Domain 3 Flashcards
- Matthew is the security administrator for a consulting firm and must enforce access controls that restrict users’ access based upon their previous activity. For example, once a consultant accesses data belonging to Acme Cola, a consulting client, they may no longer access data belonging to any of Acme’s competitors. What security model best fits Matthew’s needs?
a. Clark-Wilson
b. Biba
c. Bell-LaPadula
d. Brewer-Nash
D. The Brewer-Nash model allows access controls to change dynamically based upon a user’s actions. It is often used in environments like Matthew’s to implement a “Chinese wall” between data belonging to different clients.
- Referring to the figure shown below, what is the earliest stage of a fire where it is possible to use detection technology to identify it?
Image reprinted from CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 7th Edition © John Wiley & Sons 2015, reprinted with permission.
a. Incipient
b. Smoke
c. Flame
d. Heat
A. Fires may be detected as early as the incipient stage. During this stage, air ionization takes place and specialized incipient fire detection systems can identify these changes to provide early warning of a fire.
- Ralph is designing a physical security infrastructure for a new computing facility that will remain largely unstaffed. He plans to implement motion detectors in the facility but would also like to include a secondary verification control for physical presence. Which one of the following would best meet his needs?
a. CCTV
b. IPS
c. Turnstiles
d. Faraday cages
A. Closed circuit television (CCTV) systems act as a secondary verification mechanism for physical presence because they allow security officials to view the interior of the facility when a motion alarm sounds to determine the current occupants and their activities.
- Harry would like to retrieve a lost encryption key from a database that uses m of n control with m = 4 and n = 8. What is the minimum number of escrow agents required to retrieve the key?
a. 2
b. 4
c. 8
d. 12
B. In an m of n control system, at least m of n possible escrow agents must collaborate to retrieve an encryption key from the escrow database.
- Fran’s company is considering purchasing a web-based email service from a vendor and eliminating its own email server environment as a cost-saving measure. What type of cloud computing environment is Fran’s company considering?
a. SaaS
b. IaaS
c. CaaS
d. PaaS
A. This is an example of a vendor offering a fully functional application as a web-based service. Therefore, it fits under the definition of Software as a Service (SaaS). In Infrastructure as a Service (IaaS), Compute as a Service (CaaS), and Platform as a Service (PaaS) approaches, the customer provides their own software. In this example, the vendor is providing the email software, so none of those choices are appropriate.
- Bob is a security administrator with the federal government and wishes to choose a digital signature approach that is an approved part of the federal Digital Signature Standard under FIPS 186-4. Which one of the following encryption algorithms is not an acceptable choice for use in digital signatures?
a. DSA
b. HAVAL
c. RSA
d. ECDSA
B. The Digital Signature Standard approves three encryption algorithms for use in digital signatures: the Digital Signature Algorithm (DSA); the Rivest, Shamir, Adleman (RSA) algorithm; and the Elliptic Curve DSA (ECDSA) algorithm. HAVAL is a hash function, not an encryption algorithm. While hash functions are used as part of the digital signature process, they do not provide encryption.
- Harry would like to access a document owned by Sally and stored on a file server. Applying the subject/object model to this scenario, who or what is the subject of the resource request?
a. Harry
b. Sally
c. Server
d. Document
A. In the subject/object model of access control, the user or process making the request for a resource is the subject of that request. In this example, Harry is requesting resource access and is, therefore, the subject.
- Michael is responsible for forensic investigations and is investigating a medium severity security incident that involved the defacement of a corporate website. The web server in question ran on a virtualization platform, and the marketing team would like to get the website up and running as quickly as possible. What would be the most reasonable next step for Michael to take?
a. Keep the website offline until the investigation is complete.
b. Take the virtualization platform offline as evidence.
c. Take a snapshot of the compromised system and use that for the investigation.
d. Ignore the incident and focus on quickly restoring the website.
C. Michael should conduct his investigation, but there is a pressing business need to bring the website back online. The most reasonable course of action would be to take a snapshot of the compromised system and use the snapshot for the investigation, restoring the website to operation as quickly as possible while using the results of the investigation to improve the security of the site.
- Helen is a software engineer and is developing code that she would like to restrict to running within an isolated sandbox for security purposes. What software development technique is Helen using?
a. Bounds
b. Input validation
c. Confinement
d. TCB
C. The use of a sandbox is an example of confinement, where the system restricts the access of a particular process to limit its ability to affect other processes running on the same system.
- What concept describes the degree of confidence that an organization has that its controls satisfy security requirements?
a. Trust
b. Credentialing
c. Verification
d. Assurance
D. Assurance is the degree of confidence that an organization has that its security controls are correctly implemented. It must be continually monitored and re-verified.
- What type of security vulnerability are developers most likely to introduce into code when they seek to facilitate their own access, for testing purposes, to software they developed?
a. Maintenance hook
b. Cross-site scripting
c. SQL injection
d. Buffer overflow
A. Maintenance hooks, otherwise known as backdoors, provide developers with easy access to a system, bypassing normal security controls. If not removed prior to finalizing code, they pose a significant security vulnerability if an attacker discovers the maintenance hook.
- In the figure shown below, Sally is blocked from reading the file due to the Biba integrity model. Sally has a Secret security clearance and the file has a Confidential classification. What principle of the Biba model is being enforced?
a. Simple Security Property
b. Simple Integrity Property
c. *-Security Property
d. *-Integrity Property
B. The Simple Integrity Property states that an individual may not read a file classified at a lower security level than the individual’s security clearance.
- Tom is responsible for maintaining the security of systems used to control industrial processes located within a power plant. What term is used to describe these systems?
a. POWER
b. SCADA
c. HAVAL
d. COBOL
B. Supervisory control and data acquisition (SCADA) systems are used to control and gather data from industrial processes. They are commonly found in power plants and other industrial environments.
- Sonia recently removed an encrypted hard drive from a laptop and moved it to a new device because of a hardware failure. She is having difficulty accessing encrypted content on the drive despite the fact that she knows the user’s password. What hardware security feature is likely causing this problem?
a. TCB
b. TPM
c. NIACAP
d. RSA
B. The Trusted Platform Module (TPM) is a hardware security technique that stores an encryption key on a chip on the motherboard and prevents someone from accessing an encrypted drive by installing it in another computer.
- Marcy would like to continue using some old DES encryption equipment to avoid throwing it away. She understands that running DES multiple times improves the security of the algorithm. What is the minimum number of times she must run DES on the same data to achieve security that is cryptographically strong by modern standards?
a. 2
b. 3
c. 4
d. 12
B. Running DES three times produces a strong encryption standard known as Triple DES, or 3DES. In order for this to provide additional security, DES must also be run using at least two different keys. NIST recommends use of three independent keys for the strongest version.
Questions 16–19 refer to the following scenario.
Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority.
- If Alice wishes to send Bob an encrypted message, what key does she use to encrypt the message?
a. Alice’s public key
b. Alice’s private key
c. Bob’s public key
d. Bob’s private key
C. In an asymmetric cryptosystem, the sender of a message always encrypts the message using the recipient’s public key.
Questions 16–19 refer to the following scenario.
Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority.
- When Bob receives the encrypted message from Alice, what key does he use to decrypt the message?
a. Alice’s public key
b. Alice’s private key
c. Bob’s public key
d. Bob’s private key
D. When Bob receives the message, he uses his own private key to decrypt it. Since he is the only one with his private key, he is theB.
Questions 16–19 refer to the following scenario.
Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority.
- Which one of the following keys would Bob not possess in this scenario?
a. Alice’s public key
b. Alice’s private key
c. Bob’s public key
d. Bob’s private key
B. Each user retains their private key as secret information. In this scenario, Bob would only have access to his own private key and would not have access to the private key of Alice or any other user.
Questions 16–19 refer to the following scenario.
Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority.
- Alice would also like to digitally sign the message that she sends to Bob. What key should she use to create the digital signature?
a. Alice’s public key
b. Alice’s private key
c. Bob’s public key
d. Bob’s private key
B. Alice creates the digital signature using her own private key. Then Bob, or any other user, can verify the digital signature using Alice’s public key.
- What name is given to the random value added to a password in an attempt to defeat rainbow table attacks?
a. Hash
b. Salt
c. Extender
d. Rebar
B. The salt is a random value added to a password before it is hashed by the operating system. The salt is then stored in a password file with the hashed password. This increases the complexity of cryptanalytic attacks by negating the usefulness of attacks that use precomputed hash values, such as rainbow tables.
- Which one of the following is not an attribute of a hashing algorithm?
a. They require a cryptographic key.
b. They are irreversible.
c. It is very difficult to find two messages with the same hash value.
d. They take variable-length input.
A. Hash functions do not include any element of secrecy and, therefore, do not require a cryptographic key.
- What type of fire suppression system fills with water when the initial stages of a fire are detected and then requires a sprinkler head heat activation before dispensing water?
a. Wet pipe
b. Dry pipe
c. Deluge
d. Preaction
D. A preaction fire suppression system activates in two steps. The pipes fill with water once the early signs of a fire are detected. The system does not dispense water until heat sensors on the sprinkler heads trigger the second phase.
- Susan would like to configure IPsec in a manner that provides confidentiality for the content of packets. What component of IPsec provides this capability?
a. AH
b. ESP
c. IKE
d. ISAKMP
B. The Encapsulating Security Payload (ESP) protocol provides confidentiality and integrity for packet contents. It encrypts packet payloads and provides limited authentication and protection against replay attacks.
- Which one of the following cryptographic goals protects against the risks posed when a device is lost or stolen?
a. Nonrepudiation
b. Authentication
c. Integrity
d. Confidentiality
D. The greatest risk when a device is lost or stolen is that sensitive data contained on the device will fall into the wrong hands. Confidentiality protects against this risk.
- What logical operation is described by the truth table below?
a. OR
b. AND
c. XOR
d. NOR
C. The exclusive or (XOR) operation is true when one and only one of the input values is true.
- How many bits of keying material does the Data Encryption Standard use for encrypting information?
a. 56 bits
b. 64 bits
c. 128 bits
d. 256 bits
A. DES uses a 64-bit encryption key but only 56 of those bits are actually used as keying material in the encryption operation. The remaining 8 bits are used to detect tampering or corruption of the key.
- In the figure shown below, Harry’s request to write to the data file is blocked. Harry has a Secret security clearance and the data file has a Confidential classification. What principle of the Bell-LaPadula model blocked this request?
a. Simple Security Property
b. Simple Integrity Property
c. *-Security Property
d. Discretionary Security Property
C. The *-Security Property states that an individual may not write to a file at a lower classification level than that of the individual. This is also known as the confinement property.
- Florian and Tobias would like to begin communicating using a symmetric cryptosystem but they have no prearranged secret and are not able to meet in person to exchange keys. What algorithm can they use to securely exchange the secret key?
a. IDEA
b. Diffie-Hellman
c. RSA
d. MD5
B. The Diffie-Hellman algorithm allows for the secure exchange of symmetric encryption keys over a public network.
- Under the Common Criteria, what element describes the security requirements for a product?
a. TCSEC
b. ITSEC
c. PP
d. ST
C. Protection Profiles (PPs) specify the security requirements and protections that must be in place for a product to be accepted under the Common Criteria.
- Which one of the following is not one of the basic requirements for a cryptographic hash function?
a. The function must work on fixed-length input.
b. The function must be relatively easy to compute for any input.
c. The function must be one way.
d. The function must be collision free.
A. Hash functions must be able to work on any variable-length input and produce a fixed-length output from that input, regardless of the length of the input.
- How many possible keys exist for a cipher that uses a key containing 5 bits?
a. 10
b. 16
c. 32
d. 64
C. Binary keyspaces contain a number of keys equal to two raised to the power of the number of bits. Two to the fifth power is 32, so a 5-bit keyspace contains 32 possible keys.
- What cryptographic principle stands behind the idea that cryptographic algorithms should be open to public inspection?
a. Security through obscurity
b. Kerchoff principle
c. Defense in depth
d. Heisenburg principle
B. Kerchoff’s principle says that a cryptographic system should be secure even if everything about the system, except the key, is public knowledge.
- Referring to the figure shown below, what is the name of the security control indicated by the arrow?
Image reprinted from CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 7th Edition © John Wiley & Sons 2015, reprinted with permission.
a. Mantrap
b. Turnstile
c. Intrusion prevention system
d. Portal
A. Mantraps use a double set of doors to prevent piggybacking by allowing only a single individual to enter a facility at a time.
- Which one of the following does not describe a standard physical security requirement for wiring closets?
a. Place only in areas monitored by security guards.
b. Do not store flammable items in the closet.
c. Use sensors on doors to log entries.
d. Perform regular inspections of the closet.
A. While it would be ideal to have wiring closets in a location where they are monitored by security staff, this is not feasible in most environments. Wiring closets must be distributed geographically in multiple locations across each building used by an organization.
- In the figure shown below, Sally is blocked from writing to the data file by the Biba integrity model. Sally has a Secret security clearance and the file is classified Top Secret. What principle is preventing her from writing to the file?
a. Simple Security Property
b. Simple Integrity Property
c. *-Security Property
d. *-Integrity Property
D. The *-Integrity Property states that a subject cannot modify an object at a higher security level than that possessed by the subject.
- Which one of the following security controls is least often required in Bring Your Own Device (BYOD) environments?
a. Remote wiping
b. Passcodes
c. Application control
d. Device encryption
C. Companies with BYOD environments often require nonintrusive security controls, such as remote wiping capability, device passcodes, and full device encryption. They do not normally use application control to restrict applications because users object to the use of this technology to personally owned devices.
- What is the minimum number of independent parties necessary to implement the Fair Cryptosystems approach to key escrow?
a. 1
b. 2
c. 3
d. 4
B. In the Fair Cryptosystem approach to key escrow, the secret keys used in communications are divided into two or more pieces, each of which is given to an independent third party.
- In what state does a processor’s scheduler place a process when it is prepared to execute but the CPU is not currently available?
a. Ready
b. Running
c. Waiting
d. Stopped
A. The Ready state is used when a process is prepared to execute but the CPU is not available. The Running state is used when a process is executing on the CPU. The Waiting state is used when a process is blocked waiting for an external event. The Stopped state is used when a process terminates.
- Alan is reviewing a system that has been assigned the EAL1 evaluation assurance level under the Common Criteria. What is the degree of assurance that he may have about the system?
a. It has been functionally tested.
b. It has been structurally tested.
c. It has been formally verified, designed, and tested.
d. It has been methodically designed, tested, and reviewed.
A. EAL1 assurance applies when the system in question has been functionally tested. It is the lowest level of assurance under the Common Criteria.
- Which one of the following components is used to assign classifications to objects in a mandatory access control system?
a. Security label
b. Security token
c. Security descriptor
d. Security capability
A. Administrators and processes may attach security labels to objects that provide information on an object’s attributes. Labels are commonly used to apply classifications in a mandatory access control system.