Domain 3 - Security Architecture and Engineering Flashcards

1
Q

What is the reference monitor?

A

This is an component of the TCB and it is a validation mechanism composed of hardware, firmware and software. It enforces the system’s security policy and mediates all attempts by subjects to objects. It is essentially the access control enforcer of TCB.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a secure state machine?

A

This is a state machine model that if is fed a secure input and it produces a secure output. Therefore maintaining a secure state at all times.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What security models are based on state machine model and information flow model?

A

Bell-Lapudula and Bipa

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the sutherland model based on?

A

This is an integrity model based on system states.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the Goguen-Meseguer Model based on?

A

It is based on the non-interference model. The model is base don predetermined actions on predetermined objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the Graham-Denning Model

A

This is a model based on the secure creation and deletion of subjects and objects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the difference between the Graham-Denning model and HRU?

A

HRU considers subjects to be objects as well. The HRU does not have the transfer right. And it condenses the providing or removing rights into just adding or removing from access matrix.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the system modes of operations>

A
  1. Dedicated
  2. System High
  3. Compartmented
  4. Multi-Level
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the difference between monolithic kernel and micro-kernel?

A

Micro-kernels add functionality via loadable kernel modules. These modules can be run in user mode (ring 3) instead of supervisor mode. In monolithic kernels, functionality is compiled in one static executable. If functionality needs to be added it needs to be recompiled and rebooted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is data execution prevention?

A

This is a memory protection technique in which can be enabled via hardware or software. It prevents executable content not be able to be executed if it sits in memory that has not been marked as expecting executable content.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

When would be best to use a distributed control system (DCS)?

A

Where the need to gather data and implement control over a large-scale environment from a single location. This is suited to operating on a limited scale.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

When would a PLC be best used?

A

Where high reliable control is required for controlling systems on an assembly line or robotic devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

When would a SCADA be best used?

A

In instance where managing systems over large geographic areas is required.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are microservices?

A
  • Programming Design Architecture
  • Where small independent services communicate over well-defined APIs
  • Rather than one monolithic application
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a embedded system?

A

Any device with an OS that host at least one dedicated application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are examples of an embedded system?

A
  • Traffic Lights
  • Medical equipment
  • ATM
  • Printers
  • Thermostats
  • Digital watches and cameras
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are common issues with RTOS?

A

A concept related to High Performance Computing System. RTOS systems are often single-purpose (leaving little room for security). They are often using custom or proprietary code which may include unknown bugs or flaws.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Where is data processed in edge computing?

A

It is processed at the edge where each device at the edge will process its own data locally rather than sending it to a master processing entity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is the Lipner Model?

A

It combines both confidentiality and integrity (BLP + Biba).

20
Q

What is diffusion?

A

Order of the the plaintext should be dispersed in the ciphertext. This can be achieved through permutation/transposition.

21
Q

What is permutation?

A

Otherwise known as transposition, it is shifting or rearranging the characters of the plaintext.

22
Q

What is confusion?

A

Confusion is that the relationship between the plaintext and the ciphertext should be as random as possible.

23
Q

How can confusion be obtained?

A

By performing a series of substitutions, transpositions and exclusive-or (XOR) operations.

24
Q

What is knapsack?

A

This is an asymmetric cryptographic algorithm that is no longer used. It is one way, public key to encrypt and private key to decrypt. Therefore no authentication for signing.

25
Q

What certification format is PKI?

A

X.509

26
Q

What security concepts do digital signatures provide?

A

Authentication, Integrity and Non-repudiation. It does not provide confidentiality due to anyone with public key can decrypt data encrypted by private key. Original message is technically in plain-text.

27
Q

What technique can be used to break public key encryption (especially the older versions of RSA)?

A

Chosen ciphertext.

28
Q

What type of attack is fault injection?

A

Side-channel attack. Fault is injected to observe the response/behaviour of the system

29
Q

What happens in overpass the hash?

A

This is similar to pass the hash. The difference is if NTLM is disabled. This would be used instead. NTLM hashes are still stored in memory if NTLM is disabled.

30
Q

What happens in pass the ticket?

A

Attackers attempt to harvest tickets held in the lsass.exe process. Attackers inject the ticket to impersonate a user.

31
Q

What can kerberoasting attempt to find?

A

Kerberoasting can attempt to find users that don’t have Kerberos pre-authentication enabled and therefore attempt ASREProast after.

32
Q

What is the difference between Kerberoasting and Silver Ticket.

A

In silver ticket, a captured NTLM has of a service account is used to created a TGS Ticket. Kerberoasting is the capturing of these TGS tickets. These harvested TGS tickets is then cracked offline.

33
Q

What is key clustering?

A

When two different keys generate the same ciphertext from the same plaintext.

34
Q

What is known key?

A

When attacker knows something about the key and can use this knowledge to decrease the cracking time.

35
Q

What are the controls of Crime Prevention Through Environmental Design (CPTED)?

A
  1. Natural access control
  2. Natural Surveillance
  3. Territorial Reinforcement
36
Q

What is the intention of CPTED?

A

To create behavioural changes in people in those areas to reduce crime and reduction of the fear of crime.

37
Q

What is a blackout?

A

A blackout is a prolonged loss of power.

38
Q

What is a fault?

A

A fault is a momentary loss of power.

39
Q

What is a brownout?

A

Brownout is a prolonged degradation of low voltage.

40
Q

What is a sag?

A

A sag is a momentary degradation of low voltage

41
Q

What is a surge?

A

A prolonged high voltage

42
Q

What is a spike?

A

A momentary high voltage

43
Q

What is transient?

A

Electrical noise of a short duration

44
Q

What is a inrush?

A

Initial surge of power at startup.

45
Q

What is the recommended replacement for Halon? What concentration may be breathed in?

A

FE-13. May be breathed in concentrations of up to 30%.

46
Q
A