CHAPTER 3 - Security Architecture and Engineering

Question 1

What is the final step in authorizing a system for use in an environment?
A. Certification
B. Security evaluation and rating
C. Accreditation
D. Verification

Answer 1

C. Certification is a technical review of a product, and accreditation is management’s
formal approval of the findings of the certification process. This question asked you which
step was the final step in authorizing a system before it is used in an environment, and that
is what accreditation is all about.

Question 2

What feature enables code to be executed without the usual security checks?
A. Temporal isolation
B. Maintenance hook
C. Race conditions
D. Process multiplexing

Answer 2

B. Maintenance hooks get around the system’s or application’s security and access control
checks by allowing whoever knows the key sequence to access the application and most
likely its code. Maintenance hooks should be removed from any code before it gets into
production.

Question 3

If a component fails, a system should be designed to do which of the following?
A. Change to a protected execution domain
B. Change to a problem state
C. Change to a more secure state
D. Release all data held in volatile memory

Answer 3

C. The state machine model dictates that a system should start up securely, carry out secure
state transitions, and even fail securely. This means that if the system encounters something
it deems unsafe, it should change to a more secure state for self-preservation and
protection.

Question 4

The trusted computing base (TCB) contains which of the following?
A. All trusted processes and software components
B. All trusted security policies and implementation mechanisms
C. All trusted software and design mechanisms
D. All trusted software and hardware components

Answer 4

4. D. The TCB contains and controls all protection mechanisms within the system, whether
   they are software, hardware, or firmware.

Question 5

What is the imaginary boundary that separates components that maintain security from
components that are not security related?
A. Reference monitor
B. Security kernel
C. Security perimeter
D. Security policy

Answer 5

C. The security perimeter is a boundary between items that are within the TCB and items
that are outside the TCB. It is just a mark of delineation between these two groups of items.

Question 6

What is the best description of a security kernel from a security point of view?
A. Reference monitor
B. Resource manager
C. Memory mapper
D. Security perimeter

Answer 6

A. The security kernel is a portion of the operating system’s kernel and enforces the rules
outlined in the reference monitor. It is the enforcer of the rules and is invoked each time a
subject makes a request to access an object.

Question 7

In secure computing systems, why is there a logical form of separation used between
processes?
A. Processes are contained within their own security domains so each does not make
unauthorized accesses to other processes or their resources.
B. Processes are contained within their own security perimeter so they can only access
protection levels above them.
C. Processes are contained within their own security perimeter so they can only access
protection levels equal to them.
D. The separation is hardware and not logical in nature.

Answer 7

A. Processes are assigned their own variables, system resources, and memory segments,
which make up their domain. This is done so they do not corrupt each other’s data or
processing activities.

Question 8

What type of rating is used within the Common Criteria framework?
A. PP
B. EPL
C. EAL
D. A–D

Answer 8

C. The Common Criteria uses a different assurance rating system than the previously used
criteria. It has packages of specifications that must be met for a product to obtain the
corresponding rating. These ratings and packages are called Evaluation Assurance Levels
(EALs). Once a product achieves any type of rating, customers can view this information
on an Evaluated Products List (EPL).

Question 9

Which of the following is a true statement pertaining to memory addressing?
A. The CPU uses absolute addresses. Applications use logical addresses. Relative
addresses are based on a known address and an offset value.
B. The CPU uses logical addresses. Applications use absolute addresses. Relative
addresses are based on a known address and an offset value.
C. The CPU uses absolute addresses. Applications use relative addresses. Logical
addresses are based on a known address and an offset value.
D. The CPU uses absolute addresses. Applications use logical addresses. Absolute
addresses are based on a known address and an offset value.

Answer 9

A. The physical memory addresses that the CPU uses are called absolute addresses. The
indexed memory addresses that software uses are referred to as logical addresses. A
relative address is a logical address that incorporates the correct offset value.

Question 10

Pete is a new security manager at a financial institution that develops its own internal
software for specific proprietary functionality. The financial institution has several
locations distributed throughout the world and has bought several individual companies
over the last ten years, each with its own heterogeneous environment. Since each purchased
company had its own unique environment, it has been difficult to develop and deploy
internally developed software in an effective manner that meets all the necessary business
unit requirements. Which of the following best describes a standard that Pete should ensure
the software development team starts to implement so that various business needs can be
met?
A. ISO/IEC/IEEE 42010
B. Common Criteria
C. ISO/IEC 43010
D. ISO/IEC 15408

Answer 10

10. A. ISO/IEC/IEEE 42010 is an international standard that outlines specifications for system
    architecture frameworks and architecture languages. It allows for systems to be developed
    in a manner that addresses all of the stakeholder’s concerns.

Question 11

Which of the following is an incorrect description pertaining to the common components
that make up computer systems?
i. General registers are commonly used to hold temporary processing data, while special
registers are used to hold process-characteristic data as in condition bits.
ii. A processor sends a memory address and a “read” request down an address bus and a
memory address and a “write” request down an I/O bus.
iii. Process-to-process communication commonly takes place through memory stacks,
which are made up of individually addressed buffer locations.
iv. A CPU uses a stack return pointer to keep track of the next instruction sets it needs to
process.
A. i
B. i, ii
C. ii, iii
D. ii, iv

Answer 11

11. D. A processer sends a memory address and a “read” request down an address bus. The
    system reads data from that memory address and puts the requested data on the data bus. A
    CPU uses a program counter to keep track of the memory addresses containing the
    instruction sets it needs to process in sequence. A stack pointer is a component used within
    memory stack communication processes. An I/O bus is used by a peripheral device.

Question 12

Mark is a security administrator who is responsible for purchasing new computer systems
for a co-location facility his company is starting up. The company has several timesensitive
applications that require extensive processing capabilities. The co-location facility
is not as large as the main facility, so it can only fit a smaller number of computers, which
still must carry the same processing load as the systems in the main building. Which of the
following best describes the most important aspects of the products Mark needs to purchase
for these purposes?
A. Systems must provide symmetric multiprocessing capabilities and virtualized
environments.
B. Systems must provide asymmetric multiprocessing capabilities and virtualized
environments.
C. Systems must provide multiprogramming multiprocessing capabilities and virtualized
environments.
D. Systems must provide multiprogramming multiprocessing capabilities and symmetric
multiprocessing environments.

Answer 12

12. B. When systems provide asymmetric multiprocessing, this means multiple CPUs can be
    used for processing. Asymmetric indicates the capability of assigning specific applications
    to one CPU so that they do not have to share computing capabilities with other competing
    processes, which increases performance. Since a smaller number of computers can fit in the
    new location, virtualization should be deployed to allow for several different systems to
    share the same physical computer platforms.

Question 13

15. Which of the following best describes Steve’s confusion?
    A. Certification must happen first before the evaluation process can begin.
    B. Accreditation is the acceptance from management, which must take place before the
    evaluation process.
    C. Evaluation, certification, and accreditation are carried out by different groups with
    different purposes.
    D. Evaluation requirements include certification and accreditation components.

Answer 13

15. C. Evaluation, certification, and accreditation are carried out by different groups with
    different purposes. Evaluations are carried out by qualified third parties who use specific
    evaluation criteria (e.g., Common Criteria) to assign an assurance rating to a tested product.
    A certification process is a technical review commonly carried out internally to an
    organization, and accreditation is management’s formal acceptance that is carried out after
    the certification process. A system can be certified internally by a company and not pass an
    evaluation testing process because they are completely different things.

Question 14

16. Which of the following best describes an item the software development team needs to
    address to ensure that drivers cannot be loaded in an unauthorized manner?
    A. Improved security kernel processes
    B. Improved security perimeter processes
    C. Improved application programming interface processes
    D. Improved garbage collection processes

Answer 14

16. A. If device drivers can be loaded improperly, then either the access control rules outlined
    within the reference monitor need to be improved upon or the current rules need to be
    better enforced through the security kernel processes. Only authorized subjects should be
    able to install sensitive software components that run within ring 0 of a system.

Question 15

17. Which of the following best describes some of the issues that the evaluation testers most
    likely ran into while testing the submitted product?
    A. Nonprotected ROM sections
    B. Vulnerabilities that allowed malicious code to execute in protected memory sections
    C. Lack of a predefined and implemented trusted computing base
    D. Lack of a predefined and implemented security kernel

Answer 15

17. B. If testers suggested to the team that address space layout randomization and data
    execution protection should be integrated, this is most likely because the system allows for
    malicious code to easily execute in memory sections that would be dangerous to the
    system. These are both memory protection approaches.

Question 16

18. John has been told that one of the applications installed on a web server within the DMZ
    accepts any length of information that a customer using a web browser inputs into the form
    the web server provides to collect new customer data. Which of the following describes an
    issue that John should be aware of pertaining to this type of vulnerability?
    A. Application is written in the C programming language.
    B. Application is not carrying out enforcement of the trusted computing base.
    C. Application is running in ring 3 of a ring-based architecture.
    D. Application is not interacting with the memory manager properly.

Answer 16

18. A. The C language is susceptible to buffer overflow attacks because it allows for direct
    pointer manipulations to take place. Specific commands can provide access to low-level
    memory addresses without carrying out bounds checking.

Question 17

19. What is the goal of cryptanalysis?
    A. To determine the strength of an algorithm
    B. To increase the substitution functions in a cryptographic algorithm
    C. To decrease the transposition functions in a cryptographic algorithm
    D. To determine the permutations used

Answer 17

19. A. Cryptanalysis is the process of trying to reverse-engineer a cryptosystem, with the
    possible goal of uncovering the key used. Once this key is uncovered, all other messages
    encrypted with this key can be accessed. Cryptanalysis is carried out by the white hats to
    test the strength of the algorithm.

Question 18

20. Why has the frequency of successful brute-force attacks increased?
    A. The use of permutations and transpositions in algorithms has increased.
    B. As algorithms get stronger, they get less complex, and thus more susceptible to attacks.
    C. Processor speed and power have increased.
    D. Key length reduces over time.

Answer 18

20. C. A brute-force attack is resource intensive. It tries all values until the correct one is
    obtained. As computers have more powerful processors added to them, attackers can carry
    out more powerful brute-force attacks.

Question 19

21. Which of the following is not a property or characteristic of a one-way hash function?
    A. It converts a message of arbitrary length into a value of fixed length.
    B. Given the digest value, it should be computationally infeasible to find the corresponding
    message.
    C. It should be impossible or rare to derive the same digest from two different messages.
    D. It converts a message of fixed length to an arbitrary length value.

Answer 19

21. D. A hashing algorithm will take a string of variable length (the message can be any size)
    and compute a fixed-length value. The fixed-length value is the message digest. The MD
    family creates the fixed-length value of 128 bits, and SHA creates one of 160 bits.

Question 20

22. What would indicate that a message had been modified?
    A. The public key has been altered.
    B. The private key has been altered.
    C. The message digest has been altered.
    D. The message has been encrypted properly.

Answer 20

22. C. Hashing algorithms generate message digests to detect whether modification has taken
    place. The sender and receiver independently generate their own digests, and the receiver
    compares these values. If they differ, the receiver knows the message has been altered.

Question 21

23. Which of the following is a U.S. federal government algorithm developed for creating
    secure message digests?
    A. Data Encryption Algorithm
    B. Digital Signature Standard
    C. Secure Hash Algorithm
    D. Data Signature Algorithm

Answer 21

23. C. SHA was created to generate secure message digests. Digital Signature Standard (DSS)
    is the standard to create digital signatures, which dictates that SHA must be used. DSS also
    outlines the digital signature algorithms that can be used with SHA: RSA, DSA, and
    ECDSA.

Question 22

24. Which option best describes the difference between HMAC and CBC-MAC?
    A. HMAC creates a message digest and is used for integrity; CBC-MAC is used to encrypt
    blocks of data for confidentiality.
    B. HMAC uses a symmetric key and a hashing algorithm; CBC-MAC uses the first block
    for the checksum.
    C. HMAC provides integrity and data origin authentication; CBC-MAC uses a block
    cipher for the process of creating a MAC.
    D. HMAC encrypts a message with a symmetric key and then puts the result through a
    hashing algorithm; CBC-MAC encrypts the whole message.

Answer 22

24. C. In an HMAC operation, a message is concatenated with a symmetric key and the result
    is put through a hashing algorithm. This provides integrity and system or data
    authentication. CBC-MAC uses a block cipher to create a MAC, which is the last block of
    ciphertext.

Question 23

25. What is an advantage of RSA over DSA?
    A. It can provide digital signature and encryption functionality.
    B. It uses fewer resources and encrypts faster because it uses symmetric keys.
    C. It is a block cipher rather than a stream cipher.
    D. It employs a one-time encryption pad.

Answer 23

25. A. RSA can be used for data encryption, key exchange, and digital signatures. DSA can be
    used only for digital signatures.

Question 24

26. What is used to create a digital signature?
    A. The receiver’s private key
    B. The sender’s public key
    C. The sender’s private key
    D. The receiver’s public key

Answer 24

26. C. A digital signature is a message digest that has been encrypted with the sender’s private
    key. A sender, or anyone else, should never have access to the receiver’s private key.

Question 25

27. Which of the following best describes a digital signature?
    A. A method of transferring a handwritten signature to an electronic document
    B. A method to encrypt confidential information
    C. A method to provide an electronic signature and encryption
    D. A method to let the receiver of the message prove the source and integrity of a message

Answer 25

27. D. A digital signature provides authentication (knowing who really sent the message),
    integrity (because a hashing algorithm is involved), and nonrepudiation (the sender cannot
    deny sending the message).

Question 26

How many bits make up the effective length of the DES key?
A. 56
B. 64
C. 32
D. 16

Answer 26

A. DES has a key size of 64 bits, but 8 bits are used for parity, so the true key size is 56
bits. Remember that DEA is the algorithm used for the DES standard, so DEA also has a
true key size of 56 bits, because we are actually talking about the same algorithm here.
DES is really the standard, and DEA is the algorithm.

Question 27

29. Why would a certificate authority revoke a certificate?
    A. If the user’s public key has become compromised
    B. If the user changed over to using the PEM model that uses a web of trust
    C. If the user’s private key has become compromised
    D. If the user moved to a new location

Answer 27

29. C. The reason a certificate is revoked is to warn others who use that person’s public key
    that they should no longer trust the public key because, for some reason, that public key is
    no longer bound to that particular individual’s identity. This could be because an employee
    left the company or changed his name and needed a new certificate, but most likely it is
    because the person’s private key was compromised.

Question 28

30. What does DES stand for?
    A. Data Encryption System
    B. Data Encryption Standard
    C. Data Encoding Standard
    D. Data Encryption Signature

Answer 28

30. B. Data Encryption Standard was developed by NIST and the NSA to encrypt sensitive but
    unclassified government data.

Question 29

31. Which of the following best describes a certificate authority?
    A. An organization that issues private keys and the corresponding algorithms
    B. An organization that validates encryption processes
    C. An organization that verifies encryption keys
    D. An organization that issues certificates

Answer 29

31. D. A registration authority (RA) accepts a person’s request for a certificate and verifies that
    person’s identity. Then the RA sends this request to a certificate authority (CA), which
    generates and maintains the certificate.

Question 30

32. What does DEA stand for?
    A. Data Encoding Algorithm
    B. Data Encoding Application
    C. Data Encryption Algorithm
    D. Digital Encryption Algorithm

Answer 30

32. C. DEA is the algorithm that fulfilled the DES standard. So DEA has all of the attributes of
    DES: a symmetric block cipher that uses 64-bit blocks, 16 rounds, and a 56-bit key.

Question 31

33. Who was involved in developing the first public key algorithm?
    A. Adi Shamir
    B. Ross Anderson
    C. Bruce Schneier
    D. Martin Hellman

Answer 31

33. D. The first released public key cryptography algorithm was developed by Whitfield Diffie
    and Martin Hellman.

Question 32

34. What process usually takes place after creating a DES session key?
    A. Key signing
    B. Key escrow
    C. Key clustering
    D. Key exchange

Answer 32

34. D. After a session key has been created, it must be exchanged securely. In most
    cryptosystems, an asymmetric key (the receiver’s public key) is used to encrypt this session
    key, and it is sent to the receiver.

Question 33

35. DES performs how many rounds of transposition/permutation and substitution?
    A. 16
    B. 32
    C. 64
    D. 56

Answer 33

35. A. DES carries out 16 rounds of mathematical computation on each 64-bit block of data it
    is responsible for encrypting. A round is a set of mathematical formulas used for
    encryption and decryption processes.

Question 34

36. Which of the following is a true statement pertaining to data encryption when it is used to
    protect data?
    A. It verifies the integrity and accuracy of the data.
    B. It requires careful key management.
    C. It does not require much system overhead in resources.
    D. It requires keys to be escrowed.

Answer 34

36. B. Data encryption always requires careful key management. Most algorithms are so strong
    today that it is much easier to go after key management than to launch a brute-force attack.
    Hashing algorithms are used for data integrity, encryption does require a good amount of
    resources, and keys do not have to be escrowed for encryption.

Question 35

37. If different keys generate the same ciphertext for the same message, what is this called?
    A. Collision
    B. Secure hashing
    C. MAC
    D. Key clustering

Answer 35

37. D. Message A was encrypted with key A and the result is ciphertext Y. If that same
    message A were encrypted with key B, the result should not be ciphertext Y. The
    ciphertext should be different because a different key was used. But if the ciphertext is the
    same, this occurrence is referred to as key clustering.

Question 36

38. What is the definition of an algorithm’s work factor?
    A. The time it takes to encrypt and decrypt the same plaintext
    B. The time it takes to break the encryption
    C. The time it takes to implement 16 rounds of computation
    D. The time it takes to apply substitution functions

Answer 36

38. B. The work factor of a cryptosystem is the amount of time and resources necessary to
    break the cryptosystem or its encryption process. The goal is to make the work factor so
    high that an attacker could not be successful in breaking the algorithm or cryptosystem.

Question 37

39. What is the primary purpose of using one-way hashing on user passwords?
    A. It minimizes the amount of primary and secondary storage needed to store passwords.
    B. It prevents anyone from reading passwords in plaintext.
    C. It avoids excessive processing required by an asymmetric algorithm.
    D. It prevents replay attacks.

Answer 37

39. B. Passwords are usually run through a one-way hashing algorithm so the actual password
    is not transmitted across the network or stored on a system in plaintext. This greatly
    reduces the risk of an attacker being able to obtain the actual password.

Question 38

40. Which of the following is based on the fact that it is hard to factor large numbers into two
    original prime numbers?
    A. ECC
    B. RSA
    C. DES
    D. Diffie-Hellman

Answer 38

40. B. The RSA algorithm’s security is based on the difficulty of factoring large numbers into
    their original prime numbers. This is a one-way function. It is easier to calculate the
    product than it is to identify the prime numbers used to generate that product.

Question 39

41. Which of the following describes the difference between the Data Encryption Standard and
    the Rivest-Shamir-Adleman algorithm?
    A. DES is symmetric, while RSA is asymmetric.
    B. DES is asymmetric, while RSA is symmetric.
    C. They are hashing algorithms, but RSA produces a 160-bit hashing value.
    D. DES creates public and private keys, while RSA encrypts messages.

Answer 39

A. DES is a symmetric algorithm. RSA is an asymmetric algorithm. DES is used to encrypt
data, and RSA is used to create public/private key pairs.

Question 40

42. Which of the following uses a symmetric key and a hashing algorithm?
    A. HMAC
    B. Triple-DES
    C. ISAKMP-OAKLEY
    D. RSA

Answer 40

42. A. When an HMAC function is used, a symmetric key is combined with the message, and
    then that result is put though a hashing algorithm. The result is an HMAC value. HMAC
    provides data origin authentication and data integrity.

Question 41

43. The generation of keys that are made up of random values is referred to as Key Derivation
    Functions (KDFs). What values are not commonly used in this key generation process?
    A. Hashing values
    B. Asymmetric values
    C. Salts
    D. Passwords

Answer 41

B. Different values can be used independently or together to play the role of random key
material. The algorithm is created to use specific hash, password, and\or salt value, which
will go through a certain number of rounds of mathematical functions dictated by the
algorithm.

Question 42

44. When should a Class C fire extinguisher be used instead of a Class A fire extinguisher?
    A. When electrical equipment is on fire
    B. When wood and paper are on fire
    C. When a combustible liquid is on fire
    D. When the fire is in an open area

Answer 42

A. A Class C fire is an electrical fire. Thus, an extinguisher with the proper suppression
agent should be used. The following table shows the fire types, their attributes, and
suppression methods:

Question 43

45. Which of the following is not a main component of CPTED?
    A. Natural access control
    B. Natural surveillance
    C. Territorial reinforcement
    D. Target hardening

Answer 43

D. Natural access control is the use of the environment to control access to entry points,
such as using landscaping and bollards. An example of natural surveillance is the
construction of pedestrian walkways so there is a clear line of sight of all the activities in
the surroundings. Territorial reinforcement gives people a sense of ownership of a property,
giving them a greater tendency to protect it. These concepts are all parts of CPTED. Target
hardening has to do with implementing locks, security guards, and proximity devices.

Question 44

46. Which problems may be caused by humidity in an area with electrical devices?
    A. High humidity causes excess electricity, and low humidity causes corrosion.
    B. High humidity causes corrosion, and low humidity causes static electricity.
    C. High humidity causes power fluctuations, and low humidity causes static electricity.
    D. High humidity causes corrosion, and low humidity causes power fluctuations.

Answer 44

B. High humidity can cause corrosion, and low humidity can cause excessive static
electricity. Static electricity can short out devices or cause loss of information.

Question 45

47. What does positive pressurization pertaining to ventilation mean?
    A. When a door opens, the air comes in.
    B. When a fire takes place, the power supply is disabled.
    C. When a fire takes place, the smoke is diverted to one room.
    D. When a door opens, the air goes out.

Answer 45

D. Positive pressurization means that when someone opens a door, the air goes out, and
outside air does not come in. If a facility were on fire and the doors were opened, positive
pressure would cause the smoke to go out instead of being pushed back into the building.

Question 46

48. Which of the following answers contains a category of controls that does not belong in a
    physical security program?
    A. Deterrence and delaying
    B. Response and detection
    C. Assessment and detection
    D. Delaying and lighting

Answer 46

D. The categories of controls that should make up any physical security program are
deterrence, delaying, detection, assessment, and response. Lighting is a control itself, not a
category of controls.