Multiple Choice Questions:
1. What are the seven increasing levels of assurance in Part 3 of ISO 15408 (The Common Criteria for IT Security Evaluations) called?
a. Security evaluation classes.
b. Security evaluation levels.
This answer is somewhat correct, but it’s important to use precise terminology in IT security to avoid confusion, especially when the terminology is carefully defined in ISO standards.
c. Security test levels.
d. None of the above.

2. Which of the following represents the highest security level under the Common Criteria?
a. Formally verified, designed, and tested.
b. Structurally designed and tested.
c. Formally reviewed, tested, and checked.
d. None of the above.

3. The Common Criteria higher levels focus primarily on which of the following?
a. Correctness.
b. Effectiveness.
c. Assurance.
d. Correctness and effectiveness.
e. None of the above.

4. Which of the following would not be of primary interest to an assurance authority?
a. Type of assurance to seek.
b. Level of assurance to seek.
c. Types of certification and accreditation to be sought.
d. Type of testing labs to use.
e. None of the above.

5. Which types of security assurance method yield the highest level of assurance?
a. Methods that assess the deliverable.
b. Methods that assess the deliverable’s development process.
c. Methods that assess the deliverable’s development environment.
d. No one type of assurance method generally yields the highest level of assurance.