1、CISSP认证考试(安全体系结构和设计)模拟试卷 1及答案与解析 1 Lacys manager has tasked her with researching an intrusion detection system for a new dispatching center. Lacy identifies the top five products and compares their ratings. Which of the following are the evaluation criteria most in use today for these types of purpo
2、ses? ( A) ITSEC ( B) Common Criteria ( C) Red Book ( D) Orange Book 2 Certain types of attacks have been made more potent by which of the following advances to microprocessor technology? ( A) Increased circuits, cache memory, and multiprogramming ( B) Dual mode computation ( C) Direct memory access
3、I/O ( D) Increases in processing power 3 CPUs and operating systems can work in two main types of multitasking modes. What controls access and the use of system resources in preemptive multitasking mode? ( A) The user and application ( B) The program that is loaded into memory ( C) The operating sys
4、tem ( D) The CPU and user 4 Virtual storage combines RAM and secondary storage for system memory. Which of the following is a security concern pertaining to virtual storage? ( A) More than one process uses the same resource. ( B) It allows cookies to remain persistent in memory. ( C) It allows for s
5、ide-channel attacks to take place. ( D) Two processes can carry out a denial-of-service. 5 Which of the following is a common association of the Clark-Wilson access model? ( A) Chinese Wall ( B) Access tuple ( C) Read up and write down rule ( D) Subject and application binding 6 Which of the followi
6、ng correctly describes the relationship between the reference monitor and the security kernel? ( A) The security kernel implements and enforces the reference monitor. ( B) The reference monitor is the core of the trusted computing base, which is made up of the security kernel. ( C) The reference mon
7、itor implements and enforces the security kernel. ( D) The security kernel, aka abstract machine, implements the reference monitor concept. 7 The trusted computing base (TCB) ensures security within a system when a process in one domain must access another domain in order to retrieve sensitive infor
8、mation. What function does the TCB initiate to ensure that this is done in a secure manner? ( A) I/O operational execution ( B) Process deactivation ( C) Execution domain switching ( D) Virtual memory to real memory mapping 8 The Zachman Architecture Framework is often used to set up an enterprise s
9、ecurity architecture. Which of the following does not correctly describe the Zachman Framework? ( A) A two-dimensional model that uses communication interrogatives intersecting with different levels ( B) A security-oriented model that gives instructions in a modular fashion ( C) Used to build a robu
10、st enterprise architecture versus a technical security architecture ( D) Uses six perspectives to describe a holistic information infrastructure 9 John has been told to report to the board of directors with a vendor-neutral enterprise architecture framework that will help the company reduce fragment
11、ation that results from the misalignment of IT and business processes. Which of the following frameworks should he suggest? ( A) DoDAF ( B) CMMI ( C) ISO/IEC 42010 ( D) TOGAF 10 Protection profiles used in the Common Criteria evaluation process contain five elements. Which of the following establish
12、es the type and intensity of the evaluation? ( A) Descriptive elements ( B) Evaluation assurance requirements ( C) Evaluation assurance level ( D) Security target 11 Which of the following best defines a virtual machine? ( A) A virtual instance of an operating system ( B) A piece of hardware that ru
13、ns multiple operating system environments simultaneously ( C) A physical environment for multiple guests ( D) An environment that can be fully utilized while running legacy applications 12 Bethany is working on a mandatory access control (MAC) system. She has been working on a file that was classifi
14、ed as Secret. She can no longer access this file because it has been reclassified as Top Secret. She deduces that the project she was working on has just increased in confidentiality and she now knows more about this project than her clearance and need-to-know allows. Which of the following refers t
15、o a concept that attempts to prevent this type of scenario from occurring? ( A) Covert storage channel ( B) Inference attack ( C) Noninterference ( D) Aggregation 13 Virtualization offers many benefits. Which of the following incorrectly describes virtualization? ( A) Virtualization simplifies opera
16、ting system patching. ( B) Virtualization can be used to build a secure computing platform. ( C) Virtualization can provide fault and error containment. ( D) Virtual machines offer powerful debugging capabilities. 14 Which security architecture model defines how to securely develop access rights bet
17、ween subjects and objects? ( A) Brewer-Nash ( B) Clark-Wilson ( C) Graham-Denning ( D) Bell-LaPadula 15 Operating systems can be programmed to carry out different methods for process isolation. Which of the following refers to a method in which an interface defines how communication can take place b
18、etween two processes and no process can interact with the others internal programming code? ( A) Virtual mapping ( B) Encapsulation of objects ( C) Time multiplexing ( D) Naming distinctions 16 Which of the following is not a responsibility of the memory manager? ( A) Use complex controls to ensure
19、integrity and confidentiality when processes need tp use the same shared memory segments. ( B) Limit processes to interact only with the memory segments assigned to them. ( C) Swap contents from RAM to the hard drive as needed. ( D) Run an algorithm to identify unused committed memory and inform the
20、 operating system that the memory is available. 17 Several types of read-only memory devices can be modified after they are manufactured. Which of the following statements correctly describes the differences between two types of ROM? ( A) PROM can only be programmed once, while EEPROM can be program
21、med multiple times. ( B) A UV light is used to erase data on EEPROM, while onboard programming circuitry and signals erase data on EPROM. ( C) The process used to delete data on PROM erases one byte at a time, while to erase data on an EPROM chip, you must remove it from the hardware. ( D) The volta
22、ge used to write bits into the memory cells of EPROM burns out the fuses that connect individual memory cells, while UV light is used to write to the memory cells of PROM. 18 There are different ways that operating systems can carry out software I/O procedures. Which of the following is used when th
23、e CPU sends data to an I/O device and then works on another processs request until the I/O device is ready for more data? ( A) I/O using DMA ( B) Interrupt-driven I/O ( C) Programmable I/O ( D) Premapped I/O 19 The Information Technology Infrastructure Library(ITIL) consists of five sets of instruct
24、ional books. Which of the following is considered the core set and focuses on the overall planning of the intended IT services? ( A) Service Operation ( B) Service Design ( C) Service Transition ( D) Service Strategy 20 Widgets Inc.s software development processes are documented and the organization
25、 is capable of producing its own standard of software processes. Which of the following Capability Maturity Model Integration levels best describes Widgets Inc.? ( A) Initial ( B) Repeatable ( C) Defined ( D) Managed 21 There are several different important pieces to the Common Criteria. Which of th
26、e following best describes the first of the missing components? ( A) Target of evaluation ( B) Protection profile ( C) Security target ( D) EALs 22 Different access control models provide specific types of security measures and functionality in applications and operating systems. What model is being
27、 expressed in the graphic that follows?( A) Noninterference ( B) Biba ( C) Bell-LaPadula ( D) Chinese Wall 23 There are many different types of access control mechanisms that are commonly embedded into all operating systems. Which of the following is the mechanism that is missing in this graphic?( A
28、) Trusted computing base ( B) Security perimeter ( C) Reference monitor ( D) Domain 24 There are several security enforcement components that are commonly built into operating systems. Which component is illustrated in the graphic that follows? ( A) Virtual machines ( B) Interrupt ( C) Cache memory
29、( D) Protection rings 25 A multitasking operating system can have several processes running at the same time. What are the components within the processes that are shown in the graphic that follows? ( A) Threads ( B) Registers ( C) Address buses ( D) Process tables 25 The following scenario applies
30、to questions 26 and 27. Charlie is a new security manager at a textile company that develops its own proprietary software for internal business processes. Charlie has been told that the new application his team needs to develop must comply with the ISO/IEC 42010 standard. He has found out that many
31、of the critical applications have been developed in the C programming language and has asked for these applications to be reviewed for a specific class of security vulnerabilities. 26 Which of the following best describes the standard Charlies team needs to comply with? ( A) International standard o
32、n system design to allow for better quality, interoperability, extensibility, portability, and security ( B) International standard on system security to allow for better threat modeling ( C) International standard on system architecture to allow for better quality, interoperability, extensibility,
33、portability, and security ( D) International standard on system architecture to allow for better quality, extensibility, portability, and security 27 Which of the following is Charlie most likely concerned with in this situation? ( A) Injection attacks ( B) Memory block ( C) Buffer overflows ( D) Br
34、owsing attacks 27 The following scenario applies to questions 28 and 29. Tims development team is designing a new operating system. One of the requirements of the new product is that critical memory segments need to be categorized as nonexecutable, with the goal of reducing malicious code from being
35、 able to execute instructions in privileged mode. The team also wants to make sure that attackers will have a difficult time predicting execution target addresses. 28 Which of the following best describes the type of protection that needs to be provided by this product? ( A) Hardware isolation ( B)
36、Memory induction application ( C) Data execution prevention ( D) Domain isolation protection 29 Which of the following best describes the type of technology the team should implement to increase the work effort of buffer overflow attacks? ( A) Address space layout randomization ( B) Memory induction
37、 application ( C) Input memory isolation ( D) Read-only memory integrity checks 29 The following scenario applies to questions 30, 31, and 32. Operating systems have evolved and changed over the years. The earlier operating systems were monolithic and did not segregate critical processes from noncri
38、tical processes. As time went on operating system vendors started to reduce the amount of programming code that ran in kernel mode. Only the absolutely necessary code ran in kernel mode, and the remaining operating system code ran in user mode. This architecture introduced performance issues, which
39、required the operating system vendors to reduce the critical operating system functionality to microkernels and allow the remaining operating system functionality to run in client/server models within kernel mode. 30 Which of the following best describes the second operating system architecture desc
40、ribed in the scenario? ( A) Layered ( B) Microkernel ( C) Monolithic ( D) Kernel based 31 Which of the following best describes why there was a performance issue in the context of the scenario? ( A) Bloated programming code ( B) I/O and memory location procedures ( C) Mode transitions ( D) Data and
41、address bus architecture 32 Which of the following best describes the last architecture described in this scenario? ( A) Hybrid microkernel ( B) Layered ( C) Monolithic ( D) Hardened and embedded CISSP认证考试(安全体系结构和设计)模拟试卷 1答案与解析 1 【正确答案】 B 【试题解析】 B正确。通用准则 (Common Criteria)创建于 20世纪 90年代早期,它结合了可信计算机系统评
42、测标准 (Trusted Computer System Evaluation Criteria, TCSEC)和信息技术安全评估标准 (Information Technology Security Evaluation Criteria, ITSEC)的优点,同时减少了它们的不足。这些评估标准比TCSEC更灵活、比 ITSEC更通俗易懂。通用准则是全球公认的,它有助于降低等级的复杂性,减少对不同评估方案中不同等级的定义和意义的理解,从而有效地帮助了消费者。这 对生产商也大有裨益,因为现在如果他们希望在国际上销售产品,便可以只根据一套具体要求来构建这些产品,而无须同时满足不同规则和要求的几个
43、不同的等级。 A不正确。因为 ITSEC或信息技术安全评价标准应用不是最为广泛。 ITSEC是许多欧洲国家建立计算机系统和产品的安全属性单一评价标准的首次尝试。此外,ITSEC在评价时把功能和保证分割开来,并对它们分别制定了一个单独的评价等级。它的开发是为了提供比 TCSEC更多的灵活性,并解决网络系统中的完整性、可用性和保密性问题。尽管 ITSEC的目标是成为产品评估的世界通用标准, 然而它的目标并未实现,反而被通用准则所代替。 C不正确。因为红皮书 (Red Book)是美国政府发布的解决网络和网络组件安全评估问题的出版物。红皮书的正式名称为 Trusted Network Interpr
44、etation,这本书为不同类型的网络提供了安全框架。网络上主体对客体的访问需要受到控制、监督和审计。 D不正确。因为橘皮书 (Orange Book)是美国政府发布的主要解决政府和军事对操作系统的要求和期望的出版物。橘皮书用来评价一个产品是否真正包含供应商所声称包含的安全属性,以及判断一个产品是否适合某一 特定应用或功能。橘皮书用来审核产品的功能性、有效性,以及在评估过程中确保产品,它使用了解决典型安全需求模式的分类。橘皮书提供了一个构建和评估可信系统的广泛框架,侧重于控制哪些用户能够访问系统。橘皮书的另外一个名称为可信计算机系统评测标准 (Trusted Computer System E
45、valuation Criteria, TCSEC)。 【知识模块】 安全体系结构和设计 2 【正确答案】 D 【试题解析】 D正确。随着个人电脑的增多和服务器处理能力的增强,在安全机制方面,在几年前不可能成功 的蛮力攻击和破解攻击现在更有可能成功。如今的处理器每秒钟执行的指令数目惊人。这些指令可用于尝试破解密码或加密密钥或指令,向受害系统发送恶意数据包。 A不正确。因为增加电路、高速缓存和多道程序设计 (multiprogramming)并不会使特定类型的攻击更为有效。多道程序设计指的是不止一个程序或进程同时被加载到内存中。它使得用户可以同时运行防病毒软件、 Word处理器、防火墙和电子邮件
46、客户等。高速缓存是一种用于高速读写活动的存储器。当系统 (通过它的编程逻辑 )认为它在处理活动过程中需要多次访问特定信息时,它将把这 些特定信息存储在高速缓存中以便方便快捷地进行访问。 B不正确。因为这个选项是个干扰项。在考试微处理器方面的发展时,这种双模式计算并不真正存在。 C不正确。因为直接内存访问 (direct memory access, DMA)是指不使用 CPtJ而在输入输出 (I O)设备和系统内存之间传输指令和数据的方式。这大大提高了数据传输速度。 DMA基本上是通过利用计算机系统内的其他处理能力保证多个单指令得到解释和执行,从而达到减轻 CPU负担的目的。这不是微处理器技术
47、的进步。 【知识模块】 安全体系结构和设计 3 【正确答案】 C 【试题解析】 C正确。操作系统开始是合作式多任务处理模式,后来演化成抢占式多任务处理模式。 Windows 9x、 NT、 2000、 XP还有 Unix系统都使用抢占式多任务处理模式,操作系统利用这些模式控制某一进程对资源的使用时间。系统通过时间共享的方式,能够暂停正在使用 CPU(或其他系统资源 )的某进程,并允许另外一个进程访问它。因此,使用抢占式多任务处理模式的操作系统把持大局,使得运行不好的应用程序不会给其他应用程序造成负面影响。在使用合作式多任务处理模式的操作系统中,进程对资源的释放 有太多的控制权,当某个应用程序中
48、断时,它通常会影响所有其他程序,甚至有时也会影响到操作系统本身。而采用抢占式多任务处理模式的操作系统把持大局时,应用程序不会轻易地给其他应用程序带来负面影响。 A不正确。因为在抢占式多任务处理模式下,用户和应用程序并不控制对系统资源的访问和使用。然而,在合作式多任务处理模式下,应用程序对系统资源的使用拥有更多的控制。既可以在抢占式多任务处理模式下也可以在合作式多任务处理模式下运行的是操作系统本身,而不是应用程序或用户。 B不正确。因为如答案 A中所述,程序并不在一个特定的多任务 处理模式下运行,而是在操作系统中运行。用于 Windows 3 1或早期 Macintosh系统中的合作式多任务处理
49、模式要求进程自愿释放它们正使用的资源。这并不一定是一个稳定的环境,因为如果程序员编写的代码在使用完资源后没有合理地释放资源,那么该资源会无限地被他的应用程序申请使用,从而使得其他程序不能使用该资源。 D不正确。因为用户和 CPU并不控制对系统资源的访问和使用。相反,操作系统控制着给不同进程分配的处理器时间片。多任务模式是操作系统用于访问 CPU的方式,它既可以是合作式的,也可以是抢占式的。 【知 识模块】 安全体系结构和设计 4 【正确答案】 A 【试题解析】 A正确。 RAM和辅助存储器相结合得到的就是虚拟存储器。系统使用硬件驱动空间,它也叫交换空间 (swap space),是为拓展系统的 RAM存储空间而预留的。当系统的易失性存储器 (volatile memory)填满之后,它便把数据从内存写到硬盘上去。当某程序要求访问这些数据时,它们便从硬件驱动中以页帧的方式被召唤回内存的特定单元。访问以页帧单位保存在硬盘中的数据要比访问存储器中的数据耗时更多,因为读取硬盘中的数据必须进行物理磁盘读写 访问。操作系统维护的内部控制块记录着 RAM里面存储的页帧,哪些页帧可以 “离线 ”使用以及哪些可以在需要时被召进 RAM去执行或处理。其结果是系统的内存看起来似乎可以装载令人难以置信的大量信息和程序指令。使用虚拟交换空间的安全问题是两个或多个进程使用同一资源,数据可能
