Wednesday Morning Quiz – CISSP
A. Bell LaPadula B. Brewer/Nash C. Clark-Wilson
D. Biba E. Graham-Denning F. Orange Book
G. Common Criteria H. ITSEC I. Kerberos
J. Sesame K. Radius L. Tacacs
M. Diameter
_______ Security model that uses Constrained Data Items (CDIs) for protection
_______ Security model that first implemented controls for conflict of interest
_______ Simple integrity rule states “No read Down”
_______ Simple security rule states “No read up”
_______ Security model that defined separation of duties as a necessary control
_______ Provided guidelines for delegating or transferring access rights
_______ Also called the Chinese Wall model
_______ Defined by the ISO in conjunction with multiple countries to provide
global method of evaluation for systems
_______ Evaluation criteria that focused solely on confidentiality
_______ Uses protection profiles to evaluate systems
_______ A European standard that evaluated functionality and assurance of systems
_______ Uses Ratings of A, B, C, or D to certify a system
_______ Authentication system based on Ticket Granting Tickets
_______ Authentication system based on PACs
_______ Remote Authentication Technology based on UDP that encrypted ONLY
the user’s password by default – didn’t protect anything else
_______ Access Control Technology that worked with UDP, TCP, and had several
“flavors” that allowed greater functionality and total protection over it’s
Predecessors
_______ Based
on Radius, but worked with VOIP, FOIP,
far greater functionality
1. Explain the difference between a memory card and a smart card
2. Give me an example of an administrative, a physical and a technical control.
3. What is TEMPEST and where it is used?
4. What is DNS poisoning?
5. What is a CPU register?
6. What is the difference between an address bus and a data bus?
7. What is the difference between cooperative and preemptive multitasking?
8. Name one thing that resides in CPU Ring 3
9. What is a maintenance hook?
10. What is the TCB?