Domain 3 - Security Architecture and Engineering

Question 1

What is the reference monitor?

Answer 1

This is an component of the TCB and it is a validation mechanism composed of hardware, firmware and software. It enforces the system’s security policy and mediates all attempts by subjects to objects. It is essentially the access control enforcer of TCB.

Question 2

What is a secure state machine?

Answer 2

This is a state machine model that if is fed a secure input and it produces a secure output. Therefore maintaining a secure state at all times.

Question 3

What security models are based on state machine model and information flow model?

Answer 3

Bell-Lapudula and Bipa

Question 4

What is the sutherland model based on?

Answer 4

This is an integrity model based on system states.

Question 5

What is the Goguen-Meseguer Model based on?

Answer 5

It is based on the non-interference model. The model is base don predetermined actions on predetermined objects.

Question 6

What is the Graham-Denning Model

Answer 6

This is a model based on the secure creation and deletion of subjects and objects

Question 7

What is the difference between the Graham-Denning model and HRU?

Answer 7

HRU considers subjects to be objects as well. The HRU does not have the transfer right. And it condenses the providing or removing rights into just adding or removing from access matrix.

Question 8

What are the system modes of operations>

Answer 8

1. Dedicated
2. System High
3. Compartmented
4. Multi-Level

Question 9

What is the difference between monolithic kernel and micro-kernel?

Answer 9

Micro-kernels add functionality via loadable kernel modules. These modules can be run in user mode (ring 3) instead of supervisor mode. In monolithic kernels, functionality is compiled in one static executable. If functionality needs to be added it needs to be recompiled and rebooted.

Question 10

What is data execution prevention?

Answer 10

This is a memory protection technique in which can be enabled via hardware or software. It prevents executable content not be able to be executed if it sits in memory that has not been marked as expecting executable content.

Question 11

When would be best to use a distributed control system (DCS)?

Answer 11

Where the need to gather data and implement control over a large-scale environment from a single location. This is suited to operating on a limited scale.

Question 12

When would a PLC be best used?

Answer 12

Where high reliable control is required for controlling systems on an assembly line or robotic devices.

Question 13

When would a SCADA be best used?

Answer 13

In instance where managing systems over large geographic areas is required.

Question 14

What are microservices?

Answer 14

• Programming Design Architecture
• Where small independent services communicate over well-defined APIs
• Rather than one monolithic application

Question 15

What is a embedded system?

Answer 15

Any device with an OS that host at least one dedicated application.

Question 16

What are examples of an embedded system?

Answer 16

• Traffic Lights
• Medical equipment
• ATM
• Printers
• Thermostats
• Digital watches and cameras

Question 17

What are common issues with RTOS?

Answer 17

A concept related to High Performance Computing System. RTOS systems are often single-purpose (leaving little room for security). They are often using custom or proprietary code which may include unknown bugs or flaws.

Question 18

Where is data processed in edge computing?

Answer 18

It is processed at the edge where each device at the edge will process its own data locally rather than sending it to a master processing entity.

Question 19

What is the Lipner Model?

Answer 19

It combines both confidentiality and integrity (BLP + Biba).

Question 20

What is diffusion?

Answer 20

Order of the the plaintext should be dispersed in the ciphertext. This can be achieved through permutation/transposition.

Question 21

What is permutation?

Answer 21

Otherwise known as transposition, it is shifting or rearranging the characters of the plaintext.

Question 22

What is confusion?

Answer 22

Confusion is that the relationship between the plaintext and the ciphertext should be as random as possible.

Question 23

How can confusion be obtained?

Answer 23

By performing a series of substitutions, transpositions and exclusive-or (XOR) operations.

Question 24

What is knapsack?

Answer 24

This is an asymmetric cryptographic algorithm that is no longer used. It is one way, public key to encrypt and private key to decrypt. Therefore no authentication for signing.

Question 25

What certification format is PKI?

Answer 25

X.509

Question 26

What security concepts do digital signatures provide?

Answer 26

Authentication, Integrity and Non-repudiation. It does not provide confidentiality due to anyone with public key can decrypt data encrypted by private key. Original message is technically in plain-text.

Question 27

What technique can be used to break public key encryption (especially the older versions of RSA)?

Answer 27

Chosen ciphertext.

Question 28

What type of attack is fault injection?

Answer 28

Side-channel attack. Fault is injected to observe the response/behaviour of the system

Question 29

What happens in overpass the hash?

Answer 29

This is similar to pass the hash. The difference is if NTLM is disabled. This would be used instead. NTLM hashes are still stored in memory if NTLM is disabled.

Question 30

What happens in pass the ticket?

Answer 30

Attackers attempt to harvest tickets held in the lsass.exe process. Attackers inject the ticket to impersonate a user.

Question 31

What can kerberoasting attempt to find?

Answer 31

Kerberoasting can attempt to find users that don’t have Kerberos pre-authentication enabled and therefore attempt ASREProast after.

Question 32

What is the difference between Kerberoasting and Silver Ticket.

Answer 32

In silver ticket, a captured NTLM has of a service account is used to created a TGS Ticket. Kerberoasting is the capturing of these TGS tickets. These harvested TGS tickets is then cracked offline.

Question 33

What is key clustering?

Answer 33

When two different keys generate the same ciphertext from the same plaintext.

Question 34

What is known key?

Answer 34

When attacker knows something about the key and can use this knowledge to decrease the cracking time.

Question 35

What are the controls of Crime Prevention Through Environmental Design (CPTED)?

Answer 35

1. Natural access control
2. Natural Surveillance
3. Territorial Reinforcement

Question 36

What is the intention of CPTED?

Answer 36

To create behavioural changes in people in those areas to reduce crime and reduction of the fear of crime.

Question 37

What is a blackout?

Answer 37

A blackout is a prolonged loss of power.

Question 38

What is a fault?

Answer 38

A fault is a momentary loss of power.

Question 39

What is a brownout?

Answer 39

Brownout is a prolonged degradation of low voltage.

Question 40

What is a sag?

Answer 40

A sag is a momentary degradation of low voltage

Question 41

What is a surge?

Answer 41

A prolonged high voltage

Question 42

What is a spike?

Answer 42

A momentary high voltage

Question 43

What is transient?

Answer 43

Electrical noise of a short duration

Question 44

What is a inrush?

Answer 44

Initial surge of power at startup.

Question 45

What is the recommended replacement for Halon? What concentration may be breathed in?

Answer 45

FE-13. May be breathed in concentrations of up to 30%.