application traffic? |
SSL or TLS |
|
What type of key would you find within a browser’s list of trusted root CA? |
Public key |
|
In a PKI infrastructure where are list of revoked certificates stored? |
CRL |
|
The equation used to calculate the total number of symmetric keys (K) needed for a group of users (N) to |
N(N 1)/ 2 |
|
In which mode of DES, a block of plaintext and a key will always give the same ciphertext? |
Electronic Code Book (ECB) |
|
Which of the following modes of DES is MOST Likely used for Database Encryption |
Electronic Code Book(ECB) |
|
which of the following is a Hashing Algorithm? |
SHA |
|
Complete the following sentence. A digital signature is a ____ |
hash value that has been encrypted with the senders private key |
|
which of the following example is NOT an asymmetric key algorithms? |
Advanced Encryption Standard(AES) |
|
Complete the following sentence. A message can be encrypted, which provides __________ |
Confidentiality |
|
A message can be encrypted and digitally signed, which provides _______________ |
Confidentiality, Authentication, Non-repudiation, and Integrity |
|
Public key infrastructure(PKI) consists of programs, data formats, procedures, communication protocols, |
X.509 |
|
What would you call a microchip installed on the motherboard of modern computers and is dedicated to |
Trusted Platform Module (TPM) |
|
Suppose that you are the COMSEC – Communications Security custodian for a large, multinational |
They are added to the CRL |
|
You are an information systems security officer at a mid-sized business and are called upon to investigate |
Non-repudiation |
|
compared in a process that looks something like this: |
Exclusive-OR |
|
Which type of encryption is considered to be unbreakable if the stream is truly random and is as large as |
One Time Pad (OTP) |
|
Which of the following terms can be described as the process to conceal data into another file or media in |
Steganography |
|
Which of the following type of cryptography is used when both parties use the same key to communicate |
Symmetric Key Cryptography |
|
Complete the blanks. When using PKI, I digitally sign a message using my ______ key. The recipient |
Private / Public |
|
Which of the following BEST describes a function relying on a shared secret key that is used along with a |
Message Authentication Code – MAC |
|
Which answer BEST describes a secure cryptoprocessor that can be used to store cryptographic keys, |
TPM – Trusted Platform Module |
|
There are basic goals of Cryptography. Which of the following most benefits from the process of |
Confidentiality |
|
Readable is to unreadable just as plain text is to _____? |
Cipher Text |
|
In Mandatory Access Control, sensitivity labels attached to object contain what information? |
The item’s classification and category set |
|
The Orange Book describes four hierarchical levels to categorize security systems. Which of the following |
A and B. |
|
What mechanism does a system use to compare the security labels of a subject and an object? |
Reference Monitor. |
|
What are the components of an object’s sensitivity label? |
A single classification and a Compartment Set |
|
What does it mean to say that sensitivity labels are "incomparable"? |
Neither label contains all the categories of the other. |
|
As per the Orange Book, what are two types of system assurance? |
Operational Assurance and Life-Cycle Assurance. |
|
The Orange Book requires auditing mechanisms for any systems evaluated at which of the following |
C2 and above. |
|
Which of the following are required for Life-Cycle Assurance? |
Security Testing and Trusted distribution. |
|
Memory management in TCSEC levels B3 and A1 operating systems may utilize "data hiding". |
System functions are layered, and none of the functions in a given layer can access data outside that layer. |
|
The Orange Book states that "Hardware and software features shall be provided that can be used to |
System Integrity. |
|
Which of the following can be used as a covert channel? |
Storage and timing. |
|
Covert Channel Analysis is first introduced at what level of the TCSEC rating? |
B2 and above. |
|
At what Orange Book evaluation levels are design specification and verification first required? |
B1 and above. |
|
Configuration Management controls what? |
Auditing and controlling any changes to the Trusted Computing Base. |
|
At which of the Orange Book evaluation levels is configuration management required? |
B2 and above. |
|
What is the purpose of Trusted Distribution? |
To ensure that the Trusted Computing Base is not tampered with during shipment or installation |
|
Which Orange Book evaluation level is described as "Verified Design"? |
A1. |
|
Which Orange Book evaluation level is described as "Structured Protection"? |
B2 |
|
Who developed one of the first mathematical models of a multilevel-security computer system? |
Bell and LaPadula. |
|
If an operating system permits shared resources such as memory to be used sequentially by multiple |
Disclosure of residual data |
|
The Information Technology Security Evaluation Criteria (ITSEC) was written to address which of the |
integrity and availability. |
|
An Architecture where there are more than two execution domains or privilege levels is called: |
Ring Architecture. |
|
Which of the following components are considered part of the Trusted Computing Base? |
trusted hardware, software and firmware |
|
Which of the following places the Orange Book classifications in order from most secure to least secure? |
A, B, C, D |
|
The Orange Book is founded upon which security policy model? |
The Bell LaPadula Model |
|
Which of the following is NOT a basic component of security architecture? |
Motherboard |
|
Which of the following is the lowest TCSEC class wherein the systems must support separate operator |
B2 |
|
In which of the following model are Subjects and Objects identified and the permissions applied to each |
Access Control Matrix model |
|
In which of the following security models is the subject’s clearance compared to the object’s classification |
Bell-LaPadula model |
|
Which of the following classes is the first level (lower) defined in the TCSEC (Orange Book) as mandatory |
B |
|
Which of the following classes is defined in the TCSEC (Orange Book) as discretionary protection? |
C |
|
Which of the following division is defined in the TCSEC (Orange Book) as minimal protection? |
Division D |
|
Which of the following establishes the minimal national standards for certifying and accrediting national |
NIACAP |
|
Which of the following was developed by the National Computer Security Center (NCSC) for the US |
TCSEC |
|
Which of the following is a set of data processing elements that increases the performance in a computer |
pipelining |
|
Which of the following describes a computer processing architecture in which a language compiler or preprocessor |
Very-Long Instruction-Word Processor (VLIW) |
|
Which of the following addresses a portion of the primary memory by specifying the actual address of the |
direct addressing |
|
The steps of an access control model should follow which logical flow: |
Identification, authentication, authorization |
|
Common Criteria has assurance level from EAL 1 to EAL 7 regarding the depth of design and testing. |
EAL 4 |
|
Attributable data should be: |
always traced to individuals responsible for observing and recording the data |
|
If an internal database holds a number of printers in every department and this equals the total number of |
Internal consistency of the information system. |
|
QUESTION 42 |
Lattice model |
|
Which of the following statements relating to the Bell-LaPadula security model is FALSE (assuming the |
A subject is not allowed to read down. |
|
QUESTION 44 |
A communication channel that allows transfer of information in a manner that violates the system’s security policy. |
|
Which of the following statements relating to the Biba security model is FALSE? |
Programs serve as an intermediate layer between subjects and objects. |
|
Which of the following organizations PRODUCES and PUBLISHES the Federal Information Processing |
The National Institute of Standards and Technology (NIST) |
|
Why do buffer overflows happen? What is the main cause? |
Because of improper parameter checking within the application |
|
Which of the following choices describe a condition when RAM and Secondary storage are used together? |
Virtual storage |
|
Which of the following statements pertaining to protection rings is false? |
They provide users with a direct access to peripherals |
|
What is it called when a computer uses more than one CPU in parallel to execute instructions? |
Multiprocessing |
|
Which of the following statements pertaining to the trusted computing base (TCB) is false? |
Its enforcement of security policy is independent of parameters supplied by system administrators. |
|
What can be defined as an abstract machine that mediates all access to objects by subjects to ensure that |
The Reference Monitor |
|
Which of the following is not a method to protect objects and the data within the objects? |
Data mining |
|
What is the main focus of the Bell-LaPadula security model? |
Confidentiality |
|
Which of the following statements pertaining to the Bell-LaPadula is TRUE if you are NOT making use of |
It allows "write up." |
|
Which security model introduces access to objects only through programs? |
The Clark-Wilson model |
|
Which security model ensures that actions that take place at a higher security level do not affect actions |
The noninterference model |
|
Which of the following security models does NOT concern itself with the flow of data? |
The noninterference model |
|
Which of the following Orange Book ratings represents the highest level of trust? |
B2 |
|
What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the |
D |
|
Which Orange book security rating introduces the object reuse protection? |
B2 |
|
Which Orange book security rating introduces security labels? |
B1 |
|
Which Orange book security rating is the FIRST to be concerned with covert channels? |
B2 |
|
What is called the formal acceptance of the adequacy of a system’s overall security by the management? |
Accreditation |
|
Which division of the Orange Book deals with discretionary protection (need-to-know)? |
C |
|
What does the Clark-Wilson security model focus on? |
Integrity |
|
What does the simple security (ss) property mean in the Bell-LaPadula model? |
No read up |
|
What does the * (star) property mean in the Bell-LaPadula model? |
No write down |
|
What does the * (star) integrity axiom mean in the Biba model? |
No write up |
|
What does the simple integrity axiom mean in the Biba model? |
No read down |
|
What is the Biba security model concerned with? |
Integrity |
|
Which security model uses division of operations into different parts and requires different users to perform |
Clark-Wilson model |
|
A channel within a computer system or network that is designed for the authorized transfer of information is |
Overt channel |
|
What can best be described as a domain of trust that shares a single security policy and single |
A security domain |
|
Which of the following describes a technique in which a number of processor units are employed in a |
Multiprocessing |
|
Who first described the DoD multilevel military security policy in abstract, formal terms? |
David Bell and Leonard LaPadula |
|
Which of the following computer design approaches is based on the fact that in earlier technologies, the |
Complex Instruction Set Computers (CISC) |
|
What is used to protect programs from all unauthorized modification or executional interference? |
A protection domain |
|
What is called a system that is capable of detecting that a fault has occurred and has the ability to correct |
A fault-tolerant system |
|
Which integrity model defines a constrained data item, an integrity verification procedure and a |
The Clark Wilson integrity model |
|
What is defined as the hardware, firmware and software elements of a trusted computing base that |
A security kernel |
|
According to the Orange Book, which security level is the first to require a system to protect against covert |
B3 |
|
According to the Orange Book, which security level is the first to require a system to support separate |
B2 |
|
In the Bell-LaPadula model, the Star-property is also called: |
The confinement property |
|
Which of the following is best defined as an administrative declaration by a designated authority that an |
Accreditation |
|
Which of the following is best defined as a mode of system termination that automatically leaves system |
Fail safe |
|
The Reference Validation Mechanism that ensures the authorized access relationships between subjects |
The reference monitor. |
|
What is the name of the first mathematical model of a multi-level security policy used to define the concept |
Bell-LaPadula Model |
|
Which of the following models does NOT include data integrity or conflict of interest? |
Bell-LaPadula |
|
Which of the following describes a logical form of separation used by secure computing systems? |
Processes are constrained so that each cannot access objects outside its permitted domain. |
|
What security problem is most likely to exist if an operating system permits objects to be used sequentially |
Disclosure of residual data |
|
In access control terms, the word "dominate" refers to which of the following? |
Higher or equal to access class |
|
The biggest difference between System High Security Mode and Dedicated Security Mode is: |
Need-to-know |
|
For competitive reasons, the customers of a large shipping company called the "Integrated International |
Simple Security Property and Polyinstantiation |
|
What is a trusted shell? |
It means that someone who is working in that shell cannot "bust out of it", and other processes cannot "bust into it". |
|
Which security model uses an access control triple and also require separation of duty? |
Clark-Wilson |
|
You have been approached by one of your clients . They are interested in doing some security |
Information Flow Model combined with Bell Lapadula |
|
Which of the following security models introduced the idea of mutual exclusivity which generates |
Brewer & Nash |
|
Pervasive Computing and Mobile Computing Devices have to sacrifice certain functions. Which statement |
In many cases, security services has been enhanced due to the lack of services available. |
|
Which International Organization for Standardization standard is commonly referred to as the ‘common |
15408 |
|
What Cloud Deployment model consist of a cloud infrastructure provisioned for exclusive use by a single |
Private Cloud |
|
When referring to the Cloud Computing Service models. What would you call a service model where the |
Platform as a Service (PaaS) |
|
Which of the following was the first mathematical model of a multilevel security policy used to define the |
Bell-LaPadula |
|
Which of the following is a true statement pertaining to memory addressing? |
The CPU uses absolute addresses. Applications use logical addresses. Relative addresses are based on a known address and an offset value. |
|
Which of the following answers BEST describes the Bell La-Padula model of storage and access control of |
No read up and No write down |
|
In which of the following cloud computing service model are applications hosted by the service provider |
Software as a service |
|
Which of the following cloud computing service model provides a way to rent operating systems, storage |
Platform as a service |
|
Which of the following cloud computing service model is a provision model in which an organization |
Infrastructure as a service |
|
Which of the following cloud deployment model operates solely for an organization? |
Private Cloud |
|
Which of the following cloud deployment model can be shared by several organizations? |
Community Cloud |
|
Which of the following cloud deployment model is provisioned for open use by the general public? |
Public Cloud |
|
Which of the following cloud deployment model is formed by the composition of two or more cloud |
Hybrid Cloud |
Share This
Flashcard
