Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
36 Cards in this Set
- Front
- Back
orange book defined operational assurance requirements
|
system architecture
system integrity covert channel analysis trusted facility management trusted recovery |
|
orange book defined life cycle assurance requirements
|
security testing
design specification and testing configuration management trusted distribution |
|
Which of the following is the lowest TCSEC class wherein the systems must support
separate operator and system administrator roles |
B2
|
|
B1
|
Labeled Security:
Each data object must contain a classification label and each subject must have a clearance label. |
|
B2
|
Structured Protection:
The security policy is clearly defined and documented, and the system design and implementation are subjected to more thorough review and testing procedures |
|
B3
|
Security Domains:
The reference monitor components must be small enough to test properly and be tamperproof. The security administrator role is clearly defined, and the system must be able to recover from failures without it security level being compromised |
|
Which of the following statements pertaining to the trusted computing base (TCB) is false?
A.) It addresses the level of security a system provides B.) It originates from the Orange Book C.) It includes hardware, firmware, and software D.) A higher TCB rating will require that details of their testing procedures and documentation be reviewed with more granularity |
Answer: A
|
|
Which of the following is not an Orange book-defined operational assurance requirement?
A.) System architecture B.) Trusted facility management C.) Configuration management D.) Covert channel analysis |
Answer: C
|
|
operational assurance requirements specified in the Orange Book are as follows
|
System Architecture
System integrity Covert channel analysis Trusted facility management Trusted recovery" |
|
According to the Orange Book, trusted facility management is not required for which of
the following security levels? A.) B1 B.) B2 C.) B3 D.) A1 |
Answer: A
|
|
Which factor is critical in all systems to protect data integrity?
A. Data classification B. Information ownership C. Change control D. System design |
Answer: A
A Integrity is dependent on confidentiality, which relies on data classification. Also Biba integrity model relies on data classification. |
|
Which security model introduces access to objects only through programs?
A.) The Biba model B.) The Bell-LaPadula model C.) The Clark-Wilson model D.) The information flow model |
Answer: C
"The Clark-Wilson model is also an integrity-protecting model. The Clark-Wilson model was developed after Biba and approaches integrity protection from a different perspective. Rather than employing a lattice structure, it uses a three-part relationship of subject/program/object known as a triple. Subjects do not have direct access to objects. Objects can be access only through programs. |
|
To ensure that integrity is attainted through the Clark and Wilson model, certain rules are
needed.These rules are: A. Processing rules and enforcement rules. B. Integrity-bouncing rules. C. Certification rules and enforcement rules. D. Certification rules and general rules. |
Answer: C
Explanation: To ensure that integrity is attained and preserved, Clark and Wilson assert, certain integrity-monitoring and integrity-preserving rules are needed. Integrity-monitoring rules are called certification rules, and integrity-preserving rules are called enforcement rules. |
|
What does * (star) integrity axiom mean in the Biba model?
A.) No read up B.) No write down C.) No read down D.) No write up |
Answer: D
"Biba has two integrity axioms: 1. Simple Integrity Axiom The Simple Integrity Axiom (SI Axiom) state that a subject at a specific classification level cannot read data with a lower classification level. This is often shortened to "no read down |
|
Which of the following are the limitations of the Bell-LaPadula model?
A. No policies for changing access data control. B. All of the choices. C. Contains covert channels. D. Static in nature. |
Answer: B
Explanation: Limitations of the BLP model: Have no policies for changing access data control Intended for systems with static security levels Contains covert channels: a low subject can detect the existence of a high object when it is denied access. Sometimes it is enough to hide the content of an abject; also their existence may have to be hidden. Restricted to confidentiality |
|
With the BLP model, access permissions are defined through
A. Filter rules B. Security labels C. Access Control matrix D. Profiles |
Answer: C
Explanation: Bell-LaPadula is a state machine model capturing confidentiality aspects of access control. Access permissions are defined through an Access Control matrix and through a partial ordering of security levels. Security policies prevent information flowing downwards from a high security level to a low security level. BLP only considers the information flow that occurs when a subject observes or alters an object |
|
In the Bell-LaPadula model, the Star-property is also called:
A.) The simple security property B.) The confidentiality property C.) The confinement property D.) The tranquility property |
Answer: C
|
|
Private Industry Classification Levels
|
Public
Internal Confidential Restricted Highly Restricted |
|
There are four criteria that
should be considered when determining the appropriate classification level for a piece of data: |
-The information's value to the organization
-The age and useful life of the information -The ability of an outsider to independently develop the same or similar information -The potential harm to the organization should the information be disclosed |
|
ACCESS CONTROL MODELS
|
-Lattice Models
In a lattice model, every resource and every user of a resource is associated with one of an ordered set of classes -The Bell-LaPadula Model The lattice model took no account of the threat that might be posed by a Trojan horse lurking in a program used by people associated with a particular class that, unknown to them, copies information into a resource with a lower access level The Bell-LaPadula model prevents users and processes from reading above their security level, as does the lattice model -The Biba Model:Biba discovered a plausible notion of integrity, which he defined as prevention of unauthorized modification. The resulting Biba integrity model states that maintenance of integrity requires that data not flow from a receptacle of given integrity to a receptacle of higher integrity -The Take-Grant Model The take-grant model provides a mathematical framework for studying the results of revoking and granting authorization. As such, it is a useful analytical tool for auditors. -The Clark-Wilson Model model consists of subject/program/object triples and rules about data, application programs, and triples. |
|
What is a security requirement that is unique to Compartmented Mode Workstations
(CMW)? A.) Sensitivity Labels B.) Object Labels C.) Information Labels D.) Reference Monitors |
Answer: C
|
|
The Common Criteria (CC) represents requirements for IT security of a product or system under which
distinct categories? A. Functional and assurance B. Protocol Profile (PP) and Security Target (ST) C. Targets of Evaluation (TOE) and Protection Profile (PP) D. Integrity and control |
Answer: A
Like other evaluation criteria before it, Common Criteria works to answer two basic and general questions about products being evaluated: what does it do (functionality), and how sure are you of that (assurance) |
|
What are the assurance designators used in the Common Criteria (CC)?
A. EAL 1, EAL 2, EAL 3, EAL 4, EAL 5, EAL 6, and EAL 7 B. A1, B1, B2, B3, C2, C1, and D C. E0, E1, E2, E3, E4, E5, and E6 D. AD0, AD1, AD2, AD3, AD4, AD5, and AD6 |
Answer: A
EALs range from EA1 (functional testing to EA7 (detailed testing and formal design verification) |
|
Which of the following uses protection profiles and security targets?
A.) ITSEC B.) TCSEC C.) CTCPEC D.) International Standard 15408 |
Answer: D
|
|
Protection Profile (PP)
|
an implementation-independent
specification of the security requirements and protections of a product that could be built |
|
The Common Criteria TOE
|
refers to the product to be tested
|
|
Security Target (ST)
|
listing of the security claims for a particular IT security
product. |
|
According to Common Criteria, what can be described as an intermediate combination of
security requirement components? A.) Protection profile (PP) B.) Security target (ST) C.) Package D.) The Target of Evaluation (TOE) |
Answer: C
|
|
The Common Criteria construct which allows prospective consumers or developers to
create standardized sets of security requirements to meet there needs is A. a Protection Profile (PP). B. a Security Target (ST). C. an evaluation Assurance Level (EAL). D. a Security Functionality Component Catalog (SFCC). |
Answer: A
|
|
The Information Technology Security Evaluation Criteria (ITSEC) was written to address
which of the following that the Orange Book did not address? A.) integrity and confidentiality B.) confidentiality and availability C.) integrity and availability D.) none of the above |
Answer: C
|
|
Which of the following was developed by the National Computer Security Center
(NCSC)? A.) TCSEC B.) ITSEC C.) DITSCAP D.) NIACAP |
Answer: A
|
|
The Trusted Computer Security Evaluation Criteria (TBSEC) provides
A. a basis for assessing the effectiveness of security controls built into automatic data-processing system products B. a system analysis and penetration technique where specifications and document for the system are analyzed. C. a formal static transition model of computer security policy that describes a set of access control rules. D. a means of restricting access to objects based on the identity of subjects and groups to which they belong. |
Answer: A
TBSEC provides guidelines to be used with evaluating a security product. The TBSEC guidelines address basic security functionality and allow evaluators to measure and rate the functionality of a system and how trustworthy it is. |
|
Which of the following classes is defined in the TCSEC (Orange Book) as mandatory
protection? A.) B B.) A C.) C D.) D |
Answer: A
|
|
Which Orange Book security rating requires that formal techniques are used to prove the
equivalence between the TCB specifications and the security policy model? A.) B2 B.) B3 C.) A1 D.) A2 |
Answer: C
|
|
According to the Orange Book, which security level is the first to require a system to
protect against covert timing channels? A.) A1 B.) B3 C.) B2 D.) B1 |
Answer: B
|
|
Configuration Management controls what?
A.) Auditing of changes to the Trusted Computing Base B.) Control of changes to the Trusted Computing Base C.) Changes in the configuration access to the Trusted Computing Base D.) Auditing and controlling any changes to the Trusted Computing Base |
Answer: D
"Official Definition of Configuration Management Identifying, controlling, accounting for and auditing changes made to the baseline TCB, which includes changes to hardware, software, and firmware. |