Wednesday Morning Quiz – CISSP

 

A.   Bell LaPadula                              B.   Brewer/Nash                    C.   Clark-Wilson

D.   Biba                                              E.   Graham-Denning              F.   Orange Book

G.   Common Criteria                         H.   ITSEC                              I.   Kerberos

J.    Sesame                                          K.  Radius                               L.   Tacacs

M.  Diameter

 

_______          Security model that uses Constrained Data Items (CDIs) for protection

 

_______          Security model that first implemented controls for conflict of interest

 

_______          Simple integrity rule states “No read Down

 

_______          Simple security rule states “No read up”

 

_______          Security model that defined separation of duties as a necessary control

 

_______          Provided guidelines for delegating or transferring access rights

 

_______          Also called the Chinese Wall model

 

_______          Defined by the ISO in conjunction with multiple countries to provide

global method of evaluation for systems

 

_______          Evaluation criteria that focused solely on confidentiality

 

_______          Uses protection profiles to evaluate systems

 

_______          A European standard that evaluated functionality and assurance of systems

 

_______          Uses Ratings of A, B, C, or D to certify a system

 

_______          Authentication system based on Ticket Granting Tickets

 

_______          Authentication system based on PACs

 

_______          Remote Authentication Technology based on UDP that encrypted ONLY

                        the user’s password by default – didn’t protect anything else

 

_______          Access Control Technology that worked with UDP, TCP, and had several

                        flavors” that allowed greater functionality and total protection over it’s

                        Predecessors

 

_______          Based on Radius, but worked with VOIP, FOIP, Mobile, IP addys, with

                        far greater functionality

 

1.         Explain the difference between a memory card and a smart card

 

 

2.                  Give me an example of an administrative, a physical and a technical control.

 

 

3.                  What is TEMPEST and where it is used?

 

 

4.                  What is DNS poisoning?

 

 

5.                  What is a CPU register?

 

 

6.                  What is the difference between an address bus and a data bus?

 

 

7.                  What is the difference between cooperative and preemptive multitasking?

 

 

8.                  Name one thing that resides in CPU Ring 3

 

 

9.                  What is a maintenance hook?

 

 

10.              What is the TCB?