Ch9

Question 1

capable at operating at one security level at a time

Answer 1

single state processor

Question 2

can simultaneously operate at multiple security levels

Answer 2

multistate processor

Question 3

security modes approved by Federal government for processing classified information

Answer 3

Dedicated - all users have clearance, access permissions & need-to-know
System High - all users have clearance & access permissions
Compartmented - all users have clearance
Multilevel

Question 4

what systems often go far beyond basic
multiprocessing capabilities. They often include the concept of dividing up a large task into smaller elements, and then distributing each subelement to a different processing subsystem

Answer 4

parallel systems

Question 5

what are built out of a large number of capacitors, each holding a single electrical charge. They are continuously refreshed by the CPU in order to retain their contents

Answer 5

Dynamic RAM chips

Question 6

what types of chips BIOS and Firmware stored on

Answer 6

EEPROM

Question 7

what code objects are sent from a server to a client to perform some action

Answer 7

applet

Question 8

what applets have full access to the Windows operating system

Answer 8

ActiveX

Question 9

an attack responding to ARP broadcast queries in

order to send back falsified replies or static ARP entry

Answer 9

ARP cache poisoning

Question 10

collect numerous lowlevel security items or low-value items and combine them to create something of a higher security level or value.

Answer 10

aggregation

Question 11

combining several pieces of nonsensitive information to gain access to information that should be classified at a higher level by using the deductive capacity of the human mind

Answer 11

inference

Question 12

a way of referring to data that is supplied to the CPU as part of an instruction

Answer 12

immediate addressing

Question 13

CPU is provided with an actual address of the

memory location to access. The address must be located on the same memory page as the instruction being executed

Answer 13

direct addressing

Question 14

memory address supplied to the CPU as part of the instruction doesn’t contain the actual value that the CPU is to use as an operand. Instead, the memory address contains another memory address (perhaps located on a different page).

Answer 14

indirect addressing

Question 15

a value stored in one of the CPU’s registers as the base location from which to begin counting

Answer 15

Base+Offset Addressing

Question 16

what are the 3 main security issues surrounding memory components

Answer 16

• data may remain on chip after power is lost
• memory chips are highly stealable (pilferable)
• control of access is low in multiuser system

Question 17

what are security risks that input/output devices can pose

Answer 17

eavesdropping
tapping
to smuggle data out of organization
to create unauthorized points of entry

Question 18

what is the biggest security risks from monitors

Answer 18

TEMPEST; shoulder surfing or telephoto lenses on cameras

Question 19

what is the biggest security risks from keyboards

Answer 19

TEMPEST; keystroke monitoring

Question 20

what is the biggest security risks from printers

Answer 20

printouts left on printers

unsecure HDDs

Question 21

what is the biggest security risks from modems

Answer 21

• allow inbound access around perimeter security

- allow egress of data

Question 22

a technique for assigning specifc signal lines to specifc devices through a special interrupt controller

Answer 22

Interrupt Request (IRQ)

Question 23

works as a channel with two signal lines, where one line is a DMA request (DMQ) line and the other is a DMA acknowledgment (DACK) line. Devices that can exchange data directly with memory and without requiring assistance from the CPU

Answer 23

Direct Memory Access - used most commonly to permit disk drives, optical drives, display cards, and multimedia cards to manage large-scale data transfers to and from real memory.

Question 24

From a security standpoint, what should be the only thing managing the DMA, IRQ and Memory Mapped I/O

Answer 24

operating system

Question 25

a technique used to provide access to some kind of device through a series of mapped memory addresses or locations

Answer 25

Memory-Mapped I/O

Question 26

true or false: Abstraction creates “Black Box” interfaces for programmers to use without the knowledge of algorithm or inner workings

Answer 26

true

Question 27

creates different realms of security within process and limits communication between them

Answer 27

layering

Question 28

prevents information from being read from different security level

Answer 28

data hiding

Question 29

enforces process isolation with physical controls

Answer 29

hardware segmentation

Question 30

The role of a ______ ______ is to inform and guide the design, development, implementation, testing and maintenance of some particular system.

Answer 30

security policy

Question 31

Name PED security features

Answer 31

• full device encryption
• remote wipe
• lockout
• screen lock
• GPS
• application control
• storage segmentation
• asset tracking
• inventory control
• mobile device management
• device access control
• removable storage
• disabling of unused features

Question 32

• the concept that if A trusts B and B trusts C, then A inherits trust of C
• serious security concern because it may enable bypassing of restrictions or limitations

Answer 32

Transitive Trust