WGU C725 Information Security and Assurance: Exam Practice Questions and Answers | Latest Update

WGU C725 Information Security and Assurance: Exam Practice Questions and Answers | Latest Update . A software model that mediates all access from any subject (user or other device) to any object (resource, data, and so forth); it cannot be bypassed.It mediates accesses to objects by subjects. In principle, it should be: Complete, to mediate every access Isolated from modification by other system entities (objects and processes) Verifiable, doing only what it's programmed to do and not being susceptible to circumvention by malicious acts or programmer error: reference monitor a.k.a. abstract machine 5. Implementation of a reference monitor for a specific hardware base, such as Sun Solaris, Red Hat Linux, or Mac OS X.: security kernel 3 / 14 The TCB, reference monitor, and security kernel are essential for military- and 4 / 14 government-grade information technology (IT) security to prevent unauthorized access or threats to the integrity of programs, operating systems, or data. 6. T or F In "The ring of trust" Trust in a system moves from the outside to the inside in a unidirectional mode.: True 7. T or F Multics was the first operating system to provide a hierarchical file system: - True 8. Which of the following terms best defines the sum of protection mechanisms inside the computer, including hardware, firmware, and software? A . Trusted system B .Security kernel C. Trusted computing base D. Security perimeter: C. Trusted computing base Explanation: The Trusted Computing Base (TCB) is the totality of protection mechanisms within 5 / 14 a computer system, including hardware, firmware, and software. 9. A TCB practice in which a design objective in which each process has its own distinct address space for its application code and data. Such a design makes it possible to prevent each process from accessing another process's data. This prevents data or information leakage and prevents modification of the data while in memory.: Process isolation 10. A TCB practice in which a process (program) have no more privilege than what it really needs to perform its functions. Any modules that require supervisor or root access (that is, complete system privileges) are embedded in the operating system kernel. The kernel handles all requests for system resources and mediates the access from external modules to privileged modules when required.: The principle of least privilege 11. A TCB practice in which specifically relates to the segmentation of memory into protected segments. The kernel allocates the required amount of memory for the process to load its application code, its process data, and its application data. The system prevents user processes from accessing another process's allocated memory. It also prevents user processes from accessing system memory.: Hardware segmentation 6 / 14 12. A TCB practice in which process operation that is divided into layers by function. Each layer deals with a specific activity. The lower (outer) layers perform basic tasks, whereas the higher (inner) layers perform more complex or protected tasks.: Layering 13. A TCB practice in which a process that defines a specific set of permissiblevalues for an object and the operations that are permissible on that object. This involves ignoring or separating implementation details to concentrate on what is important to maintain security.: Abstraction 14. A TCB practice in which a mechanism used to ensure that information available at one processing level is not available in another, regardless of whether it is higher or lower. It is also a concept in the object-oriented programming (OOP) technique when information is encapsulated within an object and can be directly manipulated only by the services provided within the object.: Data hiding a.k.a. information hiding 15. A TCB practice in which parts of a computer system that retain a physical state (information) for some interval of time, possibly even after electrical power to the computer is removed.: Information storage 16. A type of information storage in which it is the computer's main memory 7 / 14 that is directly addressable by the central processing unit (CPU). Primary storage is a volatile storage medium, meaning that the contents of the physicalmemory are lost when the power is removed.: Primary storage a.k.a. (RAM) Random Access Memory 17. A type of information storage in which it is a nonvolatile storage format that can store application and system code plus data when the system is not in use.Examples of this type of storage are disk drives or other persistent data storage mechanisms (including Flash [USB] drives, memory sticks, and tapes).: Secondary storage 18. A type of information storage in which refers to a definite storage location for a program in memory and direct access to a peripheral device. This is common with database management systems that control how storage is used outside the operating system's control.: Real memory 19. A type of information storage in which it extends the volume of primary storage by using secondary storage to hold the memory contents. In this way, the operating system can run programs larger than the available physical memory. This memory (memory contents stored on disk) is swapped in and out of primary memory when needed for processing.: Virtual memory 8 / 14 20. A type of information storage in which it is the computer's primary working and storage area. It is addressable directly by the CPU and stores application or system code in addition to data.: Random memory 21. A type of information storage in which it is computer memory that is accessed sequentially. An example of this is magnetic tape.: Sequential storage 22. A type of information storage in which it experiences a complete loss of any stored information when the power is removed.: Volatile memory 23. T or F Closed systems are proprietary in nature.: True They use specific operating systems and hardware to perform the task and generallylack standard interfaces to allow connection to other systems. The user is generally limited in the applications and programming languages available. 24. An is based on accepted standards and employs standard interfaces to allow connections between different systems. It promotes interoperability and gives the user full access to the total system capability.- : open system 9 / 14 25. A technique used by a system that is capable of running two or more tasks in a concurrent performance or interleaved execution.: Multitasking 26. permits the interleaved execution of two or more programs on a processor.: multiprogramming system 27. provides for simultaneous execution of two or more programs by a processor (CPU). This can alternatively be done through parallel processing of a single program by two or more processors in a multiprocessor system that all have common access to main storage.: Multiprocessing 28. Any device that stores the status or state of something at a given time that can operate based on inputs to change the stored status and/or cause an action or output to take place. The importance of this is that the machine has distinct states that it remembers. In Multics, for example, a state was associated with each ring of trust. Each computer's data register also stores a state. The read-only memory from which a boot (computer start-up) program is loaded stores a state. In fact, the boot program is an initial state. The operatingsystem is itself a state, and each application that it runs begins with some initial state that can change as it handles input. Thus, at any moment in time, a computer system can be seen as a complex set of states and each program in it as a this. In practice, however, these types of machines are used to 10 / 14 develop and describe specific device or program interactions for purposes of discovery or evaluation.: finite-state machine 29. A time-sharing operating system project begun in 1965 as a joint project by MIT Project MAC, Bell Telephone Laboratories, and General Electric. It was the first operating system to provide a hierarchical file system.: Multics 30. Which of the following terms best describes a computer that uses more than one CPU in parallel to execute instructions? A. Multiprocessing B. Multitasking C. Multithreading D. Parallel running: A. Multiprocessing Explanation: Multiprocessing provides for simultaneous execution of two or more programs by a processor (CPU). This can alternatively be done through parallel processing of a single program by two or more processors in a multiprocessor system that all have common access to main storage. 31. Describe what a system should do by design: Functional requirements 32. Describe how the functional requirements should be implemented and tested.: Assurance requirements 11 / 14 33. A collection of criteria used to grade or rate the security claimed for a computer system product. The now-obsolete TCSEC was often called the Orange Book because of its orange cover.: Trusted Computer System Evaluation Criteria (TCSEC) 34. T or F TCSEC provided classes (or divisions) of trust that are roughly equivalent to object classifications of Unclassified, Secret, Top Secret, and beyond Top Secret, using the letters D, C, B, and A, respectively.: True 35. A TCSEC class (division) for systems that have been formally evaluated butfail to meet the requirements for a higher evaluation class. This classification is also used for unrated or untested systems. TCSEC does not contain specificrequirements for this type of class evaluations, but some of the TCSEC interpretation documents (including other Rainbow Series documents) do permit specifying this type of class level of evaluation.: Division D: Minimal Protection 36. A TCSEC class (division) for systems that provides for discretionary protection, based on the need-to-know or least privilege principle, and for audit control mechanisms that enforce the personal accountability of subjects for 12 / 14 the actions they take while using the system. In the commercial world, discretionary protection shelters objects from unauthorized subjects through the assignment of privilege to the subject by the object's owner. In other words, a data owner (human being) gets to decide who is authorized to access his or her objects (data, programs, and so forth).: Division C: Discretionary Protection 37. A particular TCSEC class (division) for systems that satisfies the discretionary access control requirements by separating users and data. It incorporates mechanisms that are capable of enforcing access limitations on an individual basis.: Class C1: Discretionary Security Protection