architecture security and design
TRANSCRIPT
SECURITY ARCHITECTURE & MODELS
Question 1
1. Which TCSEC (Orange Book) level requires the system to clearly identify functions of security administrator to perform security-related functions?
a) C2
b) B1
c) B2
d) B3
SECURITY ARCHITECTURE & MODELS
Question 1: Answer
d) B3
TCSEC B2 level specifies that the system must support separate operator and administrator roles but only level B3 (and A1) requires the system to clearly identify functions of security administrator to perform security-related functions.
SECURITY ARCHITECTURE & MODELS
Question 2
2. Which of the following statements pertaining to the trusted computing base (TCB) is false?
a) It addresses the level of security a system provides.
b) It originates from the Orange Book.
c) It includes hardware, firmware and software.
d) A higher TCB rating will require that details of their testing procedures and documentation be reviewed with more granularity.
SECURITY ARCHITECTURE & MODELS
Question 2: Answer
a) It addresses the level of security a system provides.
The TCB addresses the level of trust, not the level of security.
SECURITY ARCHITECTURE & MODELS
Question 3
3. The Orange Book is founded upon which security policy model?
a) The Biba Model
b) The Bell LaPadula Model
c) Clark-Wilson Model
d) TEMPEST
SECURITY ARCHITECTURE & MODELS
Question 3: Answer
b) The Bell LaPadula Model
The Bell-LaPadula model is the security policy model on which the Orange Book requirements are based. From the Orange Book definition, "A formal state transition model of computer security policy that describes a set of access control rules."
SECURITY ARCHITECTURE & MODELS
Question 4
4. Which security model introduces access to objects only through programs?
a) The Biba model
b) The Bell-LaPadula model
c) The Clark-Wilson model
d) The information flow model
SECURITY ARCHITECTURE & MODELS
Question 4: Answer
c) The Clark-Wilson model
The Clark-Wilson model prevents authorized users from making unauthorized modifications by requiring them to go through programs to modify objects.
SECURITY ARCHITECTURE & MODELS
Question 5
5. What does it mean if a system uses "Trusted Recovery"?
a) A single account on the system has the administrative rights to recover or reboot the system after a crash.
b) A failure or crash of the system cannot be used to breach security.
c) The recovery process is done from media that have been locked in a safe.
d) There is no such principle as "Trusted Recovery" in security.
SECURITY ARCHITECTURE & MODELS
Question 5: Answer
b) A failure or crash of the system cannot be used to breach security.
Systems with Trusted Recovery must fail gracefully and not leave the information in an unprotected state when they do so (i.e. a box that functions as a firewall, and which routes packets after the firewall process has crashed is not using Trusted Recovery.)
SECURITY ARCHITECTURE & MODELS
Question 6
6. What is necessary for a subject to have read access to an object in a Multi-Level Security Policy?
a) The subject's sensitivity label must dominate the object's sensitivity label
b) The subject's sensitivity label subordinates the object's sensitivity label
c) The subject's sensitivity label is subordinated by the object's sensitivity label
d) The subject's sensitivity label is dominated by the object's sensitivity label
SECURITY ARCHITECTURE & MODELS
Question 6: Answer
a) The subject's sensitivity label must dominate the object's sensitivity label
The subject's sensitivity label must dominate the object's sensitivity label for a subject to have read access to an object in a Multi-Level Security Policy
SECURITY ARCHITECTURE & MODELS
Question 7
7. Which criteria effort was the first to introduce the notions of integrity and availability?
a) The Information Technology Security Evaluation Criteria
b) The Canadian Trusted Computer Product Evaluation Criteria
c) The Trusted Computer System Evaluation Criteria
d) The Common Criteria
SECURITY ARCHITECTURE & MODELS
Question 7: Answer
b) The Canadian Trusted Computer Product Evaluation Criteria
The first (1987) version of the Canadian Trusted Computer Product Evaluation Criteria (CTCPEC) is an extension of the TCSEC, in which the notions of integrity and availability first surface in an evaluation standard.
SECURITY ARCHITECTURE & MODELS
Question 8
8. At what Orange Book evaluation levels are configuration management required?
a) C1 and above
b) C2 and above
c) B1 and above
d) B2 and above
SECURITY ARCHITECTURE & MODELS
Question 8: Answer
d) B2 and above
Systems passing evaluation at B2 and above must have mathematical and automated proof that the design specifications actually match the system policies.
SECURITY ARCHITECTURE & MODELS
Question 9
9. What does the * (star) property mean in the Bell-LaPadula model?
a) No write up
b) No read up
c) No write down
d) No read down
SECURITY ARCHITECTURE & MODELS
Question 9: Answer
c) No write down
The *- (star) property of the Bell-LaPadula access control model states that writing of information by a subject at a higher level of sensitivity to an object at a lower level of sensitivity is not permitted (no write down).
SECURITY ARCHITECTURE & MODELS
Question 10
10. According to the Orange Book, which security level is the first to require a system to protect against covert timing channels?
a) A1
b) B3
c) B2
d) B1
SECURITY ARCHITECTURE & MODELS
Question 10: Answer
b) B3
B1 does not address covert channels.
B2 requires a system to protect against covert storage channels but does not address covert timing channels.
B3 and A1 both address covert storage channels and covert timing channels and must perform a covert channel analysis for both types.
SECURITY ARCHITECTURE & MODELS
Question 11
11. Which of the following security models does not concern itself with the flow of data?
a) The information flow model
b) The Biba model
c) The Bell-LaPadula model
d) The noninterference model
SECURITY ARCHITECTURE & MODELS
Question 11: Answer
d) The noninterference model
The concept of noninterference is implemented to ensure that any actions that take place at one security level should not be seen by, or interfere with, subjects or objects a lower level. This type of model does not concern itself with the flow of data, but with what a subject knows about the state of the system. The Bell-LaPadula and Biba models use an information flow model.
SECURITY ARCHITECTURE & MODELS
Question 12
12. Which of the following statements pertaining to the ITSEC is false?
a) The functionality is rated from F1 to F10.
b) It is only used in Europe, not internationally.
c) The assurance is rated from E1 to E10.
d) Most ITSEC ratings can be mapped to the Orange Book ratings, but ITSEC took a step farther and added more levels to address specific needs not covered by the TCSEC.
SECURITY ARCHITECTURE & MODELS
Question 12: Answer
c) The assurance is rated from E1 to E10.
Information Technology Security Evaluation Criteria (ITSEC) is used only in Europe. Whereas TCSEC combines functionality and assurance, ITSEC separates these two attributes and rates them separately. Functionality is rated from F1 to F10 and assurance is rated from E0 (D) to E6 (A1), not E1 to E10.
SECURITY ARCHITECTURE & MODELS
Question 13
13. Which TCSEC level introduces formal covert channel analysis?
a) B1
b) B2
c) B3
d) A1
SECURITY ARCHITECTURE & MODELS
Question 13: Answer
d) A1
Although B2 and B3 are concerned with covert channels, only level A1 involves a formal covert channel analysis.
SECURITY ARCHITECTURE & MODELS
Question 14
14. Which of the following addresses a portion of the primary memory by specifying the actual address of the memory location?
a) direct addressing
b) absolute addressing
c) implied addressing
d) indexed addressing
SECURITY ARCHITECTURE & MODELS
Question 14: Answer
a) direct addressing
Direct addressing addresses a portion of the primary memory by specifying the actual address of the memory location.
SECURITY ARCHITECTURE & MODELS
Question 15
15. What mechanism does a system use to compare the security labels of a subject and an object?
a) Validation Module
b) Reference Monitor
c) Clearance Check
d) Security Module
SECURITY ARCHITECTURE & MODELS
Question 15: Answer
a) Reference Monitor
A reference monitor compares the sensitivity labels of subjects and objects to determine if the subject has rights to access the object.
SECURITY ARCHITECTURE & MODELS
Question 16
16. Which of the following Orange Book ratings represents the highest security level?
a) B1
b) B2
c) F6
d) C2
SECURITY ARCHITECTURE & MODELS
Question 16: Answer
b) B2
The classification goes from A (highest) to D (lowest) and can have numbered divisions, where a higher number represents a new set of requirements, thus a higher security level.
SECURITY ARCHITECTURE & MODELS
Question 17
17. Device labels are required for which of the following Orange Book ratings?
a) C2
b) B1
c) B2
d) D6
SECURITY ARCHITECTURE & MODELS
Question 17: Answer
c) B2
B2: Structured Protection: Security policy clearly defined; subjects and devices require labels and system must not allow covert (storage) channels; Trusted Facility Management which means a separation of SysAdmin and SysOperator roles.
B1: Labeled Security: each data object has a classification label and each subject has a clearance label; system checks one against the other.
SECURITY ARCHITECTURE & MODELS
Question 18
18. What can be defined as an abstract machine that mediates all access to objects by subjects to ensure that subjects have the necessary access rights and to protect objects from unauthorized access?
a) The reference monitor
b) The security kernel
c) The trusted computing base
d) The security domain
SECURITY ARCHITECTURE & MODELS
Question 18: Answer
a) The reference monitor
The reference monitor is an abstract machine that mediates all access to objects by subjects to ensure that subjects have the necessary access rights.
It also protects objects from unauthorized access and destructive modifications.
The security kernel is made up of mechanisms that fall under the TCB and enforces the reference monitor concept.
A security domain defines which objects are available to a subject.
SECURITY ARCHITECTURE & MODELS
Question 19
19. What does the * (star) integrity axiom mean in the Biba model?
a) No read up
b) No write down
c) No read down
d) No write up
SECURITY ARCHITECTURE & MODELS
Question 19: Answer
d) No write up
The *- (star) integrity axiom of the Biba access control model states that an object at one level of integrity is not permitted to modify an object of a higher level of integrity (no write up).
SECURITY ARCHITECTURE & MODELS
Question 20
20. CC stands for:
a) enCrypted Communication
b) Common Criteria for Information Security Evaluation
c) Certificate Creation
d) Circular Certificate rollover
SECURITY ARCHITECTURE & MODELS
Question 20: Answer
b) Common Criteria for Information Security Evaluation
Everything else are invalid.
SECURITY ARCHITECTURE & MODELS
Question 21
21. What can best be described as a domain of trust that shares a single security policy and single management?
a) The reference monitor
b) A security domain
c) The security kernel
d) The security perimeter
SECURITY ARCHITECTURE & MODELS
Question 21: Answerb) A security domain
A security domain is a domain of trust that shares a single security policy and single management. The reference monitor is an abstract machine which must mediate all access to subjects to objects, be protected from modification, be verifiable as correct, and is always invoked. The security kernel is the hardware, firmware and software elements of a trusted computing base that implement the reference monitor concept. The security perimeter includes the security kernel as well as other security-related system functions that are within the boundary of the trusted computing base. System elements that are outside of the security perimeter need not be trusted.
SECURITY ARCHITECTURE & MODELS
Question 22
22. What is another name for the Orange Book?
a) The Trusted Computer System Evaluation Criteria (TCSEC)
b) The Trusted Computing Base (TCB)
c) The Information Technology Security Evaluation Criteria (ITSEC)
d) The Common Criteria (CC)
SECURITY ARCHITECTURE & MODELS
Question 22: Answer
a) The Trusted Computer System Evaluation Criteria (TCSEC)
The Trusted Computer System Evaluation Criteria (TCSEC) was developed by the U.S. Department of Defense and published in a book with an orange cover, thus the name Orange Book.
SECURITY ARCHITECTURE & MODELS
Question 2323. Which of the following describes a logical form of separation used by secure computing systems?
a) Processes use different levels of security for input and output devices.
b) Processes are constrained so that each cannot access objects outside its permitted domain.
c) Processes conceal data and computations to inhibit access by outside processes.
d) Processes are granted access based on granularity of controlled objects.
SECURITY ARCHITECTURE & MODELS
Question 23: Answer
b) Processes are constrained so that each cannot access objects outside its permitted domain.
Constrained processes so that each cannot access objects outside its permitted domain describes a logical form of separation used by secure computing systems.
SECURITY ARCHITECTURE & MODELS
Question 24
24. Mandatory Access requires that sensitivity labels be attached to all objects. Which of the following would be designated as objects on a MAC system?
a) Files, directories, processes, and sockets
b) Devices, processes and sockets
c) Users, windows, and programs
d) Files, directories and devices
SECURITY ARCHITECTURE & MODELS
Question 24: Answer
d) Files, directories and devices
MAC designates things that can take an action (users, programs and processes) as subjects, and the things that they can act upon (files, directories, devices, windows, and sockets) as objects. Both subjects and objects in MAC systems must have an associated sensitivity label.
USING THIS TEMPLATE
See the notes pane or view the full notes page (View menu) for detailed help on this template.