The Information Technology Security Evaluation Criteria (ITSEC) was written to address which of the following that the Orange Book did not address?

• A.integrity and confidentiality.
• B.confidentiality and availability.
• C.integrity and availability.
• D.none of the above.

Comment: *

Name: *

Email: *

Verification: *

In a SSL session between a client and a server, who is responsible for generating the master secret that will be used as a seed to generate the symmetric keys that will be used during the session?

• A.Both client and server
• B.The client's browser
• C.The web server
• D.The merchant's Certificate Server

Comment: *

Name: *

Email: *

Verification: *

An Architecture where there are more than two execution domains or privilege levels is called:

• A.Ring Architecture.
• B.Ring Layering
• C.Network Environment.
• D.Security Models

Correct Answer: A

In computer science, hierarchical protection domains, often called protection rings, are a mechanism to protect data and functionality from faults (fault tolerance) and malicious behavior (computer security). This approach is diametrically opposite to that of capability-based security.
Computer operating systems provide different levels of access to resources. A protection ring is one of two or more hierarchical levels or layers of privilege within the architecture of a computer system. This is generally hardware-enforced by some CPU architectures that provide different CPU modes at the hardware or microcode level. Rings are arranged in a hierarchy from most privileged (most trusted, usually numbered zero) to least privileged (least trusted, usually with the highest ring number). On most operating systems, Ring 0 is the level with the most privileges and interacts most directly with the physical hardware such as the CPU and memory.
Special gates between rings are provided to allow an outer ring to access an inner ring's resources in a predefined manner, as opposed to allowing arbitrary usage. Correctly gating access between rings can improve security by preventing programs from one ring or privilege level from misusing resources intended for programs in another. For example, spyware running as a user program in Ring 3 should be prevented from turning on a web camera without informing the user, since hardware access should be a Ring 1 function reserved for device drivers. Programs such as web browsers running in higher numbered rings must request access to the network, a resource restricted to a lower numbered ring. Ring Architecture Ring Architecture

All of the other answers are incorrect because they are detractors.
References:
OIG CBK Security Architecture and Models (page 311) and https://en.wikipedia.org/wiki/Ring_%28computer_security%29

Comment: *

Name: *

Email: *

Verification: *

What is the effective key size of DES?

• A.56 bits
• B.64 bits
• C.128 bits
• D.1024 bits

Comment: *

Name: *

Email: *

Verification: *

Passwords can be required to change monthly, quarterly, or at other intervals:

• A.depending on the criticality of the information needing protection
• B.depending on the criticality of the information needing protection and the password's frequency of use
• C.depending on the password's frequency of use
• D.not depending on the criticality of the information needing protection but depending on the password's frequency of use

Comment: *

Name: *

Email: *

Verification: *