Security Architecture and Engineering for CISSP

Sample Practice Questions

1. Question 1

   Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
   1. A. Reference monitor
   2. B. Trusted Computing Base (TCB)
   3. C. Time separation
   4. D. Security kernel
   Explanation

   The correct answer is: D. Security kernel.

   The security kernel is the hardware, firmware, and software portion of the Trusted Computing Base that mediates all access requests between subjects and objects and provides the security interfaces between the hardware, the OS, and other components; it implements the reference monitor concept and enforces the system's access control policy. The reference monitor is an abstract concept that the security kernel realizes, so it is not itself a piece of code providing the interface. The TCB is the broader collection of all protection mechanisms, not the specific interface layer. Time separation is a method of resource isolation, not an OS component. The security kernel is the concrete subsystem inside the TCB that exposes the security interface, satisfying the question precisely.

2. Question 2

   Which of the following statements BEST describes LEAST privilege principle in a cloud environment?
   1. A. A single cloud administrator is configured to access core functions.
   2. B. Internet traffic is inspected for all incoming and outgoing packets.
   3. C. Routing configurations are regularly updated with the latest routes.
   4. D. Network segments remain private if unneeded to access the internet.
   Explanation

   The correct answer is: D. Network segments remain private if unneeded to access the internet..

   Least privilege in a cloud environment is best illustrated by keeping network segments private when they do not need internet exposure, because every unnecessary public surface grants implicit privilege to the entire internet to reach those workloads; the principle states that subjects (including networks) should have only the minimum access required for their function. A single cloud administrator with access to core functions actually concentrates privilege rather than minimizing it. Inspecting all packets is a monitoring control, not a privilege restriction. Updating routes with the latest routes is routine networking and unrelated to privilege scoping. Restricting reachability by making subnets private by default and explicitly granting egress only when needed exemplifies the least-privilege design pattern in cloud network architecture.

3. Question 3

   Which of the following encryption technologies has the ability to function as a stream cipher?
   1. A. Cipher Block Chaining (CBC) with error propagation
   2. B. Electronic Code Book (ECB)
   3. C. Cipher Feedback (CFB)
   4. D. Feistel cipher
   Explanation

   The correct answer is: C. Cipher Feedback (CFB).

   Cipher Feedback mode turns a block cipher into a self-synchronizing stream cipher by encrypting an IV (or the previous ciphertext block) and XORing the output with plaintext one bit, byte, or smaller unit at a time, so it handles arbitrarily small data and continuous streams. Cipher Block Chaining requires full plaintext blocks and processes data block-wise; it is not a stream mode even with error propagation. Electronic Code Book is a plain block mode that encrypts each block independently and is famously insecure for patterned data. The Feistel cipher is a general structure used by DES, not a mode of operation. Other stream-capable modes include OFB and CTR, but among the four options only CFB transforms a block cipher into stream operation.

4. Question 4

   Which of the following BEST describes the purpose of the reference monitor when defining access control to enforce the security model?
   1. A. Strong operational security to keep unit members safe
   2. B. Policies to validate organization rules
   3. C. Cyber hygiene to ensure organizations can keep systems healthy
   4. D. Quality design principles to ensure quality by design
   Explanation

   The correct answer is: B. Policies to validate organization rules.

   The reference monitor is the abstract enforcement mechanism that intercepts every access request from a subject to an object and validates it against the system's security policy rules, thereby enforcing the security model; its essence is policy-driven validation of access decisions, making the policy-validation framing the best match. Strong operational security to keep unit members safe is operational doctrine, not an access-control construct. Cyber hygiene describes housekeeping practices (patching, password hygiene) rather than enforcement. Quality design principles relate to engineering soundness, not access mediation. The classical Anderson definition of the reference monitor describes it as a tamper-proof, always-invoked, verifiable enforcement component that arbitrates accesses according to the policy, which the policy-validation description captures.

5. Question 5

   The security architect is designing and implementing an internal certification authority to generate digital certificates for all employees. Which of the following is the BEST solution to securely store the private keys?
   1. A. Physically secured storage device
   2. B. Trusted Platform Module (TPM)
   3. C. Encrypted flash drive
   4. D. Public key infrastructure (PKI)
   Explanation

   The correct answer is: B. Trusted Platform Module (TPM).

   A Trusted Platform Module is the right answer because it is a tamper-resistant cryptographic coprocessor bound to the platform that generates and stores private keys inside hardware so they never appear in clearable memory, satisfying the non-exportability and hardware-root-of-trust requirements for a CA signing key. A physically secured storage device protects media but does nothing to keep the key from being copied once loaded into software. An encrypted flash drive is removable consumer media with no tamper-evident chassis, no rate-limited PIN, and no hardware key isolation. Public Key Infrastructure is the management framework that issues and validates certificates, not a storage device for private keys. While a dedicated network HSM would be ideal for a high-volume CA, of the options offered the TPM is the only true hardware key store.

Other CISSP domains

• Asset Security (46 questions)
• Communication and Network Security (58 questions)
• Identity and Access Management (IAM) (55 questions)
• Security and Risk Management (75 questions)
• Security Assessment and Testing (54 questions)
• Security Operations (68 questions)
• Software Development Security (57 questions)