CISSP set4

Your page rank:

Total word count: 6773
Pages: 25

Calculate the Price

- -
275 words
Looking for Expert Opinion?
Let us have a look at your work and suggest how to improve it!
Get a Consultant

Which of the following is true about Kerberos?

It depends upon symmetric ciphers.

The RSA algorithm is an example of what type of cryptography?

Asymmetric Key.

Kerberos depends upon what encryption method?

Secret Key cryptography.

The DES algorithm is an example of what type of cryptography?

Secret Key

Which of the following encryption methods is known to be unbreakable?

One-time pads.

What algorithm was DES derived from?


What is a characteristic of using the Electronic Code Book mode of DES encryption?

A given block of plaintext and a given key will always produce the same ciphertext.

Where parties do not have a shared secret and large quantities of sensitive information must be passed,
the most efficient means of transferring information is to use Hybrid Encryption Methods. What does this

Use of public key encryption to secure a secret key, and message encryption using the secret key.

Public Key Infrastructure (PKI) uses asymmetric key encryption between parties. The originator encrypts
information using the intended recipient’s "public" key in order to get confidentiality of the data being sent.
The recipients use their own "private" key to decrypt the information. The "Infrastructure" of this
methodology ensures that:

The recipient’s identity can be positively verified by the sender

Which of the following DoD Model layer provides non-repudiation services?

application layer.

Which of the following statements is true about data encryption as a method of protecting data?
A. It

It requires careful key management

Which type of algorithm is considered to have the highest strength per bit of key length of any of the
asymmetric algorithms?

Elliptic Curve Cryptography (ECC)

How many bits is the effective length of the key of the Data Encryption Standard algorithm?


The primary purpose for using one-way hashing of user passwords within a password file is which of the

It prevents an unauthorized person from reading the password.

Which of the following issues is not addressed by digital signatures?


Brute force attacks against encryption keys have increased in potency because of increased computing
power. Which of the following is often considered a good protection against the brute force cryptography

The use of session keys.

The Data Encryption Standard (DES) encryption algorithm has which of the following characteristics?

64 bit blocks with a 64 bit total key length

PGP uses which of the following to encrypt data?

A symmetric encryption algorithm

A public key algorithm that does both encryption and digital signature is which of the following?


Which of the following is NOT true of Secure Sockets Layer (SSL)?

By convention it uses ‘s-http://’ instead of ‘http://’.

There are parallels between the trust models in Kerberos and Public Key Infrastructure (PKI). When we
compare them side by side, Kerberos tickets correspond most closely to which of the following?

public-key certificates

Which of the following identifies the encryption algorithm selected by NIST for the new Advanced
Encryption Standard?


Compared to RSA, which of the following is true of Elliptic Curve Cryptography(ECC)?

It is believed to require shorter keys for equivalent security.

What are the three most important functions that Digital Signatures perform?

Integrity, Authentication and Nonrepudiation

Which of the following protocols that provide integrity and authentication for IPSec, can also provide nonrepudiation
in IPSec?

Authentication Header (AH)

Which of the following is a cryptographic protocol and infrastructure developed to send encrypted credit
card numbers over the Internet?

Secure Electronic Transaction (SET)

Which of the following cryptographic attacks describes when the attacker has a copy of the plaintext and
the corresponding ciphertext?

known plaintext

Which of the following is NOT a true statement regarding the implementaton of the 3DES modes?

DES-EEE1 uses one key

Which one of the following is a key agreement protocol used to enable two entities to agree and generate a
session key (secret key used for one session) over an insecure medium without any prior secrets or
communications between the entities? The negotiated key will subsequently be used for message
encryption using Symmetric Cryptography.


Which of the following ciphers is a subset on which the Vigenere polyalphabetic cipher was based on?


In a known plaintext attack, the cryptanalyst has knowledge of which of the following?

both the plaintext and the associated ciphertext of several messages

What is the length of an MD5 message digest?

128 bits

The Secure Hash Algorithm (SHA-1) creates:

a fixed length message digest from a variable length input message

The RSA Algorithm uses which mathematical concept as the basis of its encryption?

Two large prime numbers

The Clipper Chip utilizes which concept in public key cryptography?

Key Escrow

Which of the following are suitable protocols for securing VPN connections at the lower layers of the OSI

IPsec and L2TP

What is the role of IKE within the IPsec protocol?

peer authentication and key exchange

In which phase of Internet Key Exchange (IKE) protocol is peer authentication performed?

Phase 1

What is NOT an authentication method within IKE and IPsec?


What is NOT true with pre shared key authentication within IKE / IPsec protocol?

Needs a Public Key Infrastructure (PKI) to work

n a hierarchical PKI the highest CA is regularly called Root CA, it is also referred to by which one of the
following term?

Top Level CA

What is the primary role of cross certification?

Creating trust between different PKIs

What kind of encryption is realized in the S/MIME-standard?

Public key based, hybrid encryption scheme

What is the main problem of the renewal of a root CA certificate?

It requires the authentic distribution of the new root CA certificate to all PKI participants

Virus scanning and content inspection of SMIME encrypted e-mail without doing any further processing is:

Not possible

What attribute is included in a X.509-certificate?

Distinguished name of the subject

Which of the following choices is a valid Public Key Cryptography Standard (PKCS) addressing RSA?


What is the primary role of smartcards in a PKI?

Tamper resistant, mobile storage and application of private keys of the users

What kind of certificate is used to validate a user identity?

Public key certificate

What does the directive of the European Union on Electronic Signatures deal with?

Non repudiation

A X.509 public key certificate with the key usage attribute "non repudiation" can be used for which of the

verifying signed messages

Which of the following would best describe certificate path validation?

Verification of the validity of all certificates of the certificate chain to the root certificate

FIPS-140 is a standard for the security of which of the following?

Hardware and software cryptographic modules

Which of the following can best define the "revocation request grace period"?

Time period between the arrival of a revocation request and the publication of the revocation information

Which is NOT a suitable method for distributing certificate revocation information?

CA revocation mailing list

Which of the following is true about digital certificate?

Electronic credential proving that the person the certificate was issued to is who they claim to be

What kind of Encryption technology does SSL utilize?

Hybrid (both Symmetric and Asymmetric)

What is the name of a one way transformation of a string of characters into a usually shorter fixed-length
value or key that represents the original string? Such a transformation cannot be reversed?

One-way hash

Which of the following is NOT an asymmetric key algorithm?

Data Encryption System (DES)

Which of the following is NOT a symmetric key algorithm?

Digital Signature Standard (DSS)

Which of the following ASYMMETRIC encryption algorithms is based on the difficulty of FACTORING


The Diffie-Hellman algorithm is primarily used to provide which of the following?

Key Agreement

Which protocol makes USE of an electronic wallet on a customer’s PC and sends encrypted credit card
information to merchant’s Web server, which digitally signs it and sends it on to its processing bank?

SET (Secure Electronic Transaction)

Which of the following algorithms does NOT provide hashing?


In what type of attack does an attacker try, from several encrypted messages, to figure out the key used in
the encryption process?

Ciphertext-only attack

Which encryption algorithm is BEST suited for communication with handheld wireless devices?

ECC (Elliptic Curve Cryptosystem)

Which of the following keys has the SHORTEST lifespan?

Session key

What is the RESULT of a hash algorithm being applied to a message?

A message digest

Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose?

message integrity.

Which of the following services is NOT provided by the digital signature standard (DSS)?


What can be defined as an instance of two different keys generating the same ciphertext from the same

Key clustering

Which of the following is true about link encryption?

This mode does not provide protection if anyone of the nodes along the transmission path is compromised.

What uses a key of the same length as the message where each bit or character from the plaintext is
encrypted by a modular addition?

One-time pad

What can be defined as secret communications where the very existence of the message is hidden?


What is the maximum number of different keys that can be used when encrypting with Triple DES?


What algorithm has been selected as the AES algorithm, replacing the DES algorithm?


Which of the following is a symmetric encryption algorithm?


Which of the following is NOT a property of the Rijndael block cipher algorithm?

Maximum key size is 512 bits

Which of the following is not a property of the Rijndael block cipher algorithm?

It operates on 64-bit plaintext blocks and uses a 128 bit key.

What is the maximum allowable key size of the Rijndael encryption algorithm?

256 bits

Which of the following algorithms is used today for encryption in PGP?


Which of the following protects Kerberos against replay attacks?

Time stamps

What is the name for a substitution cipher that shifts the alphabet by 13 places?

ROT13 cipher

Which of the following standards concerns digital certificates?


Which of the following offers security to wireless communications?


What is the effective key size of DES?

56 bits

Which of the following offers confidentiality to an e-mail message?

The sender encrypting it with the receiver’s public key.

Which of the following is not a DES mode of operation?

Input feedback

What size is an MD5 message digest (hash)?

128 bits

Which of the following service is not provided by a public key infrastructure (PKI)?


In a Public Key Infrastructure, how are public keys published?

Through digital certificates.

What principle focuses on the uniqueness of separate objects that must be joined together to perform a
task? It is sometimes referred to as "what each must bring" and joined together when getting access or
decrypting a file. Each of which does not reveal the other?

Split knowledge

What level of assurance for a digital certificate verifies a user’s name, address, social security number, and
other information against a credit bureau database?

Level 2/Class 2

Which of the following statements pertaining to stream ciphers is correct?

A stream cipher generates what is called a keystream.

Which of the following statements pertaining to block ciphers is incorrect?

Plain text is encrypted with a public key and decrypted with a private key.

Cryptography does NOT help in:

Detecting fraudulent disclosure.

What is used to bind a document to its creation at a particular time?

Digital Timestamp

Which of the following is best at defeating frequency analysis?

Polyalphabetic cipher

A code, as is pertains to cryptography

Deals with linguistic units.

Which of the following is the most secure form of triple-DES encryption?


Which of the following is NOT a known type of Message Authentication Code (MAC)?

Signature-based MAC (SMAC)

What is the maximum key size for the RC5 algorithm?

2040 bits

Which of the following algorithms is a stream cipher?


In a SSL session between a client and a server, who is responsible for generating the master secret that
will be used as a seed to generate the symmetric keys that will be used during the session?

The client’s browser

Which of the following statements pertaining to PPTP (Point-to-Point Tunneling Protocol) is incorrect?

PPTP is derived from L2TP.

Which of the following is less likely to be used today in creating a Virtual Private Network?


Which of the following was not designed to be a proprietary encryption algorithm?


Which of the following is not an encryption algorithm?


What key size is used by the Clipper Chip?

80 bits

Which of the following would best describe a Concealment cipher?

Every X number of words within a text, is a part of the real message.

Which of the following is best provided by symmetric cryptography?


Which of the following is not a disadvantage of symmetric cryptography when compared with Asymmetric


Which of the following is more suitable for a hardware implementation?

Block ciphers

How many rounds are used by DES?


What is the key size of the International Data Encryption Algorithm (IDEA)?

128 bits

Which of the following is not an example of a block cipher?


The Diffie-Hellman algorithm is used for:

Key agreement

A one-way hash provides which of the following?


Which of the following is not a one-way hashing algorithm?


Which of the following statements pertaining to key management is incorrect?

When not using the full keyspace, the key should be extremely random.

Which of the following statements pertaining to link encryption is false?

Information stays encrypted from one end of its journey to the other.

Which of the following should be used as a replacement for Telnet for secure remote login over an insecure network?


Cryptography does not concern itself with which of the following choices?


Which of the following does NOT concern itself with key management?

Cryptology (CRYPTO)

Which of the following encryption algorithms does not deal with discrete logarithms?


Which of the following statements pertaining to message digests is incorrect?

The message digest should be calculated using at least 128 bytes of the file.

Which type of attack is based on the probability of two different messages using the same hash function
producing a common message digest?

Birthday attack

Which of the following elements is NOT included in a Public Key Infrastructure (PKI)?

Internet Key Exchange (IKE)

Which of the following was developed in order to protect against fraud in electronic fund transfers (EFT) by
ensuring the message comes from its claimed originator and that it has not been altered in transmission?

Message Authentication Code (MAC)

Which of the following statements pertaining to Secure Sockets Layer (SSL) is false?

The SSL protocol’s primary use is to authenticate the client to the server using public key cryptography

What is the name of the protocol use to set up and manage Security Associations (SA) for IP Security

Internet Key Exchange (IKE)

Which of the following binds a subject name to a public key value?

A public key infrastructure

What can be defined as a digital certificate that binds a set of descriptive data items, other than a public
key, either directly to a subject name or to the identifier of another certificate that is a public-key certificate?

An attribute certificate

What can be defined as a data structure that enumerates digital certificates that were issued to CAs but
have been invalidated by their issuer prior to when they were scheduled to expire?

Authority revocation list

Who vouches for the binding between the data items in a digital certificate?

Certification authority

What enables users to validate each other’s certificate when they are certified under different certification


Which of the following would best define a digital envelope?

A message encrypted with a secret key attached with the message. The secret key is encrypted with the public key of the receiver.

What can be defined as a value computed with a cryptographic algorithm and appended to a data object in
such a way that any recipient of the data can use the signature to verify the data’s origin and integrity?

A digital signature

Which of the following can be best defined as computing techniques for inseparably embedding
unobtrusive marks or labels as bits in digital data and for detecting or extracting the marks later?

Digital watermarking

Which of the following is an Internet IPsec protocol to negotiate, establish, modify, and delete security
associations, and to exchange key generation and authentication data, independent of the details of any
specific key generation technique, key establishment protocol, encryption algorithm, or authentication

Internet Security Association and Key Management Protocol (ISAKMP)

Which of the following is defined as a key establishment protocol based on the Diffie-Hellman algorithm
proposed for IPsec but superseded by IKE?


Which of the following is defined as an Internet, IPsec, key-establishment protocol, partly based on
OAKLEY, that is intended for putting in place authenticated keying material for use with ISAKMP and for
other security associations?

Internet Key exchange (IKE)

Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to
convey session keys. This protocol establishes a long-term key once, and then requires no prior
communication in order to establish or exchange keys on a session-by-session basis?

Simple Key-management for Internet Protocols (SKIP)

Which of the following can best be defined as a key recovery technique for storing knowledge of a
cryptographic key by encrypting it with another key and ensuring that that only certain third parties can
perform the decryption operation to retrieve the stored key?

Key encapsulation

Which of the following can best be defined as a cryptanalysis technique in which the analyst tries to
determine the key from knowledge of some plaintext-ciphertext pairs?

A known-plaintext attack

Which of the following is NOT a property of a one-way hash function?

It converts a message of a fixed length into a message digest of arbitrary length.

The Data Encryption Algorithm performs how many rounds of substitution and permutation?


Which of the following statements is most accurate regarding a digital signature?

It allows the recipient of data to prove the source and integrity of data.

The computations involved in selecting keys and in enciphering data are complex, and are not practical for
manual use. However, using mathematical properties of modular arithmetic and a method known as
"_________________," RSA is quite feasible for computer use.

computing in Galois fields

Which of the following concerning the Rijndael block cipher algorithm is false?

Both block size and key length can be extended to multiples of 64 bits.

This type of attack is generally most applicable to public-key cryptosystems, what type of attack am I?

Chosen-Ciphertext attack

What is NOT true about a one-way hashing function?

It provides authentication of the message

You’ve decided to authenticate the source who initiated a particular transfer while ensuring integrity of the
data being transferred. You can do this by:

Having the sender encrypt the hash with his private key.

Which key agreement scheme uses implicit signatures ?


While using IPsec, the ESP and AH protocols both provides integrity services. However when using AH,
some special attention needs to be paid if one of the peers uses NAT for address translation service.
Which of the items below would affects the use of AH and it´s Integrity Check Value (ICV) the most?

Packet Header Source or Destination address

Which of the following protocols offers native encryption?


What is the difference between the OCSP (Online Certificate Status Protocol) and a Certificate Revocation
List (CRL)?

The OCSP (Online Certificate Status Protocol) provides real-time certificate checks and a Certificate Revocation List (CRL) has a delay in the updates.

Which of the following protocols would BEST mitigate threats of sniffing attacks on web application traffic?


What type of key would you find within a browser’s list of trusted root CA?

Public key

In a PKI infrastructure where are list of revoked certificates stored?


The equation used to calculate the total number of symmetric keys (K) needed for a group of users (N) to
communicate securely with each other is given by which of the following?

N(N 1)/ 2

In which mode of DES, a block of plaintext and a key will always give the same ciphertext?

Electronic Code Book (ECB)

Which of the following modes of DES is MOST Likely used for Database Encryption

Electronic Code Book(ECB)

which of the following is a Hashing Algorithm?


Complete the following sentence. A digital signature is a ____

hash value that has been encrypted with the senders private key

which of the following example is NOT an asymmetric key algorithms?

Advanced Encryption Standard(AES)

Complete the following sentence. A message can be encrypted, which provides __________


A message can be encrypted and digitally signed, which provides _______________

Confidentiality, Authentication, Non-repudiation, and Integrity

Public key infrastructure(PKI) consists of programs, data formats, procedures, communication protocols,
security policies, and public key cryptographic mechanisms working in a comprehensive manner to enable
a wide range of dispersed people to communicate in a secure and predictable fashion.
This infrastructure is based upon which of the following Standard?


What would you call a microchip installed on the motherboard of modern computers and is dedicated to
carrying out security functions that involve the storage and processing of symmetric and asymmetric keys,
hashes, and digital certificates.

Trusted Platform Module (TPM)

Suppose that you are the COMSEC – Communications Security custodian for a large, multinational
corporation. Susie, from Finance approaches you in the break room saying that she lost her smart ID Card
that she uses to digitally sign and encrypt emails in the PKI.

They are added to the CRL

You are an information systems security officer at a mid-sized business and are called upon to investigate
a threat conveyed in an email from one employee to another. You gather the evidence from both the email
server transaction logs and from the computers of the two individuals involved in the incident and prepare
an executive summary. You find that a threat was sent from one user to the other in a digitally signed
email. The sender of the threat says he didn’t send the email in question.
What concept of PKI – Public Key Infrastructure will implicate the sender?


compared in a process that looks something like this:
0101 0001 Plain text
0111 0011 Key stream
0010 0010 Output
What is this cryptographic operation called?


Which type of encryption is considered to be unbreakable if the stream is truly random and is as large as
the plaintext and never reused in whole or part?

One Time Pad (OTP)

Which of the following terms can be described as the process to conceal data into another file or media in
a practice known as security through obscurity?


Which of the following type of cryptography is used when both parties use the same key to communicate
securely with each other?

Symmetric Key Cryptography

Complete the blanks. When using PKI, I digitally sign a message using my ______ key. The recipient
verifies my signature using my ______ key.

Private / Public

Which of the following BEST describes a function relying on a shared secret key that is used along with a
hashing algorithm to verify the integrity of the communication content as well as the sender?

Message Authentication Code – MAC

Which answer BEST describes a secure cryptoprocessor that can be used to store cryptographic keys,
passwords or certificates in a component located on the motherboard of a computer?

TPM – Trusted Platform Module

There are basic goals of Cryptography. Which of the following most benefits from the process of


Readable is to unreadable just as plain text is to _____?

Cipher Text

In Mandatory Access Control, sensitivity labels attached to object contain what information?

The item’s classification and category set

The Orange Book describes four hierarchical levels to categorize security systems. Which of the following
levels require mandatory protection?

A and B.

What mechanism does a system use to compare the security labels of a subject and an object?

Reference Monitor.

What are the components of an object’s sensitivity label?

A single classification and a Compartment Set

What does it mean to say that sensitivity labels are "incomparable"?

Neither label contains all the categories of the other.

As per the Orange Book, what are two types of system assurance?

Operational Assurance and Life-Cycle Assurance.

The Orange Book requires auditing mechanisms for any systems evaluated at which of the following

C2 and above.

Which of the following are required for Life-Cycle Assurance?

Security Testing and Trusted distribution.

Memory management in TCSEC levels B3 and A1 operating systems may utilize "data hiding".
What does this mean?

System functions are layered, and none of the functions in a given layer can access data outside that layer.

The Orange Book states that "Hardware and software features shall be provided that can be used to
periodically validate the correct operation of the on-site hardware and firmware elements of the TCB
[Trusted Computing Base]." This statement is the formal requirement for:

System Integrity.

Which of the following can be used as a covert channel?

Storage and timing.

Covert Channel Analysis is first introduced at what level of the TCSEC rating?

B2 and above.

At what Orange Book evaluation levels are design specification and verification first required?

B1 and above.

Configuration Management controls what?

Auditing and controlling any changes to the Trusted Computing Base.

At which of the Orange Book evaluation levels is configuration management required?

B2 and above.

What is the purpose of Trusted Distribution?

To ensure that the Trusted Computing Base is not tampered with during shipment or installation

Which Orange Book evaluation level is described as "Verified Design"?


Which Orange Book evaluation level is described as "Structured Protection"?


Who developed one of the first mathematical models of a multilevel-security computer system?

Bell and LaPadula.

If an operating system permits shared resources such as memory to be used sequentially by multiple
users/application or subjects without a refresh of the objects/memory area, what security problem is MOST
likely to exist?

Disclosure of residual data

The Information Technology Security Evaluation Criteria (ITSEC) was written to address which of the
following that the Orange Book did not address?

integrity and availability.

An Architecture where there are more than two execution domains or privilege levels is called:

Ring Architecture.

Which of the following components are considered part of the Trusted Computing Base?

trusted hardware, software and firmware

Which of the following places the Orange Book classifications in order from most secure to least secure?

A, B, C, D

The Orange Book is founded upon which security policy model?

The Bell LaPadula Model

Which of the following is NOT a basic component of security architecture?


Which of the following is the lowest TCSEC class wherein the systems must support separate operator
and system administrator roles?


In which of the following model are Subjects and Objects identified and the permissions applied to each
subject/object combination are specified. Such a model can be used to quickly summarize what
permissions a subject has for various system objects.

Access Control Matrix model

In which of the following security models is the subject’s clearance compared to the object’s classification
such that specific rules can be applied to control how the subject-to-object interactions take place?

Bell-LaPadula model

Which of the following classes is the first level (lower) defined in the TCSEC (Orange Book) as mandatory


Which of the following classes is defined in the TCSEC (Orange Book) as discretionary protection?


Which of the following division is defined in the TCSEC (Orange Book) as minimal protection?

Division D

Which of the following establishes the minimal national standards for certifying and accrediting national
security systems?


Which of the following was developed by the National Computer Security Center (NCSC) for the US
Department of Defense?


Which of the following is a set of data processing elements that increases the performance in a computer
by overlapping the steps of different instructions?


Which of the following describes a computer processing architecture in which a language compiler or preprocessor
breaks program instructions down into basic operations that can be performed by the processor
at the same time?

Very-Long Instruction-Word Processor (VLIW)

Which of the following addresses a portion of the primary memory by specifying the actual address of the
memory location?

direct addressing

The steps of an access control model should follow which logical flow:

Identification, authentication, authorization

Common Criteria has assurance level from EAL 1 to EAL 7 regarding the depth of design and testing.
Which of following assure the Target of Evaluation (or TOE) is methodically designed, tested and


Attributable data should be:

always traced to individuals responsible for observing and recording the data

If an internal database holds a number of printers in every department and this equals the total number of
printers for the whole organization recorded elsewhere in the database, it is an example of:

Internal consistency of the information system.

What is called the type of access control where there are pairs of elements that have the least upper
bound of values and greatest lower bound of values?

Lattice model

Which of the following statements relating to the Bell-LaPadula security model is FALSE (assuming the
Strong Star property is not being used)?

A subject is not allowed to read down.

What would BEST define a covert channel?

A communication channel that allows transfer of information in a manner that violates the system’s security policy.

Which of the following statements relating to the Biba security model is FALSE?

Programs serve as an intermediate layer between subjects and objects.

Which of the following organizations PRODUCES and PUBLISHES the Federal Information Processing
Standards (FIPS)?

The National Institute of Standards and Technology (NIST)

Why do buffer overflows happen? What is the main cause?

Because of improper parameter checking within the application

Which of the following choices describe a condition when RAM and Secondary storage are used together?

Virtual storage

Which of the following statements pertaining to protection rings is false?

They provide users with a direct access to peripherals

What is it called when a computer uses more than one CPU in parallel to execute instructions?


Which of the following statements pertaining to the trusted computing base (TCB) is false?

Its enforcement of security policy is independent of parameters supplied by system administrators.

What can be defined as an abstract machine that mediates all access to objects by subjects to ensure that
subjects have the necessary access rights and to protect objects from unauthorized access?

The Reference Monitor

Which of the following is not a method to protect objects and the data within the objects?

Data mining

What is the main focus of the Bell-LaPadula security model?


Which of the following statements pertaining to the Bell-LaPadula is TRUE if you are NOT making use of
the strong star property?

It allows "write up."

Which security model introduces access to objects only through programs?

The Clark-Wilson model

Which security model ensures that actions that take place at a higher security level do not affect actions
that take place at a lower level?

The noninterference model

Which of the following security models does NOT concern itself with the flow of data?

The noninterference model

Which of the following Orange Book ratings represents the highest level of trust?


What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the
criteria and requirements of the higher divisions?


Which Orange book security rating introduces the object reuse protection?


Which Orange book security rating introduces security labels?


Which Orange book security rating is the FIRST to be concerned with covert channels?


What is called the formal acceptance of the adequacy of a system’s overall security by the management?


Which division of the Orange Book deals with discretionary protection (need-to-know)?


What does the Clark-Wilson security model focus on?


What does the simple security (ss) property mean in the Bell-LaPadula model?

No read up

What does the * (star) property mean in the Bell-LaPadula model?

No write down

What does the * (star) integrity axiom mean in the Biba model?

No write up

What does the simple integrity axiom mean in the Biba model?

No read down

What is the Biba security model concerned with?


Which security model uses division of operations into different parts and requires different users to perform
each part?

Clark-Wilson model

A channel within a computer system or network that is designed for the authorized transfer of information is
identified as a(n)?

Overt channel

What can best be described as a domain of trust that shares a single security policy and single

A security domain

Which of the following describes a technique in which a number of processor units are employed in a
single computer system to increase the performance of the system in its application environment above the
performance of a single processor of the same kind?


Who first described the DoD multilevel military security policy in abstract, formal terms?

David Bell and Leonard LaPadula

Which of the following computer design approaches is based on the fact that in earlier technologies, the
instruction fetch was the longest part of the cycle?

Complex Instruction Set Computers (CISC)

What is used to protect programs from all unauthorized modification or executional interference?

A protection domain

What is called a system that is capable of detecting that a fault has occurred and has the ability to correct
the fault or operate around it?

A fault-tolerant system

Which integrity model defines a constrained data item, an integrity verification procedure and a
transformation procedure?

The Clark Wilson integrity model

What is defined as the hardware, firmware and software elements of a trusted computing base that
implement the reference monitor concept?

A security kernel

According to the Orange Book, which security level is the first to require a system to protect against covert
timing channels?


According to the Orange Book, which security level is the first to require a system to support separate
operator and system administrator roles?


In the Bell-LaPadula model, the Star-property is also called:

The confinement property

Which of the following is best defined as an administrative declaration by a designated authority that an
information system is approved to operate in a particular security configuration with a prescribed set of


Which of the following is best defined as a mode of system termination that automatically leaves system
processes and components in a secure state when a failure occurs or is detected in a system?

Fail safe

The Reference Validation Mechanism that ensures the authorized access relationships between subjects
and objects is implementing which of the following concept:

The reference monitor.

What is the name of the first mathematical model of a multi-level security policy used to define the concept
of a secure state, the modes of access, and rules for granting access?

Bell-LaPadula Model

Which of the following models does NOT include data integrity or conflict of interest?


Which of the following describes a logical form of separation used by secure computing systems?

Processes are constrained so that each cannot access objects outside its permitted domain.

What security problem is most likely to exist if an operating system permits objects to be used sequentially
by multiple users without forcing a refresh of the objects?

Disclosure of residual data

In access control terms, the word "dominate" refers to which of the following?

Higher or equal to access class

The biggest difference between System High Security Mode and Dedicated Security Mode is:


For competitive reasons, the customers of a large shipping company called the "Integrated International
Secure Shipping Containers Corporation" (IISSCC) like to keep private the various cargos that they ship.
IISSCC uses a secure database system based on the Bell-LaPadula access control model to keep this
information private. Different information in this database is classified at different levels. For example, the
time and date a ship departs is labeled Unclassified, so customers can estimate when their cargos will
arrive, but the contents of all shipping containers on the ship are labeled Top Secret to keep different
shippers from viewing each other’s cargos. An unscrupulous fruit shipper, the "Association of Private Fuit
Exporters, Limited" (APFEL) wants to learn whether or not a competitor, the "Fruit Is Good
Corporation" (FIGCO), is shipping pineapples on the ship "S.S. Cruise Pacific" (S.S. CP). APFEL can’t
simply read the top secret contents in the IISSCC database because of the access model. A smart APFEL
worker, however, attempts to insert a false, unclassified record in the database that says that FIGCO is
shipping pineapples on the S.S. CP, reasoning that if there is already a FIGCO-pineapple-SSCP record
then the insertion attempt will fail. But the attempt does not fail, so APFEL can’t be sure whether or not
FIGCO is shipping pineapples on the S.S. CP. What is the name of the access control model property that
prevented APFEL from reading FIGCO’s cargo information? What is a secure database technique that
could explain why, when the insertion attempt succeeded, APFEL was still unsure whether or not FIGCO
was shipping pineapples?

Simple Security Property and Polyinstantiation

What is a trusted shell?

It means that someone who is working in that shell cannot "bust out of it", and other processes cannot "bust into it".

Which security model uses an access control triple and also require separation of duty?


You have been approached by one of your clients . They are interested in doing some security
. The client is looking at various information security models. It is a highly secure environment where data
at high classifications cannot be leaked to subjects at lower classifications . Of primary concern to them, is
the identification of potential covert channel. As an Information Security Professional , which model would
you recommend to the client?

Information Flow Model combined with Bell Lapadula

Which of the following security models introduced the idea of mutual exclusivity which generates
dynamically changing permissions?

Brewer & Nash

Pervasive Computing and Mobile Computing Devices have to sacrifice certain functions. Which statement
concerning those devices is false.

In many cases, security services has been enhanced due to the lack of services available.

Which International Organization for Standardization standard is commonly referred to as the ‘common


What Cloud Deployment model consist of a cloud infrastructure provisioned for exclusive use by a single
organization comprising multiple consumers (e.g., business units)? Such deployment model may be
owned, managed, and operated by the organization, a third party, or some combination of them, and it may
exist on or off premises.

Private Cloud

When referring to the Cloud Computing Service models. What would you call a service model where the
consumer does not manage or control the underlying cloud infrastructure including networks, servers,
operating systems, or storage, but has control over the deployed applications and possibly configuration
settings for the application-hosting environment?

Platform as a Service (PaaS)

Which of the following was the first mathematical model of a multilevel security policy used to define the
concepts of a security state and mode of access, and to outline rules of access?


Which of the following is a true statement pertaining to memory addressing?

The CPU uses absolute addresses. Applications use logical addresses. Relative addresses are based on a known address and an offset value.

Which of the following answers BEST describes the Bell La-Padula model of storage and access control of
classified information?

No read up and No write down

In which of the following cloud computing service model are applications hosted by the service provider
and made available to the customers over a network?

Software as a service

Which of the following cloud computing service model provides a way to rent operating systems, storage
and network capacity over the Internet?

Platform as a service

Which of the following cloud computing service model is a provision model in which an organization
outsources the equipment used to support operations, including storage, hardware, servers and
networking components?

Infrastructure as a service

Which of the following cloud deployment model operates solely for an organization?

Private Cloud

Which of the following cloud deployment model can be shared by several organizations?

Community Cloud

Which of the following cloud deployment model is provisioned for open use by the general public?

Public Cloud

Which of the following cloud deployment model is formed by the composition of two or more cloud
deployment mode?

Hybrid Cloud

Share This

More flashcards like this

NCLEX 10000 Integumentary Disorders

When assessing a client with partial-thickness burns over 60% of the body, which finding should the nurse report immediately? a) ...

Read more


A client with amyotrophic lateral sclerosis (ALS) tells the nurse, "Sometimes I feel so frustrated. I can’t do anything without ...

Read more

NASM Flashcards

Which of the following is the process of getting oxygen from the environment to the tissues of the body? Diffusion ...

Read more

Unfinished tasks keep piling up?

Let us complete them for you. Quickly and professionally.

Check Price

Successful message