Domain 3 - Security Architecture and Engineering Flashcards

Question 1

Q

Zero Trust Security

Answer

A

○ Addresses limitations of legacy network perimeter-based security model
○ Treats user identity as the control plane
Assumes compromise/ breach in verifying every request, no entity is trusted by default, verify identity, manage device, manage apps, protect data

Question 2

Q

Secure defaults (secure design principles)

Answer

A

default configuration reflects a restrictive and conservative enforcement of security policy, taken from NIST 800-160

Question 3

Q

Fail securely (secure design principles)

Answer

A

default configuration reflects a restrictive and conservative enforcement of security policy, taken from NIST 800-160

Question 4

Q

Trust but verify (secure design principles)

Answer

A

depends on initial authentication process to gain access to the internal “secured” environment then relied on generic access control methods, taken from NIST 800-160, given way to zero trust

Question 5

Q

Privacy by design (secure design principle)

Answer

A

making privacy and integral part of every system, tech, policy, and design process
§ Proactive and not reactive approach
§ Privacy as the default setting
§ Privacy embedded into design, not added later
§ Privacy should be positive-sum approach, not zero-sum, needs of everybody are met
§ End to end full lifecycle data protection
§ Visibility and transparency, i.e. privacy policy explaining what company does with data
Keep privacy user-centric, i.e. in GDPR the customer can request data and tell them to “forget” them

Question 6

Q

Security-aaS

Answer

A

cloud provider concept in which security is provided to an org through and online entity

Question 7

Q

internet of things (IoT)

Answer

A

class of devices connected to internet in order to provide automation, remote control, or AI processing in home or business, plugs, thermostats, speakers, etc

Question 8

Q

SIEM

Answer

A

sec information and event management, collects data from many sources, provides real time monitoring, traffic analysis of potential attacks, often use AI, ML and threat intel

Question 9

Q

SOAR

Answer

A

sec orchestration automation and response, threat specific playbooks, response may be fully automated or single click, domain 8, delivered with SIEM typically

Question 10

Q

Microservices

Answer

A

fine grained services with a discrete function, more modern version of SOA to cloud computing, run on Docker/ kubernetes

Question 11

Q

SOA (service oriented architecture)

Answer

A

creation of discrete services that may be accessed by users in black box fashion (don’t know whats going on under the hood)

Question 12

Q

code level vulnerabilities

Answer

A

should be identified early in development lifecycle via static code analysis and dynamic testing to identify deficiencies before release

Question 13

Q

containerization

Answer

A

lightweight, granular, portable way to package apps for multiple platforms, reduces overhead of server virtualization by enabling containerized apps to run on a shared OS kernel, containers don’t have their own OS, sharing OS of host, test focuses on devops security (container level) and application level security (Authentication and Authorization)

Question 14

Q

API

Answer

A

set of exposed interfaces allow for program interaction between services, REST uses HTTPS for web comms to offer API end points, all comms between client and server should be encrypted and access limited with API keys, storage/ dist/ transmission of access keys should be done in secure fashion

Question 15

Q

Embedded Systems

Answer

A

tech component of an IOT device, full computer system embedded inside a larger system, ie printers/ drones/ semi autonomous vehicles, consider authentication practices to ensure they meet security best practices (avoid implied trust)

Question 16

Q

high performance computing

Answer

A

alternative to client/ server computing model for intensive operations with large data sets, for problems that require large-scale parallel processing, SETI project where individuals can volunteer their compute time i.e. grid computing

Question 17

Q

grid computing

Answer

A

employs a centralized controller that makes computing assignments to grid members, secure the grid controller

Question 18

Q

edge computing

Answer

A

some compute operations require processing activities to occur locally not in the cloud, common in IOT scenarios like agricultural, science/ space, military, ie watering plants in a field by sensing moisture, kiosk in a drug store, consider encryption, spoofing protection and authentication

Question 19

Q

fog computing

Answer

A

places gateway devices in the field to collect and correlate data centrally at the edge, version of edge computing

Question 20

Q

Serverless (Function as a service FaaS)

Answer

A

different that PaaS, more granular, less decisions around service tier and scale, azure functions and AWS Lambda

Question 21

Q

IaaS

Answer

A

CSP: networking, storage, servers, virtualization

You: OS, middleware, runtime, data, apps

Question 22

Q

PaaS

Answer

A

CSP: networking, storage, servers, virtualization, OS, middleware, runtime

You: data, apps

Question 23

Q

SaaS

Answer

A

CSP: networking, storage, servers, virtualization, OS, middleware, runtime, data, apps

You: n/a

Question 24

Q

Public cloud

Answer

A

everything runs on CSPs hardware, advantages include scalability, agility, pay as you go, no maintenance, low skills

Question 25

Q

Private cloud

Answer

A

cloud environment in your own datacenter, legacy support (can support older versions vs public which will typically always be latest versions), control, compliance

Question 26

Q

Hybrid (cloud model)

Answer

A

combines public and private allowing every app to run in the right location, connect the 2 clouds with VPN, flexible in legacy, compliance, and scalability

Question 27

Q

CASB

Answer

A

cloud access security broker, security policy enforcement solution, ie ensuring specific users only use the applications we have in place, prevent sensitive information from being shared externally, solves problem of shadow IT

Question 28

Q

Post quantum cryptography

Answer

A

development of new kinds of cryptographic approaches that can be implemented using todays conventional computers, but will be resistant to quantum computing attacks of the future

Question 29

Q

Symmetric encryption (shared key)

Answer

A

bulk encryption, fast, holds up well to quantum, uses 1 shared secret key

Question 30

Q

Grovers algorithm

Answer

A

quantum computer speeds up attacks to halve the key length, 256 bit key is as strong against quantum as 128 bit

Question 31

Q

Shors algorithm

Answer

A

quantum can easily break all commonly used PK alogorithms, RSA is vulnerable, Elliptic curve is vulnerable, Lattice offers some resistance against quantum

Question 32

Q

lattice

Answer

A

makes up most publications on post-quantum cryptography, QUANTUM RESISTANT

Question 33

Q

Stream cipher

Answer

A

symmetric key, one character at a time

Question 34

Q

Block cipher

Answer

A

crypto key and algo are applied to a block of data at once as a group

Question 35

Q

Substitution cipher

Answer

A

replace each character with a different character

Question 36

Q

transposition

Answer

A

rearrange the letters of a plaintext message to form ciphertext

Question 37

Q

Initialization vector (IV)

Answer

A

random bit string (nonce) that is XORed with the message to reduce predictability and repeatability, same length as the block size or as large as the encryption key

Question 38

Q

Caesar, vigenere, one-time pad

Answer

A

similar STREAM ciphers, difference is key length, caeser=1, vigenere=longer key like a word/ sentence, one-time pad=same length as the message

Question 39

Q

one time pad

Answer

A

key must be generated randomely, as long as message to be encrypted, pads be protected against disclosure, pad must be used one-time then discarded

Question 40

Q

zero knowledge proof

Answer

A

communication concept, specific type of info is exchanged but no real data is transferred, ie digital signature and digital certificate, enables one to prove knowledge of a fact without revealing the fact

Question 41

Q

split knowledge

Answer

A

information/ priv required to perform an operation is divided among multiple users, ensures no single person has sufficient priv to compromise security, role seperation

Question 42

Q

work function

Answer

A

aka work factor, measure strength of crypto system by measuring cost/ time to decrypt, work function rating typically represents the amount of time to complete a brute-force attack against a crypto system, TIME AND EFFORT TO BREAK A PROTECTIVE MEASURE

Question 43

Q

key security

Answer

A

crypto keys provide security to crypto system, modern systems utilize keys of at least 128 bits

Question 44

Q

symmetric encryption

Answer

A

shared secret key, faster, lacks support for scalability/ easy key distro/ nonrepudiation

AES > block > 128
Blowfish > 64
DES > block > 64 > weak
3DES > block > 64 > moderate
RC4 > stream cipher

RC5 > RSA block mode cipher > 32/63/128 > VERY strong

Skipjack > 64
Twofish > 128

Question 45

Q

Asymmetric

Answer

A

PKI for communication between parties, supports scalability, easy key distribution, and nonrepudiation, public and private key pairs, stronger than symmetric, encrypt with recipients public key, digital signature signed with own private key

RSA > key transport > 512 > strong
Diffie Hellman > key exchange > moderate
El Gamal > key exchange > very strong
ECC > elliptic curve > very strong

Question 46

Q

Electronic Codebook Mode (ECB)

Answer

A

DES/3DES mode
simplest and least secure, 64-bit blocks, easy to break

Question 47

Q

Cipher block chaining (CBC)

Answer

A

DES/3DES mode
each block of unencrypted text is XORed w/ block of ciphertext immediately preceding. Decryption process simply decrypts ciphertext and reverse the XOR operation,

Question 48

Q

Cipher feedback (CFB)

Answer

A

streaming version of CBC, works on data in real time, uses chaining so errors propogate

Question 49

Q

Output feedback (OFB)

Answer

A

operates similar to CFB but XORs plaintext with a seed value, no chaining function so errors do not propogate

Question 50

Q

Counter (CTR)

Answer

A

incrementing value instead of a seed, errors do not propogate

Question 51

Q

XOR Cipher

Answer

A

exclusiveOR, flipping bits in a simple systemic fashion, when values match = 1, when values don’t match = 0.

Question 52

Q

Key clustering

Answer

A

weakness where plaintext message generates identical ciphertext message using same algo but different keys, similar to hash collision, same reason why MD5 is no longer used

Question 53

Q

Hash functions

Answer

A

allow input of any length, provide fixed length output, easy to compute hash function, must be irreversible, must be collision free. MD5 not used anymore, sha-256 is the standard

HMAC - variable hash value length > very strong
MD5 > 128 > weak
SHA1 > 160 > weak
SHA2 > 256 > strong > current standard
SHA3 > 384 > strong
SHA5 > 512 > strong

Question 54

Q

Salt

Answer

A

random data added before hashing, reduces effectiveness of rainbow table attacks`

Question 55

Q

Digital signature standard (DSS)

Answer

A

uses SHA-1, SHA-2 (must use SHA-256 these days), and SHA-# message digest functions, works with Digital signature algo (DSA), Rivest, Shamir, Adleman (RSA) algo, and Eliptic Curve DSA (ECDSA) algo, FIPS-186-4 (digital signature standard)

Question 56

Q

PKI

Answer

A

Certificate authorities (CAs) generate digital certificates containing public keys of system users, Users then distribute certificates to people with whom they want to communicate, recipients verify a certificate using CAs public key, used for web/ network/ email security

Question 57

Q

Email encryption

Answer

A

standards for encrypted messages include S/MIME and Pretty Good Privacy (PGP)

Question 58

Q

Web encryption

Answer

A

standard is HTTP over TLS (HTTPS), this has replaced SSL

Question 59

Q

Network encryption

Answer

A

Ipsec is standard

Question 60

Q

IPsec

Answer

A

secure communication over IP, transport mode or tunnel mode, establish direct communication between computers or over VPN, windows OS can Ipsec between computers, uses 2 protocols - Authentication header (AH) and encapsulating security payload (ESP)

Question 61

Q

Meet in the middle attack

Answer

A

exploits protocols using 2 rounds of encryption

Question 62

Q

Man in the middle attack

Answer

A

fools both parties into communicating with the attacker instead of directly with each other

Question 63

Q

Birthday attack

Answer

A

attempts to find collisions in hash functions

Question 64

Q

Replay attack

Answer

A

attempt to reuse authentication requests

Answer 65

A

allows content owners to enforce restrictions, common in entertainment ie music/ movies/ books, occasionally found in enterprise to protect sensitive info

Answer 66

A

most famous public key crypto system

Answer 67

A

Public key cryptosystem, Based on Diffie-Hellman key exchange, less common than RSA

Answer 68

A

public key cryptosystem, provides more security than other algos with same length key

Answer 69

A

formalize security policy, implemented by enforcing integrity, confidentiality, or other controls, lay out broad guidelines (not specific), up to the developer to decide how models will be integrated into specific designs, map abstract statements into sec policy, determines what subjects can access system and what objects they will have access to

Answer 70

A

describes rules for read, subject cannot read data at a higher classification level (no read up)

Answer 71

A

describes rules for write

Answer 72

A

rules around invocation (calls), such as to subjects

Answer 73

A

system that is always secure no matter what state its in, based on finite state machine (FSM), “state” is a snapshot of a system at a moment in time, all state transitions must be evaluated, if each transition results in a secure state then the system is a “secure state machine”,

Answer 74

A

focuses on flow of information, Biba and Bell-Lapadula

Answer 75

A

prevent info flow from high security to low security level, no read up no write down, CONFIDENTIALITY, government (DoD), uses mandatory access control (MAC) to enforce DoD multilevel sec policy, simple security property and star * sec property, no read up no write down, lattice based

Answer 76

A

focuses on flow from low to high security level, INTEGRITY, no read down no write up, simple integrity property (no read down), star * integrity property (no write down), lattice based, invocation property prohibits subject from invoking subject at a higher integrity level

Answer 77

A

how actions of a subject at a higher security level affect the system or actions of a subject at a lower security level, ensures that actions of different objects/ subjects arent seen by/ interfere with other objects/ subjects on the same system

Answer 78

A

based on interaction between objects (resources, computers, and applications) and subjects (individuals, groups, organizations), used to define levels of security that an object may have and that a subject may have access to

Answer 79

A

access control triple, INTEGRITY, uses security LABELS to grant access, constrained data item (CDI), unconstrained data item (UDI), integrity verification procedure (IVP), Transformation procedures (TPs), access control triplet!!

Answer 80

A

THE non-interference model, INTEGRITY

Answer 81

A

preventing interference (Information flow and SMM)

Answer 82

A

Chinese wall, CONFIDENTIALITY, prevent conflict of interest problems

Answer 83

A

employs a directed graph, CONFIDENTIALITY, 4 operations (take, grant, create, and revoke)

Answer 84

A

Clark Wilson model, any data item whose integrity is protected by the sec model

Answer 85

A

Clark Wilson model, any data item that is not controlled by the sec model

Answer 86

A

Clark Wilson model, scans data items and confirms integrity

Answer 87

A

Clark Wilson model, procedures that are allowed to modify a constrained data item (CDI)

Answer 88

A

authenticated principal (subjects/ users) > programs (transformational procedures) > data items (Objects/ UDIs/ CDIs), refers to relationship between users, programs and a set of data items, used in Clark Wilson model

Answer 89

A

protections rules where each object has an owner and a controller, focused on secure creation and deletion of both subjects and objects, 8 primary protection rules that define the boundaries of certain secure actions, securely create object/ subject, securely delete object/ subject, securely provide the read/ grant/ delete/ transfer access right

Answer 90

A

clearance that permits access to ALL info, approval for ALL info, valid need-to-know for ALL info

Answer 91

A

can process info at different levels even when all system users do not have required sec clearance

Answer 92

A

each user must have valid clearance, access approval for ALL info, and valid need-to-know for SOME info on a system. Offers most GRANULAR control over resources and users of these models

Answer 93

A

one step further than system high, each user must have valid clearance, access approval for ALL INFO processed by a system, but requires valid need to know for ALL INFO they will have access to on the system

Answer 94

A

combo of hardware, software, and controls that work together to form a “trusted base” that enforces sec policy, subset of the complete information system, portion that can be trusted to adhere/enforce sec policy, separated by a security perimeter from the untrusted parts of the system, creates secure channels to communicate w/ rest of system

Answer 95

A

logical part of TCB that confirms whether subject has right to use a resource prior to granting access, ENFORCES ACCESS CONTROL

Answer 96

A

collection of TCB components that implement the functionality of the reference monitor, IMPLEMENTS ACCESS CONTROL

Answer 97

A

enable objective evaluation to validate a product/ system satisfies a defined set of sec requirements, gold standard, has replaced BOTH TCSEC and ITSEC
1. description of assets
2 identification of threats
3 analysis and rating of threats
4 determination of sec operations
5 selection of sec functional requirements
levels 1 through 7 vary from minimal/no protection up to verified security design

Answer 98

A

flavor of common criteria (ISO-IEC 15408), black box

Answer 99

A

flavor of common criteria (ISO-IEC 15408), white box, see chart below!! White box

Answer 100

A

set of criteria for evaluation computer sec within products and systems, REPLACED BY COMMON CRITERIA

Answer 101

A

represents initial attempt to create sec evaluation criteria in Europe. ITSEC uses 2 scales to rate functionality and assurance, REPLACED BY COMMON CRITERIA

Answer 102

A

method to pass info over a path that is not normally used for comms, since its not used it may not be protected by sec controls, i.e. steganography, 2 types: covert timing and covert storage

Answer 103

A

chip that lives on motherboard, storage/ management of keys used for disk encryption, provides OS with access to keys but prevents drive removal and data access

Answer 104

A

enforces access policy determined by the system not the object owner, relies on classification labels that are representative of sec domains and realms, every object/ subject has one or more labels, labels are predefined and system determines access based on labels

Answer 105

A

classification labels are assigned in an ordered structure from low to medium to high security, type of MAC

Answer 106

A

requires security clearances over compartments/ domains instead of objects, type of MAC

Answer 107

A

contains levels with compartments that are isolated from the rest of the sec domain, combines both hierarchical and compartmentalized environments so that sec levels have sub compartments, type of MAC

Answer 108

A

permits owner of an object to control/ define its accessibility, because the owner has full control by default, at the discretion of the owner

Answer 109

A

enables enforcement of system-wide restrictions that override object specific access control

Answer 110

A

well-defined collection of named job roles to endow each one with specific permissions, ensures users in each role have access to get their jobs done, i.e. global admin/ security reader/ normal user

Answer 111

A

technical evaluation of each part of a comp system to assess its alignment with sec standards

Answer 112

A

formal acceptance of certified configuration from a designated authority

Answer 113

A

designed using industry standards, easy to integrate with other open systems

Answer 114

A

proprietary hardware and software, specifications are not normally published, harder to integrate with other systems

Answer 115

A

restricts process to reading from and writing to certain memory locations

Answer 116

A

are the limits of memory a process cannot exceed when reading or writing

Answer 117

A

mode a process runs in when it is confined through the use of memory bounds

Answer 118

A

something you know (pin or password), something you have (trusted device), something you are (biometric)

Answer 119

A

process of proving that you are who you say you are, IDENTITY

Answer 120

A

act of granting an authenticated party permission to do something, ACCESS

Answer 121

A

simultaneous execution of more than one application on a comp and is managed by the OS

Answer 122

A

permits multiple concurrent tasks to be performed within a single process

Answer 123

A

use of more than one processor to increase compute power

Answer 124

A

similar to multitasking, takes place on mainframe systems and requires specific programming, MULTITASKING FOR MAINFRAME

Answer 125

A

operate at only one security level at a time vs multiple sec levels

Answer 126

A

apps operate in a limited instruction set environment known as user mode, normal end user operations

Answer 127

A

controlled ops are performed in privileged mode aka system mode, kernel mode, supervisory mode

Answer 128

A

contents burned in at factory, read only

Answer 129

A

static RAM (SRAM) uses flip flops, dynamic RAM (DRAM) uses capacitors

Answer 130

A

programmable chip similar to ROM, subtypes: erasable (EPROM) for overwriting with unclassified data, Ultraviolet (EPROM) uses UV light to erase, Electronically erasable PROM (EEPROM) uses electrical voltage to erase

Answer 131

A

derivative of EEPROM, nonvolatile, can be electronically erased and rewritten

Answer 132

A

same as memory

Answer 133

A

consists of magnetic, flash, and optical media that must first be read into primary memory before the CPU can use the data, 3 SECURITY ISSUES: removable media can be used to steal data ie USB drives, access controls and encryption must be applied to protect data, data can remain after deletion/ formatting

Answer 134

A

devices can be read at any point

Answer 135

A

require scanning through all the data physically stored before the desired location

Answer 136

A

software stored on a ROM chip containing basic instructions to start computer, provide OS instructions in peripherals like printers/ keyboards etc

Answer 137

A

ensures that individual processes can only access their own data

Answer 138

A

creates different realms of security within a process and limits comms between them

Answer 139

A

creates a black box interface for programmers to use without requiring knowledge of algo/ devices inner workings

Answer 140

A

prevents info from being read at a different sec level, hardware segmentation enforces this with physical controls

Answer 141

A

inform design/ development/ implementation/ testing/ maintenance of systems,

Answer 142

A

processing/ storage are performed over a network connection instaed of locally (Azure, AWS, GCP)

Answer 143

A

Virtual machine management/ creator/ operator, Type 1 = 1 bare metal, type 2 = runs on a standard OS and the hypervisor is an app ie virtualbox/ vmware workstation

Answer 144

A

cloud access sec broker, sec policy enforcement, prevents shadow IT, installed on-prem or in the cloud, ensure only secure apps are used in your environment, ensure data is not stored in unauthorized repos (only approved storage locations)

Answer 145

A

security is provided to an org by an online entity

Answer 146

A

mobile devices offering app installs, may use on-device or cloud AI processing

Answer 147

A

class of devices connected to internet to provide automation, remote control, or AI processing in a home/ business ie smart switches/ thermostats/ alexa/ cars

Answer 148

A

encryption, remote wiping (can be selective for business data), screen locking, GPS, app control, apps and functions NEED TO BE SECURED, concepts include key management/ cred management/ authentication/ geotagging/ encryption/ app whitelisting/ transitive trust and authentication

Answer 149

A

policy that allows employees to use their personal mobile devices to access business info/ resources, may improve morale but INCREASES SEC RISKS, MDM platforms like intune offer solutions

Answer 150

A

designed around a limited set of specific functions, in relation to the larger product of which it’s a component, ie motion sensors/ lighting system/ wifi routers/ cash registers

Answer 151

A

apps/ Oss/ hardware sets/ networks that are configured for a specific need, capability, or function and then set to remain UNALTERED

Answer 152

A

ensures a minimum number of processes are authorized to run in supervisory/ system mode, also applies to role based access where people are given what they need to do their jobs and not more

Answer 153

A

separating privs that any one entity can perform, aka role separation

Answer 154

A

ensures that an audit trail exists

Answer 155

A

occurs when programmer fails to check size of input data prior to writing data into a specific memory location, overwrites the bounds of memory for which it has been granted access, programmers can also leave backdoors and privileged programs on system after deployment, some systems are susceptible to time-of-check-to-time-of-use (TOTTOU) attacks where state change presents opportunity for attacker to compromise system

Answer 156

A

where state change presents opportunity for attacker to compromise system

Answer 157

A

as each one fails they move to the next Deterrence > denial > detection > delay > determine (what is occuring) > decide (whether to aprehend, collect evidence)

Answer 158

A

(site management/ personnel controls/ awareness training/ emergency response and procedures/facility selection and management/ policy)

Answer 159

A

(access control/ IDS/ alarms/ CCTV/ fire detection)

Answer 160

A

for physical security, fences/lights/locks/mantraps/dogs/guards, VERY IMPORTANT, no amount of admin or logical/technical controls can provide adequate security without control over physical environment!!

Answer 161

A

deter casual trespasser (3-4 feet), too hard to climb easily (6-7 feet), will deter intruders (8 feet+ with barbed wire)

Answer 162

A

humidity (40-60%, any higher causes corrosion any lower causes static), temps for computers 60-75 F damaged at 175F, storage devices damaged at 100F

Answer 163

A

blackout=prolonged loss of power, brownout=prolonged low voltage, fault=short loss of power, surge=prolonged high voltage, spike=temporary high voltage, sag=temporary low voltage

Answer 164

A

8 feet high with 2 feet candle power

Answer 165

A

Class A (ASH)=common combustibles ie wood/paper=extinguish with water or soda acid, Class B (BOIL)=burning alcohol/oil/other petroleum=extinguish with gas or soda acid NOT water, Class C (CONDUCTIVE)=electrical=extinguish with any type of gas, Class D (DILYTHIUM)=burning metals=extinguished with dry powder, Class K (KITCHEN)=oil or grease=extinguish with wet chemicals

Answer 166

A

smoke, heat, or flame sensing

Answer 167

A

smoke damages storage devices, heat damages electronics, suppression mediums can cause short circuits

Answer 168

A

preaction systems= BEST FOR COMPUTER SYSTEMS closed sprinkler heads, pipe is charged with compressed air instead of water / wet pipe systems=filled with water, dry pipe systems= compressed air until water is needed (useful for parking garages etc where water freezes) / Deluge systems=sprinkler heads are open and larger than dry pipe heads, empty at normal air pressure and water is held back by deluge valve / NOT FOR ELECTRICAL FIRES

Answer 169

A

more effective than water but shouldn’t be used near people because it removes O2 from the air, Halon is effective but bad for environment and toxic at over 900F, Halon replacements = FM-200, CEA-410, NAF-S-III, FE-13, ARGON, Inergen, Aero-K

Answer 170

A

common mode noise=difference in power between hot and ground wires of a power source operating electrical equipment, traverse mode noise=difference in power between hot and neutral wires of a power source operating electrical equipment,

Answer 171

A

generated by electrical applicances/ light sources/ cables/ circuits/ etc.

Answer 172

A

40 - destroys sensitive circuits
1000 scrambles monitors
1500 destroys hard drive data
2000 abrupt shutdown
4000 printer jam
17000 - permanent circuit damage

Answer 173

A

○ Electronic combo locks - aka cipher lock, something you KNOW
○ Key card systems - something you HAVE
○ Biometric systems - something you ARE
Conventional locks - easily picked/ bumped, keys easily duplicated, least secure, pick and bump resistant exist

Answer 174

A

visibility, accessibility, effects of natural disasters

Answer 175

A

understand level of security needed and plan for it before construction begins

Answer 176

A

should NOT be equal access to all locations, high value assets require restricted access, should be located at CENTER OF PROTECTION, centralized server rooms don’t need to be human compatible

Answer 177

A

propping doors, bypassing locks or access controls, masquerading is using someone elses ID, guard or monitoring system MUST be present, piggybacking/ tailgating is following someone through secure gateway/ doorway

Answer 178

A

assign an escort, monitor activities and access, badges

Answer 179

A

used to retain logs, drive images, VM snapshots, PROTECTIONS INCLUDE: locked cabinets/ safes, dedicated isolated storage facilities, offline storage, access restrictions and activity tracking, hash management and encryption

Answer 180

A

useful for managing physical access control, may need to be created manually by security guards or automatically by smartcards etc, monitor with CCTV, important to reconstruct the events of an intrusion/ attack

Answer 181

A

most electronic equipment requires clean power, UPS self charging battery that can supply consistent clean power to sensitive equipment, can supply power for minutes or hours depending on size, then generators after that

Answer 182

A

does not authenticate users before relaying their message, if internet exposed they are typically quickly exploited

Answer 183

A

capacitance=electromagnetic field

Answer 184

A

governs digital certificates and PKI, defines processes used by CAs, international telecommunications union (ITU) standard

Brainscape's Knowledge GenomeTM

Domain 3 - Security Architecture and Engineering Flashcards

Brainscape's Knowledge Genome^TM