IT279M1-1: Examine engineering processes and secure design principles.
GEL-1.02: Demonstrate college-level communication through the composition of original materials in Standard English.
Purpose
This Assessment tests your knowledge about engineering processes and secure design principles. You will also be completing the university-mandated communication literacy for the course.
Part 1: Computer Architecture and Protection Mechanisms
Answer the following 12 questions by selecting the one best answer for each. Cite your course texts, or other credible source, and provide a 50–100-word explanation of why you chose your answer.
1. Which statement is true of complex instruction set computers (CISC)?
A. An instruction set executes a single low-level operation.
B. The access calls to main memory are fewer as compared to RISC.
C. The instruction set supports all the low-level programming languages.
2. What is the best description of reduced instruction set computing (RISC)?
A. Processing that executes one instruction at a time
B. Computing using instructions that perform many operations per instruction
C. Computing using instructions that are simpler and require fewer clock
cycles to execute
3. Memory space that is insulated from other running processes in a multipurpose system is part of a _________.
A. Security perimeter
B. Protection domain
C. Trusted path
4. What is the best description of an execution domain?
A. Memory space insulated from other running processes in a multiprocessing system.
B. A communication channel between an application and the kernel in the TCB.
C. An isolated area that is used by trusted processes when they are run in privileged state.
5. The trusted computing system is defined as __________.
A. The total combination of protection mechanisms within a computer system that are trusted to enforce security policy.
B. The boundary separating the trusted mechanisms from the remainder of the system.
C. A system that employs the necessary hardware and software assurance measures to enable processing multiple levels of classified or sensitive information to occur.
6. You are responsible for managing the virtual computers on your network. Which guideline is important when managing virtual computers?
A. Update the operating system and applications only on the host computer.
B. Implement a firewall only on the host computer.
C. Isolate the host computer and each virtual computer from each other.
7. Which statements do NOT define the requirements of a security kernel?
a. The reference monitor should be verified as correct.
b. The reference monitor should provide process isolation.
c. The security kernel should be verified in a comprehensive manner.
d. A method to circumvent the security should be implemented by the reference monitor.
A. Option a
B. Option b
C. Option c
D. Option d
E. Option a and c
F. Option b and d
8. Which characteristics do NOT identify a reference monitor?
a. analysis
b. isolation
c. verifiability
d. vulnerability
A. option a
B. option b
C. option c
D. option d
E. option a and d
F. obtion b and c
9. What part of the TCB concept validates access to every resource prior to granting the requested access?
A. Security kernel
B. TCB partition
C. Reference monitor
10. What is the best definition of a security model?
A. A security model provides a framework to implement security policy.
B. A security model states policies that an organization must follow.
C. Hey security.
11. What is an access object?
A. A list of valid access rules
B. A resource a user or process wants to access
C. A user we’re process that wants to access a resource
12. What is a security control?
A. A mechanism that limits access to an object.
B. A list of valid access rules.
C. A security component that stores attributes that describe an object.
Part 2: Computer Hardware Security Concepts
Section 1: Using Credible Sources, Justify Your Answers to Questions
Answer the following 12 questions by selecting the one best answer for each. Cite your course texts, or other credible source, and provide a 50–100-word explanation of why you chose your answer.
1. Which statement is true of the dedicated security mode?
A. All users have the clearance and formal approval required to access all the data.
B. Some users have the clearance and formal approval required to access all the data.
C. All the users have the clearance and formal approval required to access some of the data.
2. Which statement is true of a multilevel security mode?
A. The multilevel security mode involves the use of sensitivity labels.
B. The multilevel security mode is based on role-based memberships.
C. The multilevel security mode is represented by the Chinese Wall model.
3. Which processes define the supervisor mode?
A. Processes with no protection mechanism.
B. Processes that are executed in the outer protection rings.
C. Processes that are executed in the inner protection rings.
4. What happens when a trusted computing base (TCB) failure occurs as a result of a lower-privileged process trying to access restricted memory segments?
A. The system reboots immediately.
B. The system goes into maintenance mode.
C. Administrator intervention is required.
5. Which statement is true of covert channels?
A. A covert channel is addressed by a C2 rating provided by TCSEC.
B. A covert channel is not controlled by a security mechanism.
C. A covert channel acts a trusted path for authorized communication.
6. What type of channel is used when one process writes data to a hard drive and another process reads it?
A. Covert timing channel
B. Covert storage channel
C. Overt timing channel
7. What is another name for an asynchronous attack?
A. Buffer overflow
B. Maintenance hook
C. Time-of-check/time-of-use (TOC/TOU) attack
8. What is meant by the term fail safe?
A. A system’s ability to recover automatically through a reboot
B. A system’s ability to preserve a secure state before and after failure
C. A system’s ability to terminate processes when a failure is identified
9. Which term is an evaluation of security components and their compliance prior to formal acceptance?
A. Accreditation
B. Security control
C. Certification
10. There are several types of audits used in various situations that you might encounter in the enterprise. Which type of audit would include audits in support of SOX, HIPAA, or SAS 70?
A. Compliance audits
B. Forensic audits
C. Operational audits
11. Which of the following statements CORRECTLY describe Qualitative Risk Analysis methods?
A. Qualitative analysis is based on some categories like low, medium, or high.
B. Qualitative risk analysis uses value at risk.
C. Qualitative analysis is based on calculations.
12. Which of the following statements BEST describes an attribute for effective risk management strategy?
A. Risk awareness communication may not be required at each step of the risk management process.
B. Effective risk management activities should not be supported on on-going activities by all the members of orgainization.
C. Risk management strategy must be an integrated business processes with defined objectives that incorporates all of the organization’s risk management processes.
Minimum Submission Requirements
This Assessment should be a Microsoft Word document and PowerPoint presentation that fulfills the minimum length requirements and any other special requirements listed in the instructions, in addition to the title and reference pages.
Respond to the questions in a thorough manner, providing specific examples of concepts, topics, definitions, and other elements asked for in the questions. Your submission should be highly organized, logical, and focused.
Your submission must be written in Standard English and demonstrate exceptional content, organization, style, and grammar and mechanics.
Your submission should provide a clearly established and sustained viewpoint and purpose.
Your writing should be well ordered, logical and unified, as well as original and insightful.
A separate page at the end of your submission should contain a list of references, in APA format. Use your textbook, the Library, and the internet for research.
Be sure to cite both in-text and reference list citations where appropriate and reference all sources. Your sources and content should follow proper APA citation style. Review the writing resources for APA formatting and citation found in Academic Tools. Additional writing resources can be found within the Academic Success Center. For more information on APA style formatting, go to Academic Writer, formerly APA Style Central, under the Academic Tools area of this course.
Your submission should:
include a cover sheet;
be double-spaced;
be typed in Times New Roman, 12 -point font;
include correct citations
be written in Standard English with no spelling or punctuation errors; and
include correct references at the bottom of the last page.
If work submitted for this competency assessment does not meet the minimum submission requirements, it will be returned without being scored.
Plagiarism
Plagiarism is an act of academic dishonesty. It violates the University Honor Code, and the offense is subject to disciplinary action. You are expected to be the sole author of your work. Use of another person’s work or ideas must be accompanied by specific citations and references. Whether the action is intentional or not, it still constitutes plagiarism.
Last Completed Projects
| topic title | academic level | Writer | delivered |
|---|