Chapter 8

Question 1

entity that makes a request to access a resource

Answer 1

subject

Question 2

entity a subject wants access to

Answer 2

resource

Question 3

concept that if A trusts B and B trusts C, then A can also trust C

Answer 3

transitive trust

Question 4

system that is designed to work well with a narrow range of other systems; standards are often proprietary and not normally disclosed

Answer 4

closed system

Question 5

systems that are designed using agreed-upon industry standards

Answer 5

open systems

Question 6

defined set of interactions allowed between computing elements

Answer 6

API - Application Programming Interface

Question 7

11 secure design principles

Answer 7

1. secure defaults
2. fail securely
3. keep it simple
4. zero trust
5. privacy by design
6. trust but verify
7. threat modeling
8. defense in depth
9. least privilege
10. separation of duties
11. shared responsibility

Question 8

should you assume that A. default settings are the most secure or B. default settings are for easy installation and need to be hardened?

Answer 8

B

Question 9

process where programmer codes in mechanisms to anticipate and defend against errors in order to avoid the termination of execution

Answer 9

exception handling

Question 10

the inclusion of code that will attempt to handle errors when they arise before they can cause harm or interrupt execution

Answer 10

error handling

Question 11

logical block statement that is used to place code that could result in an error on the “try” branch

an example of an exception handling mechanism

Answer 11

try..catch

Question 12

3 mechanisms for avoiding or preventing errors related to user input

Answer 12

input sanitation
input validation
input filtering

Question 13

allow a system to continue to operate after a component fails

Answer 13

fail-soft

Question 14

human protection prioritization; when a failure occurs the product will revert to a state that protects the health and safety of people

Answer 14

fail-safe or fail-open

Question 15

a system that prioritizes the physical security of assets of the safety of people

Answer 15

fail-secure or fail-close

Question 16

the more complex a system, the more difficult it is to secure

Answer 16

KISS - Keep it Simple

Question 17

eliminating redundancy in software by not repeating the same code in multiple places

Answer 17

DRY - Don’t Repeat Yourself

Question 18

code should use the least necessary resources possible

Answer 18

Computing Minimalism

Question 19

use the least powerful programming language that is suitable

Answer 19

Rule of Least Power

Question 20

software quality/security does not necessarily increase with an increase in capabilities and functions

Answer 20

New Jersey Style (Worse is Better)

Question 21

don’t add capabilities until they are actually necessary

Answer 21

YAGNI - You Aren’t Gonna Need It

Question 22

nothing inside the organization is automatically trusted; every access request should be authenticated, authorized, and encrypted

Answer 22

zero trust

Question 23

dividing up an internal network into numerous subzones using firewalls, subnets, or VLANS

Answer 23

microsegmentation

Question 24

guideline to integrate privacy protections into products during the early design phase

Answer 24

Privacy by Design (PbD)

Question 25

7 principles of PbD

Answer 25

1. Proactive not reactive, preventative not remedial
2. Privacy as the default
3. Privacy embedded into design
4. Full functionality
5. End-to-end security
6. visibility and transparency
7. respect for user privacy

Question 26

depends on an initial authentication process to gain access to the internal secure environment

Answer 26

trust but verify

Question 27

allowing a process to read from and write to only certain memory locations and resources

Answer 27

confinement/sandboxing

Question 28

limits set on the memory addresses and resources a process can access

Answer 28

bounds

Question 29

the degree of confidence in satisfaction of security needs; how reliable the security mechanisms are

Answer 29

assurance

Question 30

a system in which all protection mechanisms work together to process sensitive data while maintaining a stable and secure computing environment

Answer 30

trusted system

Question 31

an object that is associated with a resource and describes its security attributes

Answer 31

token

Question 32

a list that maintains a row of security attributes for each controlled object

Answer 32

capabilities list

Question 33

a type of attribute storage that is a permanent part of the object to which its attached

Answer 33

security label

Question 34

combination of hardware, software, and controls that work together to form a trusted base

Answer 34

trusted computing base (TCB)

Question 35

an imaginary boundary that separates the TCB from the rest of the system

Answer 35

security perimeter

Question 36

part of the TCB that validates access to every resource

Answer 36

reference monitor

Question 37

collection of components in the TCB that work together to implement reference monitor functions

Answer 37

security kernel

Question 38

a system that is always secure no matter what state its in

Answer 38

state machine model

Question 39

a snapshot of a system at a specific moment in time

Answer 39

state

Question 40

this security model focuses on controlling the flow of information; designed to prevent unauthorized, insecure, or restricted information flow between different levels of security

Answer 40

information flow model

Question 41

this security model is concerned with how the actions of a subject at a higher security level affect the system state at a lower security level

Answer 41

noninterference model

Question 42

this security model employs a directed graph to dictate how rights can be passed from on subject to another

Answer 42

take-grant model

Question 43

4 rules of the take-grant model

Answer 43

take rule: allows a subject to take rights over an object
grant rule: allows a subject to grant rights to an object
create rule: allows a subject to create new rights
remove rule: allows a subject to remove rights it has

Question 44

a table of subjects and objects that indicates the actions or functions that each subject can perform on each object

Answer 44

access control matrix

Question 45

this security model was developed by the DoD based on multilevel security policies

Answer 45

Bell-LaPadula model

Question 46

This security model has two properties: simple integrity property and star integrity property

Answer 46

Biba model

Question 47

Integrity property that states a subject cannot read an object at a lower integrity level

Answer 47

Simple Integrity Property

Question 48

integrity property that states that a subject cannot modify an object at a higher integrity level

Answer 48

star integrity property

Question 49

this model only provides integrity

Answer 49

Biba

Question 50

this model defines each data item and allows modifications through only a limited or controlled intermediary program or interface

Answer 50

Clark-Wilson model

Question 51

any data item whose integrity is protected by the security model

Answer 51

constrained data item (CDI)

Question 52

an data item that is not controlled by the security model

Answer 52

unconstrained data item (UDI)

Question 53

a procedure that scans data items and confirms their identity

Answer 53

integrity verification procedure (IVP)

Question 54

the only procedures that are allowed to modify a CDI

Answer 54

transformation procedures (TPs)

Question 55

this model permits access controls to change based on a user’s previous activity; involves conflicts of interest defined by conflict classes

Answer 55

Brewer and Nash model

Question 56

this integrity model is a noninterference model, and is based on predetermining the set or domain of objects that a subject can access

Answer 56

Gogen-Meseguer Model

Question 57

this integrity model is based on the idea of defining a set of system states, initial states, and state transitions.

Answer 57

Sutherland Model

Question 58

this model is focused on the secure creation and deletion of both subjects and objects.

Answer 58

Graham-Denning model

Question 59

this model focuses on the assignment of object access rights to subjects as well as the resilience of those rights

Answer 59

Harrison-Ruzzo-Ullman model (HRU)

Question 60

This product evaluation model defines various levels of testing and confirmation of systems’ security capabilities

Answer 60

Common Criteria (CC)

Question 61

The Common Criteria process is based on two key elements:

Answer 61

protection profiles and security targets

Question 62

official approval to use secured equipment for operational objectives

Answer 62

ATO - Authorization to Operate

Question 63

the 4 authorization decisions an AO can issue

Answer 63

ATO Authorization to Operate
Common control Authorization
Authorization to Use
Denial of Authorization

Question 64

this security capability is used to prevent an active process from interacting with an area of memory that was not specifically assigned or allocated to it

Answer 64

Memory Protection

Question 65

this exploitation can allow for the reading of private kernel memory contents by a nonprivileged process

Answer 65

Meltdown

Question 66

this exploitation can enable to wholesale theft of memory contents from other running applications

Answer 66

Spectre

Question 67

hosting one or more operating systems within the memory of a single host computer

Answer 67

virtualization

Question 68

the ability of a system to suffer a fault but continue to operate; achieved through redundancy (RAID), and failover clusters

Answer 68

Fault Tolerance