CISSP- Security Architecture And Design

20 Questions | Total Attempts: 334

SettingsSettingsSettings
CISSP Quizzes & Trivia

Questions and Answers
  • 1. 
    A holistic lifecycle for developing security architecture that begins with assessing business requirements and subsequently creating a “chain of traceability” through phases of strategy, concept, design, implementation and metrics is characteristic of which of the following frameworks?
    • A. 

      Zachman

    • B. 

      SABSA

    • C. 

      ISO 27000

    • D. 

      TOGAF

  • 2. 
    Which of the following component of ITIL’s service portfolio is primarily focused on translating designs into operational services through a standard project management standard?
    • A. 

      Service strategy

    • B. 

      Service design

    • C. 

      Service transition

    • D. 

      Service operations

  • 3. 
    Without proper definition of security requirements, systems fail. Which of the following can be used to capture detailed security requirements?
    • A. 

      Threat modeling

    • B. 

      Data classification

    • C. 

      Risk assessments

    • D. 

      All of the above

  • 4. 
    Formerly known as ISO 17799, which of the following security standards is universally recognized as the standards for sound security practices and is focused on the standardization and certifi cation of an organization’s information security management system (ISMS)?
    • A. 

      ISO 15408

    • B. 

      ISO 27001

    • C. 

      ISO 9001

    • D. 

      ISO 9146

  • 5. 
    Which of the following describes the rules that need to be implemented to ensure that the security requirements are met?
    • A. 

      Security kernel

    • B. 

      Security policy

    • C. 

      Security model

    • D. 

      Security reference monitor

  • 6. 
    A two dimensional grouping of individual subjects into groups or roles and granting access to groups to objects is an example of which of the following types of models?
    • A. 

      Multilevel lattice

    • B. 

      State machine

    • C. 

      Noninterference

    • D. 

      Matrix-based

  • 7. 
    Th e * security property of which of the following models ensures that a subject with clearance level of “secret” has the ability to write only to a set of objects and in order to prevent disclosure, the subject may write to objects classifi ed as “secret” or “top Secret” but is prevented from writing information classifi ed as “public”?
    • A. 

      Biba

    • B. 

      Clark–Wilson

    • C. 

      Brewer–Nash

    • D. 

      Bell–LaPadula

  • 8. 
    Which of the following is unique to the Biba integrity model?
    • A. 

      Simple property

    • B. 

      * (star) property

    • C. 

      Invocation property

    • D. 

      Strong * property

  • 9. 
    Which of the following models must be most considered in a shared data hosting environment so that the data of one customer is not disclosed a competitor or other customers sharing that hosted environment?
    • A. 

      Brewer–Nash

    • B. 

      Clark–Wilson

    • C. 

      Bell–LaPadula

    • D. 

      Lipner

  • 10. 
    Which of the following is the security model that is primarily concerned with how the subjects and objects are created and how subjects are assigned rights or privileges?
    • A. 

      Bell–LaPadula

    • B. 

      Biba

    • C. 

      Chinese Wall

    • D. 

      Graham–Denning

  • 11. 
    Which of the following ISO standard provides the evaluation criteria that can be used to evaluate security requirements of diff erent vendor products?
    • A. 

      15408

    • B. 

      27000

    • C. 

      TCSEC

    • D. 

      ITSEC

  • 12. 
    In the Common Criteria, the common set of functional and assurance requirements for a category of vendor products deployed in a particular type of environment is known as
    • A. 

      Protection profiles

    • B. 

      Security target

    • C. 

      Trusted computing Base

    • D. 

      Ring protection

  • 13. 
    Which of the following evaluation assurance level that is formally verified, designed, and tested is expected for high risk situation?
    • A. 

      EAL 1

    • B. 

      EAL 3

    • C. 

      EAL 5

    • D. 

      EAL 7

  • 14. 
    Formal acceptance of an evaluated system by management is known as
    • A. 

      Certification

    • B. 

      Accreditation

    • C. 

      Validation

    • D. 

      Verification

  • 15. 
    Which stage of the capability maturity model (CMM) is characterized by having organizational processes that are proactive?
    • A. 

      Initial

    • B. 

      Managed

    • C. 

      Defined

    • D. 

      Optimizing

  • 16. 
    Which of the following provides a method of quantifying risks associated with information technology in addition to helping with validating the abilities of new security controls and countermeasures to address the identifi ed risks?
    • A. 

      Threat/risk assessment

    • B. 

      Penetration testing

    • C. 

      Vulnerability assessment

    • D. 

      Data classification

  • 17. 
    The use of the proxies to protect more trusted assets from less sensitive ones is an example of which of the following types of security services?
    • A. 

      Access control

    • B. 

      Boundary control

    • C. 

      Integrity

    • D. 

      Audit and monitoring

  • 18. 
    Which of the following is the main reason for security concerns in mobile computing devices?
    • A. 

      The 3G protocol is inherently insecure

    • B. 

      Lower processing power

    • C. 

      Hackers are targeting mobile devices

    • D. 

      The lack of antivirus software.

  • 19. 
    Device drivers that enable the OS to control and communicate with hardware need to be securely designed, developed, and deployed because
    • A. 

      They are typically installed by end-users and granted access to supervisor state to help them run faster.

    • B. 

      Th ey are typically installed by administrators and granted access to user mode state to help them run faster.

    • C. 

      Th ey are typically installed by software without human interaction.

    • D. 

      They are integrated as part of the operating system.

  • 20. 
    A system administrator grants group rights to a group of individuals called “Accounting” instead of granting individual rights to each individual. Th is is an example of which of the following security mechanisms?
    • A. 

      Layering

    • B. 

      Data hiding

    • C. 

      Cryptographic protections

    • D. 

      Abstraction