| Certified Information Systems Security | | | | implementation of future updates without incurring |
| Professional | | | | the time and expense of recertification. |
| After you study your text books it is important | | | | D. Large - in order to enable it to protect the |
| to test your newly acquired knowledge and see | | | | potentially large number of resources in a typical |
| just how well you have absorbed the material. | | | | commercial system environment. |
| Practice exams.... | | | | _____________________ |
| * Reinforces what you learnt - fill in the gaps of | | | | Question 6# - What is an error called that causes |
| what you missed | | | | a system to be vulnerable because of the |
| * Gets you used to answering questions to build | | | | environment in which it is installed? |
| confidence and familiarity | | | | A.) Configuration error |
| Here are 10 Multiple choice exams questions for | | | | B.) Environmental error |
| you to practice on: | | | | C.) Access validation error |
| ______________________________ | | | | D.) Exceptional condition handling error |
| Question 1# - Which element must computer | | | | _____________________ |
| evidence have to be admissible in court? | | | | Question 7# - Which one of the following |
| A.) It must be relevant | | | | describes a reference monitor? |
| B.) It must be annotated | | | | A. Access control concept that refers to an |
| C.) It must be printed | | | | abstract machine that mediates all accesses to |
| D.) t must contain source code | | | | objects by subjects. |
| _____________________ | | | | B. Audit concept that refers to monitoring and |
| Question 2# - What principle requires that a user | | | | recording of all accesses to objects by subjects. |
| be given no more privilege then necessary to | | | | C. Identification concept that refers to the |
| perform a job? | | | | comparison of materialsupplied by a user with its |
| A. Principle of aggregate privilege. | | | | reference profile. |
| B. Principle of most privilege. | | | | D. Network control concept that distributes the |
| C. Principle of effective privilege. | | | | authorization of subject accesses to objects. |
| D. Principle of least privilege. | | | | _____________________ |
| _____________________ | | | | Question 8# - Fault tolerance countermeasures |
| Question 3# - One method to simplify the | | | | are designed to combat threats to |
| administration of access controls is to group | | | | A.) an uninterruptible power supply |
| A. Capabilities and privileges | | | | B.) backup and retention capability |
| B. Objects and subjects | | | | C.) design reliability |
| C. Programs and transactions | | | | D.) data integrity |
| D. Administrators and managers | | | | _____________________ |
| _____________________ | | | | Question 9# - The Common Criteria construct |
| Question 4# - What is the act of willfully changing | | | | which allows prospective consumers or |
| data, using fraudulent input or removal of controls | | | | developers to create standardized sets of |
| called? | | | | security requirements to meet there needs is |
| A. Data diddling | | | | A. a Protection Profile (PP). |
| B. Data contaminating | | | | B. a Security Target (ST). |
| C. Data capturing | | | | C. an evaluation Assurance Level (EAL). |
| D. Data trashing | | | | D. a Security Functionality Component Catalog |
| _____________________ | | | | (SFCC). |
| Question 5# - What should be the size of a | | | | _____________________ |
| Trusted Computer Base? | | | | Question 10# - According to Common Criteria, |
| A. Small - in order to permit it to be implemented | | | | what can be described as an intermediate |
| in all critical system components without using | | | | combination of security requirement components? |
| excessive resources. | | | | A.) Protection profile (PP) |
| B. Small - in order to facilitate the detailed analysis | | | | B.) Security target (ST) |
| necessary to prove that it meets design | | | | C.) Package |
| requirements. | | | | D. |
| C. Large - in order to accommodate the | | | | |