arch

Question 1

Control Unit

Answer 1

Control Unit

Fetches code, interprets code, oversees exe.

Question 2

Trusted Computing Base

Answer 2

Trusted Computing Base (TCB)

consists of sw, hw, fw, and processes wi a comp that are designed to enfore a sec pol.

Question 3

Common Criteria

Answer 3

Common Criteria

works to answer 2 basic Qs: What sec mech wi the product do? How sure of it are you?

Question 4

Certifications

Answer 4

Certifications

technial review of prod that ensure sec req have been met.Certs are preformed 1st and then Accrediations.

Question 5

Invocation prop

Answer 5

Invocation property

part of biba security model and enforces integrity btw subj and obj

Question 6

*-property rule

Answer 6

Part of Bell-Lapadula model and enforces confidentiality.

Question 7

Simple security role

Answer 7

a subject cannot read data within object that resides in a higher security level. “No read up “rule

Question 8

Strong star property rule

Answer 8

For a subject to be able to read and write to an object the subjects clearance any objects classification must be equal

Question 9

orange book/ TCSEC levels

Answer 9

A. verified protection
B. Mandatory
C: Discretionary
D: minimal

B2 offers more assurance then B1

Question 10

ITSEC (euro) has 2 grades:
F1-F10 = functional
E0-E6 = assurance

0 being worst.

Answer 10

.

Question 11

Common criteria is the evaluation identified by ISO and 93 that outlines any merges all of their evaluation criteria such as TCsec and ITsec and CTCPEC

Answer 11

Eval1- Eval7.

7 bring best and formally verified design and tested

1: Functionally tested
2: Structurally tested
3: Methodically we tested and checked
4: Methodically designed tested and reviewed
5: Semi formally designed and tested
6: semi formally verified design and tested
7: Formally verified design and tested

Question 12

Which security model dictate that subjects can only access objects your application. This model also illustrates how to provide functionality for separation duties and requires auditing tasks within software

Answer 12

The Clark – Wilson model

Question 13

Which security model is used mainly military and government oriented systems

Answer 13

The bell– LaPadula model

Question 14

Which security models are used in the commercial sector

Answer 14

The Biba and Clark – Wilson model

Question 15

the deal with C-language and buffer overflow attacks

Answer 15

The ceiling which is susceptible to buffer overflow attacks because it allows for direct pointer manipulations to take place. Specific commands can provide access to low-level memory addresses without carrying bounds checking

Question 16

Memory address to address bus relationship

Answer 16

a processor sends a memory address and a “read “request down an address bus. The system reads data from the memory address and puts the requested data on the data bus. A CPU uses a program counter to keep track of the memory addresses containing the instruction sets it needs to process and sequence. A stack pointer is a component used within memory that communication processes. an I/O bus is used by a peripheral device

Question 17

International std that outlines sys arch frameworks and arch Lang.

Answer 17

ISO/IEC 42010:2007

Question 18

international std used as basis for evalu of sec properties of products under common criteria frameworks.

Answer 18

ISO/IEC 15408

Question 19

Security kernel

Answer 19

The security kernel is a portion of the OS kernel and enforces the rules outlined in the reference monitor. It is the enforcer of the roles and it’s invoked each time a subject makes a request to access an object

Question 20

which risk mgmt std deals w financial, capital and human safety ALONG with risk mgmt for info sec??

Answer 20

AS/NZ 4360.