cissp方面的文档.doc

SECURITY ARCHITECTURE & MODELS1. Security of an automated information system is most effective and economical if the system isa. optimized prior to addition of security.b.customized to meet the specific security threat.c. subjected to intense security testing.d. designed originally to provide the necessary security.Answer: d.2. A mechanism that enforces the authorized access relationships between subjects and objects is known as a.the reference monitor.b.discretionary access control.c.trusted kernel.d.mandatory access control.Answer: a.Reference: HISM, 1998, pg 93-94Discussion:Answer a - correctAnswer b - wrong, access controls not based on policy or need to know is DAC.Answer c - wrong, a trusted kernel is the hardware, firmware, & software elements of a trusted computing base that implements the reference monitor concept.Answer d - MAC establishes the relationships between subjects and objects.3. What is the name of the first mathematical model of a multi-level security policy used to define the concept of a secure state, the modes of access, and rules for granting access?a.Clark and Wilson Modelb.Harrison-Ruzzo-Ullman Modelc.Rivest and Shamir Modeld.Bell-LaPadula ModelAnswer: d.Reference: Secure Computing, Rita C. Summers, pg 121.Discussion:Answer a - wrong, a model for describing integrity requirements.Answer b - wrong, a model that defines a protection system as a set of generic rights & a set of common data sets.Answer c - wrong, not a model but a public key encryption method.Answer d - correct4. What is the name of the imaginary boundary that separates the components for maintaining security from the nonsecurity relevant components?a.Security kernelb.Security modelc.Security perimeterd.Security sessionAnswer: c.Reference: Secure Computing, Rita Summers, pg. 254.Discussion:Answer a - wrong, its the hardware, software, etc., elements of a trusted computing base that implements the reference monitor concept.Answer b - wrong, its a formal presentation of a security policy.Answer c - correctAnswer d - wrong, a fabricated distractor.5. Which of the following models does NOT include data integrity? a.Bibab.Clark-Wilson c.Bell-LaPadulad.Brewer-NashAnswer: c.Reference: Secure Computing, Rita Summers, pg 121.Discussion:Answer a - wrong, an integrity model.Answer b - wrong, an integrity model.Answer c - correct, a confidentiality modelAnswer d - wrong, an integrity model that described the Chinese Wall Policy6. Which of the following design requirements must a reference monitor meet to perform its security role?a.Its validation mechanism must be small enough to be subject to analysis and tests.b.Its monitor mechanism must be large enough to validate all code for security violations.c.Its validation mechanism must be invoked only for secure processes.d.Its monitor mechanism must be capable of auditing all operating processes.Answer: a.Reference: Information Security Handbook, Caelli,Longley et al. Page 567Discussion:Answer a - correct.Answer b - wrong, it doesnt validate all code.Answer c - wrong, it must be invoked for all processes.Answer d - wrong, it doesnt audit processes.7. Which of the following BEST describes a kernel from a security standpoint?a.A reference monitorb.A resource managerc.A memory monitord.An address managerAnswer: a.8. In which security model is the *-property (or star property) security model rule found?a. Brewer-Nashb. Clark-Wilsonc. Bell-LaPadulad. Fleming-AndrewsAnswer: c.(Reference: National Computer Security Center, Glossary of Computer Security Terms, NCSC-TG-004-Version-1, 21 October 1988, pg 2)9. Which of the following BEST describes the meaning of the term “reference monitor”?a. The system mechanism that maintains the ACL on authorized users and protected data sets.b. The system mechanism that maintains the configuration of access control software and related systems.c. The system software component that determines whether a user is authorized to perform a requested operation.d. The system software component that monitors user activity and creates the security audit trail.Answer: c.(Reference: National Research Council, Computers at Risk, Washington, D.C.: National Academy Press, 1991, pg 8410. According to the “Orange Book,” the Trusted Computing Base should enforce accountability by providing the capability to uniquely identify each individual user and tect that individuals data from unauthorized modification or destruction.b.create an audit record each time a user changes a password.c.associate this identity with all auditable actions taken by that individual.d.preclude simultaneous log on sessions by a single individual.Answer: c.11. The Trusted Computing Base containsa.trusted hardware and design only.b.trusted software and design only.c.trusted hardware and software componentsd.trusted workstations and terminals. Answer: c.12. Information Technology Security Evaluation Criteria are related to thea.Defense Department.b.European Community.c.National Institute of Standards & Technology.d.Canadian Government.Answer: b.13. At which level does the Trusted Computer System Evaluation Criteria first require labeling based on classification of information?a.B1b.B3c.C1d.C2Answer: a.14. Which of the following is required to implement IPSEC?a.Iterated tunnelingb.Security associationc.Authentication headerd.Encapsulating security payloadAnswer: b.15. What is the characteristic of a trusted process where users are not allowed unrestricted access to sensitive data?a.Confined domain.b.Need to know.c.Restricted resource.d.Validated execution.Answer: b.16. Which of the following describes a logical form of separation used by secure computing systems?a.Processes use different levels of security for input and output devices.b.Processes are constrained so that each cannot access objects outside its permitted domain.c.Processes conceal data and computations to inhibit access by outside processes.d.Processes are granted access based on granularity of controlled objects.Answer: b.17. A descriptor used to indicate the sensitivity of an object is commonly known as aa.token value.b.label.c.nonce.d.classification.Answer: b.A classification is a category of sensitivity to which several objects would be assigned, all with the same label.18. What advantage does firmware have over software?a.It requires less address space to execute.b.It is easier to verify for code completeness.c.It is difficult to alter without physical access.d.It cannot be accessed by system programmers.Answer: c.Reference: Fites and Kratz, Information Systems Security: A Practitioners Reference, International Thomson Computer Press, 1996, pg 15319. Which of the following is the final step in authorizing a system for secure operations?a.Releaseb.Certificationc.Verificationd.AccreditationAnswer: d.20. What is the process that provides system assurance by controlling modifications to a systems hardware, firmware, software, and documentation?a.Configuration controlb.Reference monitorc.Maintenance windowd.System auditAnswer: a.21.Typically, an operating system performs all of the following functions, EXCEPTa.input or output tasks.b.accounting and resource allocation.c.storage assignment tasks.d.user access to database views.Answer: d.(Reference: Fites and Kratz, Information Systems Security: A Practitioners Reference, International Thomson Computer Press, 1996, pg 156)22. During a component failure, a secure system should be designed toa.clear all memory space to prevent object reuse.b.automatically invoke the reference monitor.c.delete all temporary files from virtual storage.d.change to a more secure state.Answer: d.23. What security problem is most likely to exist if an operating system permits objects to be used sequentially by multiple users without forcing a refresh of the objects?a.Disclosure of residual data.b.Unauthorized obtaining of a privileged execution state.c.Denial of service through a deadly embrace.d.Data leakage through covert channels.Answer: a.24. What system flaw allows stack overflows and other memory bounds attacks to succeed?a.Inadequate confinement propertiesb.Compartmentalization not enforcedc.Insufficient parameter checkingd.Applications execute in privileged modeAnswer: c.Discussion:Answer a - wrong, overflow can still take place within the confined memory space but what can be done after the compromise is limited by confinement.Answer b - wrong, overflow can still take place but what can be done after the compromise is limited by compartmentalization.Answer c - correct, if input is accepted without adequate checking the bounds an attacker can make arbitrary changes to the program state adjacent to the array.Answer d - wrong, privileged mode has nothing to do with stack overflow.25. Between-the-lines, line disconnects, interrupt, and NAK attacks are all examples of exploits related toa.system data channels.b.system timing (TOC/TOU).c.system bounds checking.d.passive monitoring.Answer: b.(Reference: Fites and Kratz, Information Systems Security: A Practitioners Reference, International Thomson Computer Press, 1996, pg 172)Discussion:Answer a - wrong, system data channels allow 2 entities to transfer information between themselves & do not directly facilitate the exploits listed above.Answer b - correct, Time of Check/Time of Use is a class of asynchronous attacks where some control information is changed between the time the system security functions check the contents of variables & the time the variables are actually used during operations. System timing facilitates the exploits listed above.Answer c- wrong, system bounds checking verifies a computer program does not a