CISSP Domain 3

Question 1

What are technique of ensuring CIA for processes?

Answer 1

1.Confinement: Process to be assigned only required resources (memory, run time)
2. Bound: Process is authorised to interactions user, Kernel
3. Isolation : Enforcement of bound and implementation of confinement

Question 2

What is trust and Assurance?

Answer 2

Trust: Presence of security mechanism
Assurance: Degree of confidence in satisfaction of security needs

Question 3

What is security model?

Answer 3

Map abstract statements into security policy for designers

Question 4

What is TCB and it’s components?

Answer 4

Enforcement of security policy through:

1. Security perimeter: Seperate trusted to in untrusted
2. Reference monitor: Restrict the access it’s a theoretical concepts
3. Security kernel: Implements the above RM

Question 5

What is State machine model?

Answer 5

Takes snapshot of a system at given time
It should always be in “secure state”
When the state changes it’s called transition state and it should happen in secure transition state

Question 6

What is information flow model ?

Answer 6

Multilevel security
Dictates information flow from subject to object to prevent unauthorised, restricted, insecure often between different security level

Question 7

What are elements of Evaluation criteria?

Answer 7

Protection profile ( and Security Target ()

Question 8

Non Interference

Answer 8

Actions of subject at a higher level should not take advantage of the lower level

Question 9

Take grant model

Answer 9

Access rights can be passed on from an object to a different object

Question 10

Access control matrix

Answer 10

Capability list and access control matrix

Question 11

Bella padula

Answer 11

Protect confidentiality
simple security property ( no read up) and star security property (no write down)
Discretionary security property

Question 12

Biba model

Answer 12

Integrity

No read down ( simple integrity rule)
No write up ( star integrity rule)

Question 13

Clark Wilson model

Answer 13

Provide integrity
Access triplet ( subject, program and object)

Subjects cannot access objects directly but only through TP

CDI - constrained data item to protect integrity using security model
UDI - not restricted
Transformation Procedure - Will use TP for subject to access object

Question 14

Brewer and nash model

Answer 14

Provides confidentiality
Chinese wall model or to avoid conflict of interest

Question 15

Goguen - Meseguer model

Answer 15

Integrity
Foundation of non Interference model

Question 16

Sutherland model

Answer 16

Prevention of interference+ integrity

Question 17

Graham Denning model

Answer 17

Creation and deletion of both subjects and objects

Question 18

Harrison -Ruzo -Ulman model

Answer 18

Assignment of object access rights and resilience of assigned rights

Question 19

Secure design principles

Answer 19

Secure default
Fail securely: physical - digital
Fail open( people, availability)
Fail safe ( people, CI)
Fail closed and secure( assets, CI)
KISS
Zero trust : Microsegmentation, assume there is data breach, trust but verify,
privacy by design- (proactive, default setting, positive sum, data protection, visibility and transparency, user centric)

, trust but verify - now zero trust)

Question 20

Shared Responsibility

Answer 20

Organization do not operate in isolation in an interconnected World you can have internal and external suppliers

Question 21

Process and execution types

Answer 21

Brain of computer

1. Ready : to be executed after fetching info from memory
2. Running: Execution
3. Waiting: Has 2 but need to fetch other data from memory in order to complete execution
4. Supervisory
5. Stopped

Problem state based on low prevlige access

Question 22

CPU and processing types

Answer 22

Brain of computer
1. Multitasking: Multiple tasks a single core
2. Multi processing: Multiple process and multiple thread executed by processor
3. Multicore : Many core cpu
4. Multi threading: Many thread executed for a single process
5. Multi programming: similar to multitasking

Fetch execute decode

Question 23

Protection mechanism of OS

Answer 23

Ring 0 kernel
Ring 1 os components
Ring 2 drivers and protocol
Ring 3 i/o devices

Question 24

What is goal of memory protection and and how can it be achieved (2 methods)?

Answer 24

A computing device is likely running multiple applications and services simultaneously, each occupying a segment of memory. The goal of memory protection is to prevent one application or service from impacting another. There are two primary memory protection methods:

Process isolation: OS provides separate memory spaces for each processes instructions and data, and prevents one process from impacting another

Hardware segmentation: forces separation via physical hardward controls rather than logical processes; in this type of segmentation, the operating system maps processes to dedicated memory locations

Question 25

Virtualization and types

Answer 25

technology used to host one or more operating systems within the memory of a single host, or to run applications that are not compatible with the host OS. The goal is to protect the hypervisor and ensure that compromising one VM doesn’t affect others on that host

Type 1 hypervisor: Hypervisor directly installe on bare metal server hardware mainly used for servers

Type 2: application are managed through hypervisor
Hardware
Hypervisor
OS

Question 26

ROM

Answer 26

ROM : only reads
It’s volatile in nature and contents are burned into chips can’t be changed

PROM : Users burn in the content into chips

EEPROM and UVPROM: contents can be erased

Flash memory: USB kind of EEPROM

Question 27

RAM and types

Answer 27

Can be read and written

Real memory
Secondary memory: ssd
Cache memory: Repetitive tasks
Virtual memory: secondary memory to expand memory space -Page file

Question 28

Memory addressing

Answer 28

Ways by which cpu accesses memory

Register addressing
Immediate addressing
Direct addressing
Indirect addressing
Base+offset addressing

Question 29

Data storage devices

Answer 29

Primary vs secondary
Volatile vs non volatile
Random vs sequential

Question 30

Emnation security and how to reduce it

Answer 30

Related to emanating signals, voltage

Tempest technology can reduce it

Faraday cage
Control Zoning
White noise

Question 31

Firmware

Answer 31

Mini OS which does very limited function of OS. ROM or EEPROM chip

BIOS and UEFI ( same as BIOS but additional support)

Question 32

Phlashing and boot attestation or secure boot, measured boot

Answer 32

Malicious code embedded into bios

Protection of local os

Optional feature of UEFI which does hashing

Question 33

TPM

Answer 33

cryptographic chip that is sometimes included with a client computer or server. A TPM enhances the capabilities of a computer by offering hardware-based cryptographic operations. Many security products and encryption solutions require a TPM

TPM is both a specification for a cryptoprocessor chip on a motherboard and the general name for implementation of the specification

A TPM is an example of ahardware security module (HSM)

An HSM is a cryptoprocessor used to manage and store digital encryption keys, accelerate crypto operations, support faster digital signatures, and improve authentication

Question 34

Client and server based systems

Answer 34

Client based: Applet (Adobe in chrome)
Server based :
Data Flow Control: movement of data between processes, between devices, across a network, or over a communications channel

Management of data flow seeks to minimize latency/delays, keep traffic confidential (i.e. using encryption), not overload traffic (i.e. load balancer), and can be provided by network devices/applications & services

While attackers may initially target client computers, servers are often the goal

Mitigation: regular patching, deploying hardened server OS images for builds, and use host-based firewalls

Question 35

DCE

Answer 35

collection of individual systems that work together to support a resource or provide a service

DCEs are designed to support communication and coordination among their members in order to achieve a common function, goal, or operation

Most DCEs have duplicate or concurrent components, are asynchronous, and allow for fail-soft or independent failure of components

DCE is AKA concurrent computing, parallel computing, and distributed computing

DCE solutions are implemented as client-server, three-tier, multi-tier, and peer-to-peer

Securing distributed systems:

in distributed systems, integrity is sometimes a concern because data and software are spread across various systems, often in different locations

Question 36

Microservices

Answer 36

A component of web application and derivative of SOA instead of developer building all the services of software they can integrate using micro services which can be called upon using API

Question 37

Containers Vs virtualization

Answer 37

Instead of using tht complete OS it will create and use only whatever is required

AKA OS virtualization is based on the concept of eliminating the duplication of OS elements in a virtual machine; instead each application is placed into a container that includes only the actual resources needed to support the enclosed application, and the common or shared OS elements are then part of the hypervisor

Containerization is able to provide 10 to 100 x more application density per physical server compared to traditional virtualization

Vendors often have security benchmarks and hardening guidelines to follow to enhance container security

Securing containers:

container challenges include the lack of isolation compared to a traditional infrastructure of physical servers and VMs

scan container images to reveal software with vulnerabilities

secure your registries: use access controls to limit who can publish images, or even access the registry; require images to be signed

harden container deployment including the OS of the underlying host, using firewalls, and VPC rules, and use limited access accounts

reduce the attack surface by minimizing the number of components in each container, and update and scan them frequently

Virtualization: System, host os , Hypervisor, guest OS, bin lib , apps

Containers: System, host os, bin abd lib, App..

Question 38

Serverless architecture

Answer 38

Serverless architecture(AKAfunction as a service (FaaS)): a cloud computing concept where code is managed by the customer and the platform (i.e. supporting hardware and software) or servers are managed by the CSP

Applications developed on serverless architecture are similar to microservices, and each function is created to operate independently and automonomously

A serverless model, as in other CSP models, is a shared security model,and your organization and the CSP share security responsibility

Question 39

Embedded systems

Answer 39

form of computing component added to an existing mechanical or electrical system for the purpose of providing automation, remote control, and/or monitoring; usually including a limited set of specific functions

Example: microcontroller

Question 40

Hpc and it’s there main elements

Answer 40

High-performance computing (HPC)systems: platforms designed to perform complex calculations/data manipulation at extremely high speeds (e.g. super computers or MPP); often used by large orgs, universities, or gov agencies

An HPC solution is composed of three main elements:

compute resources

network capabilities

storage capacity

HPCs often implement real-time OS (RTOS)

HPC systems are often rented, leased or shared, which can limit the effectiveness of firewalls and invalidate air gap solutions

Securing HPC systems:

deploy head nodes and route all outside traffic through them, isolating parts of a system

“fingerprint” HPC systems to undersatnd use, and detect anomalous behavior

Question 41

Edge and fog computing

Answer 41

philosophy of network design where data and compute resources are located as close as possible, at or near the network edge, to optimize bandwidth use while minimizing latency

Securing edge computing:

this technology creates additional network edges that result in increased levels of complexity

visibility, control, and correlation requires a Zero Trust access-based approach to address security on the LAN edge, WAN edge and cloud edge, as well as network management

IoT devices collect data and transfer data to Central location for processing

Question 42

VM escape and VM sprawl

Answer 42

occurs when software within a guest OS is able to breach the isolation protection provided by the hypervisor

Org deployed numerous vm without IT management

Question 43

Explain 3 types of key exchange

Answer 43

Three main methods are used to exchange secret keys:

offline distribution

public key encryption, and

the Diffie-Hellman key exchange algorithm

Question 44

Key escrow

Answer 44

Key escrow: process or entity that can recover lost or corrupted cryptographic keys

multiparty key recovery: when two or more entities are required to reconstruct or recover a key

m of n control: you designate a group of (n) people as recovery agents, but only need subset (m) of them for key recovery

split custody: enables two or more people to share access to a key (e.g. for example, two people each hold half the password to the key)

Key rotation: rotate keys (retire old keys, implement new) to reduce the risks of a compromised key having access

Question 45

Ciphertext only attack

Answer 45

attack where you only have the encrypted ciphertext message at your disposal (not the plaintext)

If you have enough ciphertext samples, the idea is that you can decrypt the target ciphertext based on the ciphertext samples
One technique proves helpful against simple ciphers is frequency analysis (counting the number of times each letter appears in the ciphertext)

Question 46

Known plaintext

Answer 46

this attack, the attacker has a copy of the encrypted message along with the plaintext message used to generate the ciphertext (the copy); this knowledge greatly assists the attacker in breaking weaker codes

Question 47

Frequency analysis

Answer 47

attack where the characteristics of a language are used to defeat substitution ciphers

For example in English, the letter “E” is the most common, so the most common letter in an encrypted cyphertext could be a substitution for “E”

Other examples might include letters that appear twice in sequence, as well as the most common words used in a language

Question 48

Chosen ciphertext and differential analysis

Answer 48

chosen ciphertext attack, the attacker has access to one or more ciphertexts and their plaintexts; i.e. the attacker has the ability to decrypt chosen portions of the ciphertext message, and use the decrypted portion to discover the key

type of chosen plaintext attack, is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions; in the broadest sense, it is the study of how differences in information input can affect the resultant difference at the output advanced methods such as differential cryptanalysis are types of chosen plaintext attacks;
as an example, an attacker may try to get the receiver to decrypt modified ciphertext, looking for that modification to cause a predictable change to the plaintext

Question 49

Large scale parallel data system and types

Answer 49

Computation system designed toBreaking large tasks into smaller ones by OS

Symmetric multiprocessing: common OS shared by processors
Asymmetric multiprocessing: processor operating independently of each other, dedicated data bus and memory

Question 50

Grid computing

Answer 50

Members of grid can join and leave grid where multiple processors group till work on a specific processing goal

Question 51

P2P

Answer 51

Distributed Application solutions that share tasks among peers

Question 52

ICS and it’s components

Answer 52

DCS: Need to gather data and implement control over a single location is essential - state driven and process focussed, interconnect several PLC
PLC : Single purpose or focused purpose to manage computers
SCADA (HMI): to manage large scale physical area to monitor wide range of PLC’s and DCS

Question 53

Distributed systems

Answer 53

Collection of systems to provide a service

Think DOS attack

Question 54

Blockchain

Answer 54

Collection of ledgers of records, transactions, timestamp working in distributed environment and each time there is change in records the ledger is updated and hashed in all the distributed systems

Question 55

Static system

Answer 55

No updates once built-in like ATM, gaming console

Question 56

Infrastructure as code

Answer 56

Hardware management to be treated the same as software code with proper version control, testing etc

Question 57

Immutable architecture

Answer 57

Pet versus cattle

Question 58

Elasticity and scalability in cloud computing

Answer 58

H/w characteristics:Expansion or contraction of resources to meet needs

S/W characteristics: Handle more tasks or workload

Question 59

VDI and types

Answer 59

Reduce security risk by hosting desktop and workstation OS

Persistent: customisable for user
Non persistent: if user makes changes it rolls back to default state

Question 60

MDM and UEM

Answer 60

To centrally manage mobile devices

To control mobile, IoT

Question 61

Context aware authentication

Answer 61

Geo-tagging, unrecognisable browser like logging into Google from cafe

Question 62

Geo location, geo tagging , geo fencing

Answer 62

Location services, automatically implementation of features

Question 63

Rooting in mobile devices

Answer 63

Break drm and to operate mobile device in full prevlige

Question 64

Mobile key management

Answer 64

Good key selection is based on rng’s

Best option is micro sd hsm or tpm

Question 65

Byod, cyod, coms, co-pe

Answer 65

Co-pe : User can use for work and activities

Cyod: list of approved devices and policy to be implemented

Coms: company purchase and support their security policy

Question 66

Covert channe andl types

Answer 66

Method of data transfer not designed for

Passing info on the path that’s not normally used for communication hence can’t be protected

Timing channel: modifying resources timing

Storage channel: Writing data to an area where another process can read it

Question 67

Rootkits

Answer 67

Embeds within OS or gain full control over a system with a combination of lateral movement and remain undetected

Question 68

Data didling , salami attack and incremental attacks

Answer 68

Modify transaction or make minor changes or delete files incrementally or slicing each time

Question 69

Secure facility

Answer 69

Risk analysis
Critical path analysis: critical process and operations

Secure facility plan: outlines the security needs of your organization and emphasizes methods or mechanisms to employ to provide security, developed through risk assessment and critical path analysis
critical path analysis (CPA): a systematic effort to identify relationships between mission-critical applications, processes, and operations and all the necessary supporting components
During CPA, evaluate potential technology convergence: the tendency for various technologies, solutions, utilities, and systems to evolve and merge over time, which can result in a single point of failure
A secure facility plan is based on a layered defense model

Question 70

Industrial camouflage

Answer 70

Make it look like a food retail

Question 71

CPTED

Answer 71

Crime Prevention Through Environmental Design (CPTED): a well-established school of thought on “secure architecture”

core principle of CPTED is that the design of the physical environment can be managed/manipulated, and crafted with intention in order to create behavioral effects or changes in people present in those areas that result in reduction of crime as well as a reduction of the fear of crime

CPTED stresses three main principles:

Natural surveillance
Natural actress control
Natural territorial reinforcement

Question 72

Power problem types

Answer 72

Commercial power problem types:

fault: momentary loss of power

blackout: complete loss of power

sag: momentary low voltage

brownout: prolonged low voltage

spike: momentary high voltage

surge: prolonged high voltage

inrush: initial surge of power associated with connecting to a power source

Question 73

Fire stages:

Answer 73

Stage 1: incipient stage: at this stage, there is only air ionization and no smoke
Stage 2: smoke stage: smoke is visible from the point of ignition
Stage 3: flame stage: this is when a flame can be seen with the naked eye
Stage 4: heat stage: at stage 4, there is an intense heat buildup and everything in the area burns

Question 74

Fire extinguisher class

Answer 74

Fire extinguisher classes:
Class A: common combustibles
Class B: liquids
Class C: electrical
Class D: metal
Class K: cooking material (oil/grease)

Question 75

4 main types of suppression system

Answer 75

Four main types of suppression:
wet pipe system: (AKA closed head system): is always filled with water. water discharges immediately when suppression is triggered
dry pipe system: contains compressed inert gas
preaction system: a variation of the dry pipe system that uses a two-stage detection and release mechanism
deluge system: uses larger pipes and delivers larger volume of water

Question 76

Zero trust components which needs to be protected

Answer 76

Verify identity
Manage devices
Manage apps
Protect data

Question 77

SOAR

Answer 77

Centralised alert and response automation with threat specific playbooks (Response automation) whereas SIEM monitoring automation

Question 78

MTTF, MTTR and MTBF

Answer 78

MTTF is time taken for the equipment to fail

MTTR time taken to repair after fault occurs

MTBF time taken to fail after subsequent failure

Question 79

Proximity devices

Answer 79

• Passive proximity device
• Field powered proximity device: EM
• Transponder : press of a button it opens

Question 80

Intrusion alarm

Answer 80

Deterrent
Repellent
Notification alarm

Question 81

Power considerations

Answer 81

Surge protectors
Power conditioner
Ups - Double conversion and line interactive - voltage regulators and surge protectors
Generator
Battery backup

Question 82

Properties of Reference monitors concept

Answer 82

Isolation
Verifiable
Completness

Question 83

2 methods of process isolation

Answer 83

Memory segmentation

Time division multiplexing

Question 84

Difference between siem and soar

Answer 84

Siem is notification vs soar is response analysis

Question 85

Grid computing vs fog computing

Answer 85

Centralised Vs gateway devices to collect data

Question 86

CASB

Answer 86

Security policy enforcement

Shadow IT prevention

Question 87

Key clustering

Answer 87

2 keys using same algorithm to give same result

Same as collision

Question 88

Meet in middle

Answer 88

Attacker needs 2 rounds of encryption

Question 89

3 key major PK cryptography

Answer 89

RSA - Factoring

El Gamal - less common than RSA

Elliptic curve - Discrete Algorithm provides more security than other algorithms when both are used with keys of the same length

Question 90

Functional order of security controls

Answer 90

Deter

Deny

Detect

Delay

Determine

Decide

Question 91

3 ways Cipher text coverts plaintext ?

Answer 91

Ciphers convert messages from plaintext to ciphertext on a bit basis (that is, a single digit of a binary code), character basis (that is, a single character of an ASCII message), or block basis (that is, a fixed-length segment of a message, usually expressed in number of bits).

Question 92

Does digital signature provide confidentiality? If yes or no how does it provide ?

Answer 92

No it does not it only provide AIN and if you want to provide confidentiality then message has to be encrypted using receiver public key

Question 93

In PKI why & how can CA protect their own private keys ?

Answer 93

Certificate authorities must carefully protect their own private keys to preserve their trust relationships. To do this, they often use an offline CA to protect their root certificate, the top- level certificate for their entire PKI. This offline CA is disconnected from networks and pow- ered down until it is needed. The offline CA uses the root certificate to create subordinate intermediate CAs that serve as the online CAs used to issue certificates on a routine basis.

.

Question 94

What is certificate chaining?

Answer 94

In the CA trust model, the use of a series of intermediate CAs is known as certificate chaining. To validate a certificate, the browser verifies the identity of the intermediate CA(s) first and then traces the path of trust back to a known root CA, verifying the identity of each link in the chain of trust

Question 95

What is difference between allow listing and deny listing in firewall etc. ?

Answer 95

Application allow listing (previously known as whitelisting ) is a security option that pro- hibits unauthorized software from being able to execute. Allow listing is also known as deny by default or implicit deny .

This is a significant departure from the typical device-security stance, which is to allow by default and deny by exception (also known as deny listing or block listing, previ- ously known as blacklisting)