ISO 15408 Standard

iso-15408-standard

Question 1 of 1

Time Left

0 [{"id":55026,"quiz_id":"3788","answer_id":null,"answerType_id":"0","created_at":"2016-04-15 23:47:06","updated_at":"2016-04-15 23:47:06","questionName":"where moderate level of independently assured security is required. The cooperation from the developer is requires. It places additional requirements on testing, development environment controls and configuration management. The additional requirement is the Life Cycle support.","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":null,"explanation":"","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":55025,"quiz_id":"3788","answer_id":null,"answerType_id":"0","created_at":"2016-04-15 23:45:18","updated_at":"2016-04-15 23:45:18","questionName":"where low to moderate level of independently assured security is required. Here, it requires some cooperation from the developer. It will definitely require no more than good vendor commercial practices. To add to the previous requirements are developer testing, vulnerability analysis, and more extensive and independent testing.","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":null,"explanation":"","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":46871,"quiz_id":"3788","answer_id":null,"answerType_id":"2","created_at":"2016-03-20 15:09:39","updated_at":"2016-03-20 15:16:58","questionName":"Match the Common Criteria EAL Assurance levels with the description","questionTimeSeconds":"0","questionTimeMinutes":"5","questionImagePath":null,"position":null,"explanation":null,"question_score_id":null,"lang":null,"questionAudioPath":null},{"id":55024,"quiz_id":"3788","answer_id":null,"answerType_id":"0","created_at":"2016-04-15 23:43:06","updated_at":"2016-04-15 23:43:06","questionName":"Where threat to security is not serious, however some confidence in current operation is required. In the evaluation, there is no assistance from TOE developer. The requirements are: Configuration Management, Delivery and Operation, Development, Guidance documents and Tests.","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":null,"explanation":"","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":55029,"quiz_id":"3788","answer_id":null,"answerType_id":"0","created_at":"2016-04-15 23:51:50","updated_at":"2016-04-15 23:51:50","questionName":"Where assets are highly valuable and risks are extremely high. However, practical use is functionally limited for amenability to formal analysis. The assurance is gained through application of formal methods. The additional requirements for these is testing and formal analysis.","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":null,"explanation":"","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":55027,"quiz_id":"3788","answer_id":null,"answerType_id":"0","created_at":"2016-04-15 23:48:57","updated_at":"2016-04-15 23:48:57","questionName":"Where moderate to high level of independently assured security is required. It is to ensure that there is some security engineering added to commercial development practices. This currently the highest level likely for retrofit of an existing product. There are additional requirements on design, implementation, vulnerability analysis, development and configuration management","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":null,"explanation":"","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":46800,"quiz_id":"3788","answer_id":null,"answerType_id":"0","created_at":"2016-03-20 14:02:25","updated_at":"2016-03-20 14:49:32","questionName":"A set of software, firmware and\/or hardware possibly accompanied by guidance.","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":1,"explanation":null,"question_score_id":null,"lang":null,"questionAudioPath":null},{"id":46801,"quiz_id":"3788","answer_id":null,"answerType_id":"1","created_at":"2016-03-20 14:06:15","updated_at":"2016-03-20 14:49:32","questionName":"There are four groups with a general interest in evaluating security profiles. List three","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":2,"explanation":null,"question_score_id":null,"lang":null,"questionAudioPath":null},{"id":46806,"quiz_id":"3788","answer_id":null,"answerType_id":"2","created_at":"2016-03-20 14:12:34","updated_at":"2016-03-20 14:49:32","questionName":"ISO\/IEC 15408 is presented as a set of distinct but related parts. Match the part with the appropriate definition","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":7,"explanation":null,"question_score_id":null,"lang":null,"questionAudioPath":null},{"id":46804,"quiz_id":"3788","answer_id":null,"answerType_id":"0","created_at":"2016-03-20 14:09:03","updated_at":"2016-03-20 14:49:32","questionName":"Contains criteria to be used when forming judgments about the conformance of TOEs to their security requirements.","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":5,"explanation":null,"question_score_id":null,"lang":null,"questionAudioPath":null},{"id":46803,"quiz_id":"3788","answer_id":null,"answerType_id":"0","created_at":"2016-03-20 14:08:19","updated_at":"2016-03-20 14:49:32","questionName":"Intended to support in preparing for and assisting in the evaluation of their TOEs and in identifying security requirements to be satisfied by those TOEs.","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":4,"explanation":null,"question_score_id":null,"lang":null,"questionAudioPath":null},{"id":46802,"quiz_id":"3788","answer_id":null,"answerType_id":"0","created_at":"2016-03-20 14:07:11","updated_at":"2016-03-20 14:49:32","questionName":"Written to ensure that evaluation fulfills the fundamental purpose and justification for the evaluation process.","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":3,"explanation":null,"question_score_id":null,"lang":null,"questionAudioPath":null},{"id":55028,"quiz_id":"3788","answer_id":null,"answerType_id":"0","created_at":"2016-04-15 23:50:22","updated_at":"2016-04-15 23:50:22","questionName":"Where assets are valuable and risks are high and do requires a rigorous development environment. The additional requirements are on analysis, design, development, configuration management, and vulnerability\/covert channel analysis.","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":null,"explanation":"","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":46799,"quiz_id":"3788","answer_id":null,"answerType_id":"0","created_at":"2016-03-20 13:54:43","updated_at":"2016-03-20 14:49:32","questionName":"What is ISO 15408 Title?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":0,"explanation":null,"question_score_id":null,"lang":null,"questionAudioPath":null},{"id":46805,"quiz_id":"3788","answer_id":null,"answerType_id":"0","created_at":"2016-03-20 14:09:49","updated_at":"2016-03-20 14:49:32","questionName":"Is oriented towards specification and evaluation of the IT security properties of TOEs, it may also be useful as reference material to all parties with an interest in or responsibility for IT security.","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":6,"explanation":null,"question_score_id":null,"lang":null,"questionAudioPath":null}]

55026

120

block

where moderate level of independently assured security is required. The cooperation from the developer is requires. It places additional requirements on testing, development environment controls and configuration management. The additional requirement is the Life Cycle support.

Select the correct answer(s).

(0/0)

55025

120

none

where low to moderate level of independently assured security is required. Here, it requires some cooperation from the developer. It will definitely require no more than good vendor commercial practices. To add to the previous requirements are developer testing, vulnerability analysis, and more extensive and independent testing.

Select the correct answer(s).

(0/0)

46871

300

none

Match the Common Criteria EAL Assurance levels with the description

Match the text (click and drag)

(0/0)

Match the text
EAL1
EAL2
EAL3
EAL4
EAL5
EAL6
EAL7

Click and drag
Applicable to the development of security TOEs for application in high risk situations where the value of the protected assets justifies the additional costs.
Applicable in those circumstances where developers or users require a high level of independently assured security in a planned development and require a rigorous development approach without incurring unreasonable costs attributable to specialist security engineering techniques.
Applicable in those circumstances where developers or users require a moderate level of independently assured security, and require a thorough investigation of the TOE and its development without substantial re-engineering.
Applicable where some confidence in correct operation is required, but the threats to security are not viewed as serious.
Applicable in those circumstances where developers or users require a moderate to high level of independently assured security in conventional commodity TOEs and are prepared to incur additional security-specific engineering costs.
Applicable in those circumstances where developers or users require a low to moderate level of independently assured security in the absence of ready availability of the complete development record.
Applicable to the development of security TOEs for application in extremely high risk situations and/or where the high value of the assets justifies the higher costs.

(0/0)

Match the text
Introduction and general model
Security functional components
Security assurance components

Click and drag
Concepts and principles of IT security evaluation.
serve as standard templates upon which to base requirements for TOEs.
Seven pre-defined assurance packages which are called the EAL.

Time Left

where moderate level of independently assured security is required. The cooperation from the developer is requires. It places additional requirements on testing, development environment controls and configuration management. The additional requirement is the Life Cycle support.

Select the correct answer(s).

(0/0)

Select the correct answer(s).

(0/0)

Match the Common Criteria EAL Assurance levels with the description

Match the text (click and drag)

(0/0)

EAL1

EAL2

EAL3

EAL4

EAL5

EAL6

EAL7

Applicable to the development of security TOEs for application in high risk situations where the value of the protected assets justifies the additional costs.

Applicable in those circumstances where developers or users require a high level of independently assured security in a planned development and require a rigorous development approach without incurring unreasonable costs attributable to specialist security engineering techniques.

Applicable in those circumstances where developers or users require a moderate level of independently assured security, and require a thorough investigation of the TOE and its development without substantial re-engineering.

Applicable where some confidence in correct operation is required, but the threats to security are not viewed as serious.

Applicable in those circumstances where developers or users require a moderate to high level of independently assured security in conventional commodity TOEs and are prepared to incur additional security-specific engineering costs.

Applicable in those circumstances where developers or users require a low to moderate level of independently assured security in the absence of ready availability of the complete development record.

Applicable to the development of security TOEs for application in extremely high risk situations and/or where the high value of the assets justifies the higher costs.

Where threat to security is not serious, however some confidence in current operation is required. In the evaluation, there is no assistance from TOE developer. The requirements are: Configuration Management, Delivery and Operation, Development, Guidance documents and Tests.

Select the correct answer(s).

(0/0)

Where assets are highly valuable and risks are extremely high. However, practical use is functionally limited for amenability to formal analysis. The assurance is gained through application of formal methods. The additional requirements for these is testing and formal analysis.

Select the correct answer(s).

(0/0)

Select the correct answer(s).

(0/0)

A set of software, firmware and/or hardware possibly accompanied by guidance.

Select the correct answer(s).

(0/0)

There are four groups with a general interest in evaluating security profiles. List three

Fill in the blanks

(0/0)

ISO/IEC 15408 is presented as a set of distinct but related parts. Match the part with the appropriate definition

Match the text (click and drag)

(0/0)

Introduction and general model

Security functional components

Security assurance components

Concepts and principles of IT security evaluation.

serve as standard templates upon which to base requirements for TOEs.

Seven pre-defined assurance packages which are called the EAL.

Contains criteria to be used when forming judgments about the conformance of TOEs to their security requirements.

Select the correct answer(s).

(0/0)

Intended to support in preparing for and assisting in the evaluation of their TOEs and in identifying security requirements to be satisfied by those TOEs.

Select the correct answer(s).

(0/0)

Written to ensure that evaluation fulfills the fundamental purpose and justification for the evaluation process.

Select the correct answer(s).

(0/0)

Where assets are valuable and risks are high and do requires a rigorous development environment. The additional requirements are on analysis, design, development, configuration management, and vulnerability/covert channel analysis.

Select the correct answer(s).

(0/0)

What is ISO 15408 Title?

Select the correct answer(s).

(0/0)

Is oriented towards specification and evaluation of the IT security properties of TOEs, it may also be useful as reference material to all parties with an interest in or responsibility for IT security.

Select the correct answer(s).

(0/0)

Results

Correct

0

Incorrect

0

Skipped

0

Overall Percentage

0%

Rate Quiz