Domain 3 Flashcards

Question 1

Q

Shared Responsibility Model
On-Prem
(How Responsibility is delegated)

Answer

A

You 100%
- Apps
- Data
- Runtime
- Middleware
- OS
- Virtualization
- Servers
- Storage
- Networking

Question 2

Q

Shared Responsibility Model
IaaS
(How Responsibility is delegated)

Answer

A

You 50%
- Apps
- Data
- Runtime
- Middleware
- OS

Cloud Service Provider 50%
- Virtualization
- Servers
- Storage
- Networking

Question 3

Q

Shared Responsibility Model
PaaS
(How Responsibility is delegated)

Answer

A

You 25%
- Apps
- Data

Cloud Service Provider 75%
- Runtime
- Middleware
- OS
- Virtualization
- Servers
- Storage
- Networking

Question 4

Q

Shared Responsibility Model
SaaS
(How Responsibility is delegated)

Answer

A

Cloud Service Provider 100%
- Apps
- Data
- Runtime
- Middleware
- OS
- Virtualization
- Servers
- Storage
- Networking

Question 5

Q

Public Cloud
(Name the Pros)

Answer

A

Everything runs on CSP hardware

Scalable, Agile, pay-as-you-go, no maintenance, low skill

Question 6

Q

Private Cloud
(Name the Pros)

Answer

A

A cloud env in your own data center

legacy support, control, compliance

Question 7

Q

Hybrid Cloud
(Name the Pros)

Answer

A

Combines both Public / Private, allows you to run your apps in the right location

flexibility in legacy / compliance / scalability

Question 8

Q

Cloud Access Security Broker (CASB)

Answer

A

Security policy enforcement solution that may be install On-prem or in the cloud

Shadow IT Prevention

Question 9

Q

Post-Quantum Cryptography

Answer

A

Developing new cryptographic approaches developed by normal computers to be resilient to Quantum computers

How well do current encryption hold up to Quant?

Question 10

Q

Post-Quantum Cryptography
Symmetric Encryption

Answer

A

Does better
Grovers Algorithm: Shows Quant computer halve key length
- 256 bit key is as strong as a 128 bit to a normal computer

Question 11

Q

Post-Quantum Cryptography
Asymmetric Encryption

Answer

A

Does worse
Shor’s Algorithm: can easily break public key algos
- RSA & Elliptic Curve is vulnerable
- Lattice offers resilience

Question 12

Q

Post-Quantum Cryptography
Lattice Algorithms

Answer

A

Based on shortest vector problem and closest vector problem
- potential to replace all current endangered schemes
- Lattice based schemes make up most publications on post-quant crypto

TIP: If a ?’s ask ab a “asymmetric encryption” that is “quant resilient”, answer is Lattice

Question 13

Q

Cryptography
Code

Answer

A

Crypto system of symbols that operate on words or phrases and are sometimes secret but do NOT ensure confidentiality

Question 14

Q

Cryptography
Cypher

Answer

A

Always meant to hide true meaning

Question 15

Q

Types of Cyphers
Stream

Answer

A

Symmetric key, plaintext combined with cypher digit stream ( key stream ) . Each plaintext digit is encrypted one at a time with the corresponding digit on keystream to produce cipher text stream

Question 16

Q

Types of Cyphers
Block

Answer

A

encrypts plain text in blocks at a time, like 64- bits

Question 17

Q

Types of Cyphers
Substitution

Answer

A

replace each character with a different one. Ex ceasar cipher

Question 18

Q

Types of Cyphers
Transposition

Answer

A

Shuffle each digit

Question 19

Q

Initialization Vector (IV)

Answer

A

( Random Number ) a random string ( nonce ) that is XORed with message

used by ceasar, Vigenere, One time Pad
- main diff bt them is key length
- 1 char > word / sentence > one time pad

Question 20

Q

One Time Pad

Answer

A

Type of substitution cypher where key stream is at least as long as the message.

Success needs:
- generated randomly
- at least as long as message
- protected from disclosure
- Pad used once then deleted

Question 21

Q

Zero Knowledge Proof

Answer

A

specific info is exchanged but no real data transferred, only with digital signatures and certs

Prove knowledge of a fact without revealing the fact

Question 22

Q

Split knowledge

Answer

A

The privilege required to do operation is divided among multiple users

no single person can comprimise security

Question 23

Q

Work Function (Work Factor)

Answer

A

Way to measure strength of crypto function by cost / time to decrypt message

Question 24

Q

Nonrepudiation

Answer

A

provide undeniable proof that sender actually authored it.

prevents sender from denying it

Question 25

Q

DES Modes
Electronic Codebook Mode (ECB)

Answer

A

Least Secure, encrypts 64 bit blocks with the same key.

if same block in plaintext, same ciphertext generated

Question 26

Q

DES Modes
Cipher Block Chaining (CBC)

Answer

A

Plaintext XORed with Cipher text immediately preceding

Question 27

Q

DES Modes
Cipher Feedback (CFB)

Answer

A

Streaming version of CBC, Works on data in real time, used memory buffers of same block size. When buffer fills, data is encrypted and transmitted. Uses chaining, so errors propagate.

Question 28

Q

DES Modes
Output Feedback (OFB)

Answer

A

Similar to CFB, XORs plaintext with seed value. No chaining so less propagated errors

Question 29

Q

DES Modes
Counter (CTR)

Answer

A

Uses incrementing counter rather than a seed

Question 30

Q

Key Clustering

Answer

A

Weakness where same ciphertext is generated from 2 different keys

Question 31

Q

Asymmetric Key Types
Hash Function Requirements

Answer

A

Inputs of any length
Fixed length outputs
Relatively easy to compute hash for any input
Provide 1 way functionality
Collision Free

Question 32

Q

Asymmetric Key Types
Rainbow Tables

Answer

A

Pre-computed values to ID common passwords

Question 33

Q

Asymmetric Key Types
Salt

Answer

A

Random data added to hash input.
- salts reduce effectiveness of rainbow tables

Question 34

Q

Asymmetric Key Types
Digital Signature Standard (DSS)

Answer

A

Uses SHA-1, SHA-2, SHA-3, message digest functions.

Works in conjunction with 1 of 3:
1. Digital Signature Algorithm (DSA)
2. Rivest, Shamir, Alderman (RSA)
3. Elliptic Curve DSA (ECDSA)

Question 35

Q

Public Key Infrastructure (PKI)
Certificate Authorities (CA)

Answer

A

Body’s that generate Digital Certificates containing public keys of systems’ Users

Users distribute certs to who they want to talk to
Cert recipient verify a cert using CA’s public key

Question 36

Q

Securing Web Traffic
Email (Protocols)

Answer

A

S/MIME
Pretty Good Privacy (PGP)

Question 37

Q

Securing Web Traffic
Web (Protocols)

Answer

A

HTTP over Transport Layer Security (TLS)

replacing SSL

Question 38

Q

Securing Web Traffic
Network

Question 39

Q

Securing Web Traffic
IPsec

Answer

A

Architecture framework that supports secure communications over IP

Establishes a secure channel in either transport mode or tunnel mode
Can be used to establish direct comms between computers over VPN
Uses 2 Protocols

Authentication Header (AH)
Encapsulating Security Payload (ESP)

Question 40

Q

Digital Rights Management (DRM)

Answer

A

Allow conent owners to enforce restriction on use of their content by others

Common in entertainment industry
Sometime protects sensitive info stored in docs

Question 41

Q

Top 3 Public Key Cryptosystems
RSA

Answer

A

Factoring product of prime numbers

Question 42

Q

Top 3 Public Key Cryptosystems
El Gamal

Answer

A

Modular arithmetic

Question 43

Q

Top 3 Public Key Cryptosystems
Elliptic Curve

Answer

A

Elliptic curve discrete logarithm problem and provides more security than the other 2

Question 44

Q

Digital Signature

Answer

A

Rely on public key crypto / hashing

MUST use SHA-2+ hashing

Currently approved:
- DSA
- RSA
- Elliptic Curve DSA

Question 45

Q

Security Model

Answer

A

Used to determine how security is implemented

Formalize security Policy
enforce CIA triad
models lay out broad guidelines
up to devs to decide how its functionally implemented

Top –> Down
- Security Policy
- Security Model
- Program Code
- OS

Question 46

Q

State Machine Model (SMM)

Answer

A

System is always secure, no matter what state it is in
- Based on FSM
- State - snapshot of a system
- if each state transition results in another secure state = SMM

Question 47

Q

Information Flow Model (IFM)

Answer

A

Based on SMM, focused on flow of information

Biba = Flow from low to hight security level
**Bell - LaPadula = prevent info from high to low

Question 48

Q

Non-Interference Model

Answer

A

How actions f high level affect system state of action at a low level

ensures actions dont interfere with each other

Question 49

Q

Lattice Based Models

Answer

A

Interactions between

objects - resources, computers, apps
subjects - users, groups, orgs

Used to ID levels of security for obj / subj

Question 50

Q

3 Properties for Models

Answer

A

Simple - Rules for read
Star - Rules for write
3, Invocation - Rules for calls to subjects

Question 51

Q

Security Models
Biba

Answer

A

Based on Integrity
No Read down, no write up

Lattice Based
Simple integrity = “no read down”
Star integrity = “no write up

Question 52

Q

Security Models
Bell-LaPeluda

Answer

A

Based on Confidentiality
No read up, no write down

SMM enforces Confidentiality
Uses Mandatory Access Controls
Simple security policy “no read up”
Star property “no write down”
Lattice Based

Question 53

Q

Security Models
Clark - Wilson

Answer

A

Integrity
Access Control Triple, uses security labels to access objects

Question 54

Q

Security Models
Goguen- Meseguer

Answer

A

Integrity
Non-interference

Question 55

Q

Security Models
Sutherland

Answer

A

Integrity
Prevent interference, info flow / SMM

Question 56

Q

Security Models
Brewer + Nash

Answer

A

Confidentiality
“Chinese Wall”

Prevents conflict of interest

Question 57

Q

Security Models
Take Grant

Answer

A

Confidentiality
uses “direct graph”

Supports 4 operations:
1. Take
2. Grant
3. Create
4. Revoke

Question 58

Q

Security Model: Clark - Wilson
Constrained Data Item (CDI)

Answer

A

data item who integrity is protected by the security model

Question 59

Q

Security Model: Clark - Wilson
Unconstrained Data Item (UDI)

Answer

A

data item that is NOT controlled by security model

Question 60

Q

Security Model: Clark - Wilson
Integrity Verification Procedure (IVP)

Answer

A

a procedure that scans data items and confirms their integrity

Question 61

Q

Security Model: Clark - Wilson
Transformation Procedure (TP)

Answer

A

Only process allowed to modify a CDI

Question 62

Q

Security Model: Clark - Wilson
Access Control Triplet

Answer

A

Authenticated Principal (User / Subjects)
Programs (TPs)
Data Items (UDIs + CDIs) (objects)

Question 63

Q

Security Models
Graham - Denning Model

Answer

A

Protection rules where each object has an owner and controller

focus on secure creation and deletion of both subject and object
8 primary protection rules:

Securely create object
Securely create subject
Securely delete object
Securely delete subject
Securely provide the read access
Securely provide the grant access
Securely provide the delete access
Securely provide the transfer access

Question 64

Q

Symmetric Cryptography Algorithms Table

Answer 63

A

Security clearance that permits access to ALL info processed by system, approval for ALL info processed by system, and valid need-to-know for ALL info processed by system

Answer 64

A

Can process info at different levels even when all system users do not have the required security clearance to access all info processed by the system

Answer 65

A

Each user must have valid security clearance, access approval for ALL info processed by system, and valid need-to-know for at least SOME info on the system. Offers most granular control over resources and users of thew modes

Answer 66

A

Goes one step further than system high mode

Each user must have a valid security clearance access approval for ALL INFO processed by system, but requires valie need-to-know for ALL INFO they will have access to on the system

Answer 67

A

A combination of hardware, software and controls that work together to form a “trusted” base” to enforce your security policy.

Is a subset of the complete information system.
is the only portion that can be trusted to adhere to and enforce your security policy
TCB must create secure channels ( trusted paths ) to communicate withthe rest of the system
Protects subject from comprimise as a result of TCB interchange

Answer 68

A

An imaginary boundary that separates TCB from the rest of the system.

Answer 69

A

the logical part of the TCB that confirms whether a subject has the right to use a resource prior to granting access

Enforces access control

Answer 70

A

The collection of the TCB components that implement the functionality of the reference monitor.

Implements access control

Answer 71

A

Enables and objective evaluation to validate that a particular product or system satisfies a defined set of security requirements

Has replaced TCSEC and ITSEC

Answer 72

A

A structured set of criteria for evaluating computer security within products and systems

Answer 73

A

Initial attempt to create a security eval criteria in Europe. Uses 2 scales to rate functionality and assurance

Answer 74

A

Assumptions & Security Policies
1. Description of Assets
2. ID of Threats

Safety Risk Analysis
3. Analysis & Rating of Threats

System & Environment Objectives
4. Determination of Security Objectives
5. Selection of Security Functional Requirements
6. Repeat

Two Flavors
1. community Protection Profile (cPP) = black box
2. Evaluation Assurance Level (EAL) = white box

Answer 75

A

Video 3:05:28

Answer 76

A

A method used to pass info over a path that is not normally used for comms.

It may not be protected by the system’s normal security controls

Two Types
1. Covert Timing - based on time it takes to access components: paging rate, transaction time
2. Covert Storage - Out of band storage used to convey a message: ICMP protocol uses extra storage in Ping packet to relay info

Answer 77

A

A Chip that is on the motherboard of a device

Multi-purpose, like storage and mnmgt of keys used for full disk encryption (FDE) solutions
Provides OS with access to keys, but prevent drive removal and data access

Answer 78

A

Enforces an access policy that is determined by the system, not the object owner.

Relies on classification labels that are representative of security domains and realms

KEY POINT
- Every object and subject has one or more labels. These labels are predefined, and the system determines access based on assigned labels
- Refered to as lattice-based model

Answer 79

A

Permits the owner or creator of an object to control and define its accessibility, because the owner has full control by default

determined by owner

Answer 80

A

Enables the enforcement of system-wide restrictions that override object-specific access control.

System wide

Answer 81

A

Defines specific functions for access to requested objects. Commonly found in firewall systems

Applies global rules that apply to all subjects. (restrictions or filters)

Answer 82

A

Uses a well-defined collection of named job roles to endow each one with specific permissions, thereby seeking to ensure that users who occupy such roles can access what they need to get their jobs done.

Answer 83

A

Various classification labels are assigned ina ordered structure from low to medium to high security

Answer 84

A

Requires specific security clearances over compartments or domains instead of objects

Answer 85

A

Contains level with compartments that are isolated from the rest of the security domain.

Combines hierarchical and compartmentalized environments so that security levels have submcompartments

Answer 86

A

Technical Evaluation of each part of a computer system to assess is in agreement with security standards

Answer 87

A

The process of formal acceptance of a certified config from a designated authority.

Answer 88

A

Are designed using industry standards and are usually easy to integrate with other open systems

Answer 89

A

Are generally proprietary hardware and / or software.

The specifications are NOT normally published and they are usually harder to integrate with other systems

Answer 90

A

Restricts a process to reading from and writing to certain memory location

Answer 91

A

The limits of memory a process cannot exceed when reading or writing

Answer 92

A

The mode a process runs in when it is confined through the use of memory bounds

Answer 93

A

Something you:
- Know (pin / password)
- Have (trusted device)
- Are (biometric)

Answer 94

A

The process of proving that you are who you say you are

Identity control

Answer 95

A

The act of granting an authenticated part permission to do something

Access control

Answer 96

A

Simultaneous execution of more that one app on a computer and is managed byt the OS

Answer 97

A

Permits multiple concurrent tasks to be performed within a single process.

Answer 98

A

The use of more than one processor to increase computing power

Answer 99

A

Similar to multitasking, but takes place on mainframe systems and requires specific programming

Answer 100

A

Applications operate in a limited instruction set environment known as user mode

Answer 101

A

Controlled operation are performed in privileged mode, also known as system mode, kernel mode, and supervisory mode.

Answer 102

A

Read-only. Contents burned in at factory

Answer 103

A

Static RAM (SRAM) uses flip flops, dynamic RAM (DRAM) uses capacitors

Answer 104

A

Programmable chip similar to ROM, with several sub-types

Answer 105

A

Erasing, Clearing (overwriting with unclassified data)

Two Types:
1. Ultraviolet EPROM (UVEPROM): Chip have a small window tha4t, when illuminated with a special UV light, erases contents
2. Electronically Erasable PROM (EEPROM) Uses electric voltages delivered to the pins of the chip to force erasure. *more flexible alternative to UVEPROM)

Answer 106

A

Derivative concept from EEPROM. Nonvolatile can be electronically erased and rewritten

Answer 107

A

same as memory

Answer 108

A

Consists of magnetic, flash, and optical media that mus be first read into primary memory before the CPU can use the data

Answer 109

A

can be read at any pointSecurity Issues With Storage

Answer 110

A

require scanning through all the data physically stored before the desired location

Answer 111

A

Removable media can be used to steal data
Access controls and encryption must be applied to protect data
Data can remain on the media even after file deletion or media formatting

Answer 112

A

Subject to eavesdropping and tapping
Used to smuggle data out of an org
Used to create unauthorized / insecure points of entry to a orgs system and networks

Answer 113

A

Software stored on a ROM chip, containing basic instructions needed to start a computer. Also used to provide operating instructions in peripheral devices such as printers

Answer 114

A

ensures that individual processes can access only their own data

Answer 115

A

Creates different realms of security within a process and limits communication between them

Answer 116

A

Creates **black-box* interfaces for programmers to use without requiring knowledge of an algorithms or device inner workings

Answer 117

A

Prevents information from being read from a different security level. Hardware segmentation enforces process isolation with physical controls.

Answer 118

A

To inform and guide the design, development, implementation, testing, and maintenance of some particular system

Answer 119

A

Also known as Virtual Machine Monitor (VMM) is the component of virtualization that creates, manages, and operates the VMs

Two Types
1. Type I hypervisor: A native or bare-metal hypervisor. In this config, there is no host OS; instead the hypervisor installs directly onto the hardware where the host OS would normally reside
2. Type II hypervisor: A hosted hypervisor. in this config a standard regular OS is present on the hardware, and the hypervisor is then installed as another software application.

Answer 120

A

A cloud provider concept in which security is provided to an org through or by an online entity

Answer 121

A

Mobile devices that offer customization options, typically thru installing apps and may use on-device or in-the-cloud AI processing

Answer 122

A

The range of potential security options or features that may be available for a mobile device. security features include full device encryption, remote wiping, lockout, screen loicks, GPS, app control etc

Answer 123

A

Typically designed around a limited set of specific functions in relation to the larger product of which its a component

needs security management

Answer 124

A

applications, OSs, hardware sets, or networks that are configured for a specific need, capability, or function and then set to remain unaltered

needs security management

Answer 125

A

Ensures that only a minimum number of processes are authorized to run in supervisory mode.

Answer 126

A

Increases the granularity of secure operations

Answer 127

A

Ensures that an audit trail exists to trace operations back to their source

Answer 128

A

Occurs when the programmer fails to check the size of input data prior to writing the data in a specific memory location.

Answer 129

A

leaving back doors
leaving privileged programs on a system after it is deployed.
Time-of-check-to-time-of-use (TOCTTOU) attacks: any state change presents an opportunity for an attacker to compromise a system

Answer 130

A

Deterrence - discourage any malicious actions
Denial - Deny malicious action
Detection - Detect and track activity
Delay - Delay the progress
Determine - the cause of the incident and figure out what is happening
Decide - decide on the response to implement

If one fails move to next

Answer 131

A

Include policies and procedures like
- site management
- personnell controls
- awareness training
- emergency response

Answer 132

A

Implemented through technology like
- access controls
- intrusion detection
- alarms
- CCTV
- monitoring
- HVAC
- power supplies
- Fire detection / suppression

Answer 133

A

Fencing
Lighting
Locks
Construction materials
Mantraps
Dogs
Guards

Answer 134

A

3-4 Feet: deters casual trespasser
6-7 ft: to hard to climb easy
8 ft (w/barbed wire) - will deter intruders

Answer 135

A

Humidity: 40-60% ideal
Temps: for computers 60-75degF. Damage at 175degF. Manage storage devices damaged at 100F

Answer 136

A

Prolonged loss of power

Answer 137

A

Prolonged low voltage

Answer 138

A

short loss of power

Answer 139

A

Prolonged high voltage

Answer 140

A

Temporary high voltage

Answer 141

A

Temporary low voltage

Answer 142

A

8 feet hight with 2 feet candle power

Answer 143

A

Too much humidity can cause corrosion. Too litte causes static electricity even on non-static carpet, low humidity can generate 20,000-volt static discharge!

Answer 144

A

Common combustibles such as wood, paper, etc. Shjould be extinguised with water or soda acid

Answer 145

A

Buring alcohol, oil, other petroleum products such as gasoline. Extinguished with gas or soda acid

Answer 146

A

Electrical fires. Must be extinguished with non-conductive agaent like any type of gas

Answer 147

A

Burning metals. Extinguished by dry powder

Answer 148

A

Kitchen fires. Extinguished by wet chemicals

Answer 149

A

Smoke sensing
Flame sensing
Heat sensing

Answer 150

A

Generated by the difference in power between the hot and ground wires of a power source.

Answer 151

A

Generated by a difference in power in the hot and neutral wires of a power source

Answer 152

A

The source of interference that is generated by electrical appliances, light sources, electrical cables and circuits etc

Answer 153

A

Storage devices

Answer 154

A

Any electronic or computer component

Answer 155

A

Cause short circuits, initiate corrosion, or otherwise render equipment useless

Answer 156

A

Good for areas with people and computers

Use closed sprinkler heads and the pipe is charged with compressed air instead of water. The water is held in check by an electrically operated sprinkler valve and the compressed air

Answer 157

A

Filled with water.

Answer 158

A

have closed sprinkler heads. filled with compressed air. The water us held back by a valve that remains closed as long as sufficient air pressure remains in the pipes

used where water is likely to freeze

Answer 159

A

Similar to dry pipes, except the sprinkler heads are open and larger than dry pipe heads. The pipes empty at normal air pressure, the water is held back by a deluge valve

Answer 160

A

More effective than water discharge systems but should not be used where people are because it removes oxygen from the air

Halon effective but bad for the environment (ozone-depleting), turns to toxic gas at 900F.

Answer 161

A

(Cipher lock) Something you Know

Answer 162

A

Something you have

Answer 163

A

Something you are

Answer 164

A

Easily picked / bumped and keys easily duplicated

Answer 165

A

Expensive, harder to pick, & Keys not easily duplicated

Answer 166

A

Visibility
Composition of the surrounding area,
area accessibility
effects of natural disasters

Answer 167

A

Understanding level of security needed by your orgs and planning for it before construction begins

Answer 168

A

should NOT be equal access to all locations
Valuable and confidential assets should be located in the center of protection
Centralized server / computer rooms do not need to be human compatible

Answer 169

A

Propping open secured doors and bypassing locks or access controls

Answer 170

A

Using someone elses ID badge to get in

Answer 171

A

Following someone through a secured door without swiping your badge

Answer 172

A

prevent physical unauthorized access

Answer 173

A

escort assigned to visitor
Tracking actions

Answer 174

A

locked cabinets / safes
dedicated / isolated storage facilities
offline storage
access restrictions / activity tracking
hash management and encryption

Answer 175

A

Type of self charging battery that can be used to :
- supply consisten and clean power
- supply power in the event of a power failure

Answer 176

A

Uses rules that can include multiple attributes.
- Allows it to be more flexible than rule based model that applies rules to all subjects equally
- Often used by Software Defined Networks (SDNs)