CISSP

Question 1

How does the operating systems manages Process functionalities?

Answer 1

It Manages process functionalities through the use of Priority. Some critical processes cannot afford to have their functionality interrupted by another process. The operating system is responsible for setting the priorities for the different processes. When one process needs to interrupt another process, the operating system compares the priority levels of the two processes to determine if this interruption should be allowed

Question 2

A program that has been developed to carry out several different tasks at one time (display, print, interact with other programs) is capable of running several different threads simultaneously. An application with this capability is referred to as ____________

Answer 2

a multi-threaded application

Question 3

It is critical that more than one process does not attempt to read and write to these items at the same time. Why is that?

Answer 3

To ensures that programs do not corrupt each other’s data held in memory.

Question 4

Integrity is dependent on confidentiality. Without confidentiality, integrity cannot be maintained. What are the Other concepts, conditions, and aspects of integrity:

Answer 4

the Other aspects of integrity include accuracy, truthfulness, authenticity, validity, nonrepudiation, accountability, responsibility, completeness, and comprehensiveness.

Question 5

What is Time Multiplexing?

Answer 5

Time multiplexing is a technology that allows processes to use the same resources.

Question 6

What is the relationship between system complexity and security?

Answer 6

As the complexity of our systems increases, the potential of truly securing them decreases. There is an inverse relationship between complexity and security: as one goes up, the other one usually goes down. But
this fact does not necessarily predict doom and gloom; what it means is that software architecture and development has to be done in a more disciplined manner.

Question 7

What are the goals of memory management?

Answer 7

The goals of memory management are to
• Provide an abstraction level for programmers
• Maximize performance with the limited amount of memory available
• Protect the operating system and applications loaded into memory

Question 8

____ a set of functions that applications can call upon to carry out different types of procedures.

Answer 8

Dynamic Link Library DLL - For example, the Windows operating system has a crypt32.dll that is used by the operating system and applications for cryptographic functions.

Question 9

____ a set of functions that applications can call upon to carry out different types of procedures.

Answer 9

Dynamic Link Library DLL - For example, the Windows operating system has a crypt32.dll that is used by the operating system and applications for cryptographic functions.

Question 10

What are the issues associated with Memory Protection Issues?

Answer 10

1. Every address reference is validated for protection.
2. Two or more processes can share access to the same segment with potentially different access rights.
3. Different instruction and data types can be assigned different levels of protection.
4. Processes cannot generate an unpermitted address or gain access to an unpermitted segment

Question 11

Provide a Scenario where virtual memory management could be manipulated by Hackers.

Answer 11

f a program, file, or data is encrypted and saved on the hard drive, it will be decrypted when used by the controlling program. While this unencrypted data is sitting in RAM, the system could write out the data to
the swap space on the hard drive in its unencrypted state. This is also true for secret and private keys being held in RAM. Attackers have figured out how to gain access to this space in unauthorized manners.

Question 12

I/O devices are usually considered block or character devices True/False

Answer 12

True

Question 13

The CPU Provides a ring structure architecture

Answer 13

True the CPU provides the ring structure architecture, and the operating system assigns its processes to the different rings.

Question 14

When can a process have access to resources in a nonrestrictive manner?

Answer 14

When a process is placed in ring 0, its activities are carried out in kernel mode, which means it can access the most critical resources in a nonrestrictive manner.

Question 15

Attackers have found many ways around Ring protection scheme and have tricked operating systems into loading their malicious code into ring 0, which is very dangerous. Agree?

Answer 15

Yes i agree; Attackers have fooled operating systems by creating their malicious code to mimic system-based DLLs, loadable kernel modules, or other critical files. The operating system then loads the malicious code into ring 0, and it runs in kernel mode. At this point the
code could carry out almost any activity within the operating system in an unprotected manner.

Question 16

What can possibly go wrong when the Ring zero architecture is compromised?

Answer 16

The malicious code can install key loggers, sniffers, code injection tools, and Trojaned files. The code could delete files on the hard drive, install back doors, or send sensitive data to the attacker’s computer using the compromised system’s network protocol stack.

Question 17

While the system processor deals with system firmwares, hardwares, and software components, the Operating systems architecture deals majorly___________

Answer 17

at operating system architectures, which deal specifically with the software components of a system.

Question 18

Thin Client is now more preferable due to minimal systems resources required Why is that?

Answer 18

it is better to expand and invest in server resources because of their lifespan compared to clients systems which must be replace every two years.

Question 19

When is an application said to operate in a Monolithic design ? with example

Answer 19

Earlier operating systems, such as MS-DOS, were based upon a monolithic design. The whole operating system acted as one software layer between the user applications and the hardware level.

Question 20

What are the issues associated with a Monolithic operating system?

Answer 20

There are several problems with this approach: complexity, portability, extensibility, and security. Since the functionality of the code is spread throughout
the system, it is hard to test and debug. If there is a flaw in a software component, it is difficult to localize and easily fix. Many pieces of this spaghetti bowl of code had to be modified just to address one issue.

Question 21

In a Layered Operating System, what are the five steps involved?

Answer 21

THE had five layers of functionality. Layer 0 controlled access to the processor and provided multiprogramming functionality, layer 1 carried out memory management, layer 2 provided inter-process communication, layer 3 dealt with I/O devices, and layer 4 was where the applications resided.

Question 22

Which operating system Architecture provides single layer of security?

Answer 22

A monolithic operating system provides only one layer of security. In a layered system, each layer should provide its own security and access control.