Domain 3 - Security Architecture and Engineering

Question 1

Caesar Cipher

Answer 1

Simple substitution cipher – Moved character 3 spaces

Subject to package analysis

Question 2

Symmetric Vs Asymmetric

Answer 2

Symmetric - same key to encrypt and decrypt

Asymmetric - different keys to encrypt and decrypt

Question 3

Vignere cipher

Answer 3

First polyalphabetic cipher

Question 4

Enigma machine

Answer 4

used by Japan during WWII

Question 5

PAIN of cryptography

Answer 5

PAIN 
Privacy
Authenticity
Integrity
Non-repudiation

Question 6

Initialization vector

Answer 6

Random bit string added that is the same length as the block size. XOR

Question 7

Name a stream cipher

Answer 7

RC4

Question 8

Symmetric

Answer 8

Relies on the use of a shared secret key

Pros
-Fast 
-Good strong privacy 
Cons
-out of band key distribution
-doesn't scale well
-does not provide non-repudiation

Question 9

Symmetric cipher types

Answer 9

Stream

Block

Question 10

Asymmetric cryptography

Answer 10

Every user has a key pair - private and public key

Question 11

Asymmetric Algorithms

Answer 11

SA’s
E’s
DH

Question 12

Asymmetric Algorithms

Answer 12

SA's
RSA & DSA 
ECC & El Gamal
DH (Dougie Houseer has a backpack)
Diffie Hellman & Knapsack

Question 13

Standard for digital signatures

Answer 13

RSA

Question 14

What algorithm uses factorization

Answer 14

RSA

Question 15

First asymmetric algorithm

Answer 15

Diffie Hellman

Question 16

ECC

Answer 16

Elliptical Curve Cryptography

Based on points on a curve
Very efficient but only for key agreement (digital signatures)
Used on handheld devices

Question 17

Usually the standard and answer for any Symmetric questions….

Answer 17

AES

Unless PGP then its IDEA

Question 18

What keys are mathematically related

Answer 18

Asymmetric

Question 19

Birthday attack

Answer 19

attempts to find collisions in hash functions

Question 20

MD-5 how many bits

Answer 20

128

Question 21

SHA-1 how many bits

Answer 21

160

Question 22

SHA-2 how many bits

Answer 22

256, 384, 512….

Question 23

Transposition cipher

Answer 23

uses an encryption algorithm to rearrange the letters of a plaintext message

Question 24

Stream ciphers

Answer 24

Caesar - one
Vignere - word or sentence
One-time pad - key as long as the message itself

Question 25

zero - knowledge proof

Answer 25

enables one to prove knowledge of a fact without revealing the fact itself

Question 26

split knowledge

Answer 26

ensures that no single person has sufficient privileges to compromise the security of an environment

Question 27

Work function/Work factor

Answer 27

Time and effort required to break a protective mechanism

Question 28

DES and 3DES modes

Answer 28

Electronic Codebook Mode (ECB). Simplest and least secure

Cipher Block Chaining (CBC).

Cipher Feedback (CFB) .. uses chaining so error propagate

Question 29

XOR Cipher

Answer 29

Flipping of bits

binary values match = 0
don’t match = 1

Question 30

IPSEC two modes

Answer 30

Transport Mode
Tunnel Model

Protocols - Authentication Header (AH)
Encapsulating Security Protocol (ESP)

Question 31

Replay attack

Answer 31

an attempt to reuse authentication requests

Question 32

Security Models

Answer 32

Integrity (focus)

• Biba (State machine model)
• Clark-Wilson - access control triple—question is about lattice
• Goguen-Meseguer

Confidentiality
-Bell-LaPadula - no read up, no read down-state machine that enforces confidentiality..uses MAC to enforce security policy

• Brewer and Nash
• Take Grant

Question 33

Bell LaPadula security model

Answer 33

Enforces confidentiality
Uses MAC to enforce DoD multilevel security policy (Gov)

Cannot read up
Cannot write down

Question 34

Biba security model

Answer 34

Integrity
No read down
No write up

Question 35

Clark-Wilson

Answer 35

Integrity
No read down
No write down

Question 36

Take Grant model

Answer 36

confidentiality based

supports four basic operations - take, grant, create, and revoke

Question 37

Brewer and Nash (Chinese Wall)

Answer 37

Confidentiality based

developed to prevent conflict of interest

Question 38

Graham-Denning model

Answer 38

Focused on the secure creation and deletion of both data and subjects

Question 39

Trusted Platform Module

Answer 39

Chip that resides on the motherboard chip

Question 40

Access control types

Answer 40

Mandatory (MAC) - enforces policy that is determined by the system, not the object owner. Relies on classification labels.

Question 41

Discretionary Access Control (DAC)

Answer 41

Permits the owner or creator of an object to control and define its accessibility

Question 42

Non-discretionary access control

Answer 42

Enables the enforcement of system-wide restrictions that override object-specific access control.

Question 43

Rule based access control

Answer 43

Usually found in firewalls

Question 44

Role-Based Access Control

Answer 44

Uses well-defined collection of named job-roles that have specific permissions.

Question 45

Techniques for ensuring CIA.

Answer 45

Confinement - restricts a process to reading from and writing to certain memory locations.

Bounds - limits of memory a process cannot exceed when reading or writing.

Isolation - the mode a process runs in when it is confined through the use of memory bounds.