Domain 3 Security Architecture and Engineering

Question 1

Security Models

Answer 1

Security models form the theoretical backbone of security architecture, providing a framework for implementing security policies and defining how a system enforces these policies. Understanding various security models is essential for designing and maintaining secure systems.

Question 2

Security clearance

Answer 2

Security clearance is not a security model but a status granted to individuals, allowing them access to classified information or restricted areas within an organization.

Question 3

Reading down

Answer 3

“Reading down” means a user with a higher security clearance can read data classified at a lower level

Question 4

Writing up

Answer 4

“writing up” means a user can write data to a higher or equal security level.

Question 5

Bell-LaPadula model

Answer 5

The Bell-LaPadula model is a confidentiality-centric security model that enforces the “no read up, no write down” principles using security labels and access control rules. The model helps to ensure that sensitive information is accessible only to users with appropriate security clearance.

Question 6

Lattice-based access controls

Answer 6

Lattice-based access control (LBAC) is a security model representing user permissions and object classifications in a lattice structure. LBAC enforces the “least upper bound” and “greatest lower bound” rules to manage resource access based on user security clearances and object classifications.

Question 7

The Biba Model

Answer 7

The Biba model and the Clark-
Wilson model are examples of integrity models. The Biba model enforces the “no write up, no read down” principles.

Question 8

Clark-Wilson Model

Answer 8

The Biba model and the Clark-
Wilson model are examples of integrity models. The Clark-Wilson model enforces access controls and separation of duties to ensure data integrity.

Question 9

Chinese Wall model

Answer 9

The Chinese Wall model, the Brewer-Nash model, is designed to prevent conflicts of interest in commercial environments. This model restricts access to sensitive information based on a user’s prior access to related data. The model helps to maintain data confidentiality and prevent the misuse of insider information.

Question 10

Access control matrix

Answer 10

An access control matrix is a table that represents the relationships between subjects (users or processes) and objects (resources). Each cell in the matrix contains a subject’s permissions over an object. This model is useful for visualizing and managing access control policies but can be inefficient for large systems.

Question 11

System Security Architecture

Answer 11

System security architecture is a comprehensive approach to designing and implementing secure systems that align with industry best practices and comply with relevant standards, such as ISO 27001 and NIST frameworks. It involves strategically integrating hardware, software, and policies to protect against potential threats.

Question 12

Secure boot process

Answer 12

This ensures the system boots securely using trusted hardware and software components. It verifies the integrity of the booting process, preventing unauthorized or malicious code from executing during startup.

Question 13

Trusted computing base (TCB)

Answer 13

TCB comprises the hardware, firmware, and software components forming a system’s trusted foundation. It’s the core of the system’s security and is responsible for enforcing security policies and maintaining its integrity.

Question 14

Security perimeter

Answer 14

This is the boundary between the TCB and the rest of the system, where robust security controls should be in place. It acts as a barrier, controlling access and protecting the core components from potential threats.

Question 15

Cryptography

Answer 15

Cryptography is vital in ensuring data confidentiality, integrity, and authenticity. It’s the science of encoding and decoding information to protect it from unauthorized access.

Question 16

Symmetric cryptography

Answer 16

Symmetric cryptography uses the same key for both encryption (converting plaintext into unreadable text) and decryption (converting unreadable text back into plaintext).

Question 17

Asymmetric cryptography

Answer 17

Asymmetric cryptography, or public key cryptography, uses two different keys: a public key for encryption and a corresponding private key for decryption.

Question 18

Hash functions

Answer 18

Hash functions take an input (or “message”) and return a fixed-size string, which appears random. The same input will always produce the same output, but even a small change in the input produces a significant change in the output.

Question 19

Digital signatures

Answer 19

Digital signatures use cryptographic techniques to verify the authenticity of digital documents or messages, ensuring that the content has not been altered.

Question 20

Symmetric Encryption:
AES, DES, 3DES

Answer 20

Advanced encryption Standard (AES), known for strong security and performance.
Common Usage:
File encryption, Wi-Fi security (WPA2)

Data encryption Standard (DES), now considered less secure due to shorter key length.
Common Usage:
Legacy systems, replaced by AES

Triple DES (3DES), an enhancement of DES with increased security.
Common Usage:
Financial services, secure data transmission

Question 21

Asymmetric Encryption:
RAS, ECC

Answer 21

RAS Uses two different keys for encryption and decryption, widely used in digital signatures
Common Usage:
Secure email, SSL/TLS certificates

Elliptic curve cryptography (ECC), known for strong security with shorter key lengths
Common Usage:
Mobile devices, smart cards

Question 22

Hash Functions
SHA-256, MD5, SHA-1

Answer 22

SHA-256 is Part of the Sha-2 family, widely used for data integrity verification
Common Usage:
File integrity checks, digital signatures

Message Digest algorithm 5 (MD5), now considered less secure due to vulnerabilities
Common Usage:
Legacy systems, replaced by SHA-256

SHA-1 Predecessor to Sha-2, also considered less secure now.
Common Usage:
Legacy systems, replaced by SHA-256

Question 23

Digital Signatures (DSA)

Answer 23

Digital Signature algorithm, used to verify the authenticity of digital documents or messages.
Common Usage:
Document signing, code signing

Question 24

Network Security

Answer 24

Adequate network security involves implementing layers of protection to defend against potential threats. This multifaceted approach ensures that if one defense line fails, others are in place to thwart an attack.

Question 25

Firewalls

Answer 25

Devices that control traffic between networks based on predefined rules. They act as barriers between trusted and untrusted networks, such as an internal corporate network and the Internet.

Question 26

Intrusion detection systems (IDS) and intrusion prevention systems (IPS)

Answer 26

Monitor network traffic and detect or prevent potential attacks. IDS alerts administrators of suspicious activities, while IPS takes active measures to mitigate threats.

Question 27

Virtual Private Networks (VPNs)

Answer 27

Secure communication channels that use encryption to protect data transmitted over the Internet. VPNs allow users to send and receive data as if their devices were directly connected to a private network.

Question 28

Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Answer 28

Protocols used to secure communications between client and server systems. They encrypt the data transmitted, ensuring confidentiality and integrity.

Question 29

Network Protocols

Answer 29

Protocol => USE => Secure (Yes/No)
HTTP => Web browsing => No
HTTPS => Secure Web browsing => Yes

FTP => File transfer => No
SFTP => Secure File transfer => Yes

SNMP => Network management => No
SNMPv3 => Secure Network Management => YES

POP3 => Email retrieval => No

IMAP => Email retrieval with multiple device support => No
IMAPS => Secure email retrieval => Yes

SMTP => sending Email => No
SMTPS => Secure email sending => Yes

DNS => Domain name resolution => No
DNSSEC => Secure Domain Name Solution => Yes

Question 30

Secure System Design Concepts

Answer 30

Secure system design is a critical component of Security Architecture and Engineering. It aims to create systems that are resilient to attacks and maintain their functionality even in adverse conditions.

Question 31

Layering

Answer 31

A design principle organizes system components into separate, hierarchical layers. Each layer performs specific functions and interacts only with its adjacent layers. This approach enables better separation of concerns, limits the attack surface, and simplifies the management and maintenance of systems.

Question 32

Abstraction

Answer 32

Abstraction is a design concept that simplifies complex systems by hiding the details of lower-level components and providing a higher-level, more user-friendly interface. This approach allows developers and administrators to focus on the relevant aspects of a system while reducing complexity and potential vulnerabilities.

Question 33

Security domains

Answer 33

A security domain is a collection of resources that share a common security policy and are controlled by a single authority. Dividing systems into security domains helps enforce security policies and manage access controls more effectively. Security domains are often represented by trust boundaries, which define the level of trust between different domains and the rules governing data flow between them.

Question 34

The ring model

Answer 34

The ring model is a security architecture that organizes system components into hierarchical protection rings, each representing a different privilege level. The most privileged components, such as the operating system kernel, reside in the innermost ring (Ring 0). As the ring number increases, the level of privilege decreases. This model ensures that more sensitive components have higher levels of protection and limits the potential damage caused by security breaches.

Question 35

Open and closed systems

Answer 35

Open systems follow widely accepted standards and protocols, making it easier for components to interoperate with other systems. These systems often promote collaboration and innovation but may be more susceptible to security threats due to their transparency. On the other hand, closed systems use proprietary protocols and technologies, making it more difficult for external entities to interact with or compromise the system. While closed systems offer increased security, they can limit interoperability and hinder collaboration.

Question 36

Threat modeling

Answer 36

Threat modeling is a systematic process of identifying, prioritizing, and addressing potential threats and vulnerabilities in a system. It helps organizations proactively mitigate risks and improve the security posture of their systems.

Question 37

Least privilege

Answer 37

The principle of least privilege states that users, processes, and systems should have the minimum access rights necessary to perform their tasks. This approach limits the potential damage caused by security breaches and reduces the attack surface.

Question 38

Defense in depth

Answer 38

Defense in depth is a security strategy that employs multiple layers of protection to defend against potential threats. By implementing diverse security controls at various levels of a system, this approach ensures that even if one layer is compromised, other layers can still provide protection.

Question 39

Secure defaults

Answer 39

Secure defaults is a design principle that ensures systems are configured with secure settings by default. This approach reduces the likelihood of misconfigurations, which can lead to security vulnerabilities.

Question 40

Fail securely

Answer 40

Failing securely means that when a system encounters an error or failure, it should maintain its security posture and not expose sensitive data or resources. This approach helps to prevent data leaks and unauthorized access in case of system failures.

Question 41

Separation of duties (SoD)

Answer 41

Separation of duties is a principle that divides critical tasks among multiple individuals to prevent fraud and misuse of access privileges. By requiring more than one person to perform sensitive actions, SoD helps to ensure accountability and maintain data integrity.

Question 42

Keep it simple

Answer 42

The principle of simplicity emphasizes that systems should be designed with as little complexity as possible. Simpler systems are easier to manage, maintain, and secure, as they have fewer potential vulnerabilities and are less prone to errors.

Question 43

Zero Trust

Answer 43

Zero Trust is a security model that assumes all users, devices, and networks are untrustworthy by default. This model enforces strict access controls and continuous monitoring, requiring users to verify their identities and permissions for every access request.

Question 44

Privacy by design

Answer 44

Privacy by design is a framework that promotes the integration of privacy considerations into the design and development of systems and processes. This approach ensures that privacy is an integral part of a system’s architecture rather than an afterthought.

Question 45

Trust but verify

Answer 45

Trust but verify is a security principle emphasizing the importance of validation and verification, even when dealing with trusted entities. By continuously monitoring and verifying the actions of users and systems, organizations can detect potential security issues and maintain a strong security posture.

Question 46

Shared responsibility

Answer 46

The shared responsibility model highlights the need for collaboration between stakeholders, such as service providers and customers, to ensure system security. All parties must implement and maintain security controls and practices in this model.

Question 47

Overview of Different Computing Systems

Answer 47

A diverse range of computing systems exist, each designed to serve specific purposes and meet unique requirements. Understanding these computing systems is essential for security professionals as they design and implement secure solutions across various environments.

Question 48

Client-based systems

Answer 48

These are computing devices, such as desktops, laptops, or smartphones, that users interact with directly. They typically run end-user applications and rely on server-based systems for centralized data storage and processing.

Question 49

Server-based systems

Answer 49

Provide resources and services to client-based systems, such as file storage, application hosting, or data processing. They are often more powerful and have higher availability than client-based systems.

Question 50

Database systems

Answer 50

Database systems store, manage, and retrieve structured data. They support various data models, such as relational, NoSQL, or graph databases, and provide mechanisms for ensuring data consistency, integrity, and security.

Question 51

Cryptographic systems

Answer 51

These systems use cryptographic techniques, such as encryption, decryption, and digital signatures, to protect the confidentiality, integrity, and authenticity of data and communications.

Question 52

Industrial control systems (ICS)

Answer 52

ICS are used to monitor and control industrial processes, such as manufacturing, power generation, or water treatment. They include Supervisory Control and Data Acquisition (SCADA) systems and Distributed Control Systems (DCS).

Question 53

Cloud-based systems

Answer 53

Cloud-based systems offer computing resources and services over the Internet. Examples include Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS), which allow users to access applications, infrastructure, or development platforms on a subscription basis.

Question 54

Distributed systems

Answer 54

These systems consist of multiple computing nodes that collaborate to achieve a common goal, such as processing large datasets or providing high availability. Examples include peer-to-
peer networks, distributed databases, and blockchain systems.

Question 55

Internet of Things (IoT)

Answer 55

IoT refers to the network of interconnected devices that collect and exchange data, often using sensors and actuators. These devices can range from smart home appliances to industrial equipment and wearables.

Question 56

Microservices

Answer 56

Microservices is an architectural pattern that breaks down applications into small, loosely coupled, and independently deployable services. This approach enables greater flexibility, scalability, and resilience than monolithic architectures.

Question 57

Containerization

Answer 57

Containerization is a virtualization method that packages applications and their dependencies into lightweight, portable containers. This approach allows faster deployment, improved resource efficiency, and greater application portability.

Question 58

Serverless

Answer 58

Serverless computing is a cloud-based execution model that automatically manages and scales the underlying infrastructure, allowing developers to focus on application logic rather than server management.

Question 59

Embedded systems

Answer 59

Embedded systems are specialized computing devices designed for a specific purpose, such as automotive control systems or smart appliances. They typically have limited resources and are optimized for their specific function.

Question 60

High-performance computing (HPC) systems

Answer 60

HPC systems are designed for processing complex and resource-intensive tasks, such as simulations, data analysis, or artificial intelligence. They often use parallel processing techniques and specialized hardware for high computational performance.

Question 61

Edge computing systems

Answer 61

Edge computing is a distributed computing paradigm that brings processing capabilities closer to the data sources, reducing latency and bandwidth consumption. This approach is beneficial for IoT and real-time applications.

Question 62

Virtualized systems

Answer 62

Virtualization allows multiple virtual machines (VMs) to run on a single physical host, sharing hardware resources. This approach improves resource utilization, reduces costs, and enables greater flexibility in managing and scaling computing environments.
Chapter 5 Security architecture and engineering

Question 63

Infrastructure as a Service (IaaS)

Answer 63

Infrastructure as a Service (IaaS) provides virtualized computing resources over the Internet. For example, Amazon EC2 allows businesses to run virtual servers and scale computing power based on needs. Users are responsible for managing the OS, applications, and data, offering flexibility but requiring a robust understanding of the underlying components.

Question 64

Platform as a Service (PaaS)

Answer 64

Platform as a Service (PaaS) takes this a step further by providing a platform for developers to build applications without worrying about the underlying infrastructure. For instance, Microsoft Azure’s App Service offers a fully managed platform for building, deploying, and scaling web apps, abstracting the complexities and allowing developers to focus on creating applications.

Question 65

Software as a Service (SaaS)

Answer 65

Software as a Service (SaaS) represents the most user-
friendly model, delivering software applications over the Internet. Google Workspace, for example, provides access to productivity tools like Gmail, Docs, and Drive, all hosted and maintained by Google, making it an attractive option for end users without technical expertise.

Question 66

Public clouds

Answer 66

These are owned and operated by third-
party providers and deliver resources over the Internet. Amazon Web Services (AWS) offers a wide range of cloud services publicly, available to anyone who wants to purchase them, offering scalability and flexibility.

Question 67

Private clouds

Answer 67

These are used exclusively by one organization. A large corporation might have its private cloud to ensure control and compliance with specific regulations. This model provides more control and is suitable for organizations with stringent security requirements.

Question 68

Hybrid clouds

Answer 68

These combine public and private clouds, allowing data and applications to be shared between them. A healthcare provider might use a private cloud for sensitive patient data and a public cloud for nonsensitive administrative information, offering greater flexibility and optimization of existing infrastructure.

Question 69

Community clouds

Answer 69

These are shared by several organizations with common concerns. Several government agencies might share a community cloud to collaborate on joint projects while maintaining regulatory compliance. This collaborative approach allows multiple entities to benefit from shared resources while maintaining aligned goals and requirements.

Question 70

Cryptographic life cycle

Answer 70

The cryptographic life cycle includes the generation, distribution, usage, storage, and disposal of cryptographic keys. Proper management of the cryptographic life cycle helps ensure the security and integrity of encrypted data and communications.

Question 71

Cryptographic methods

Answer 71

Cryptographic methods include symmetric (e.g., AES), asymmetric (e.g., RSA), elliptic curve cryptography, and emerging quantum-
resistant algorithms. Each method has its strengths, weaknesses, and use cases.

Question 72

Public key infrastructure (PKI)

Answer 72

PKI is a framework that enables the secure distribution and management of digital certificates and public keys. It provides a trusted environment for establishing secure communication and verifying identities.

Question 73

Key management practices

Answer 73

Key management practices involve securely generating, distributing, storing, using, and disposing of cryptographic keys. Proper key management is essential for maintaining the security of encrypted data and preventing unauthorized access.

Question 74

Digital signatures and certificates

Answer 74

Digital signatures use public key cryptography to authenticate the sender and ensure data integrity. Digital certificates issued by a certificate authority (CA) bind a public key to an entity’s identity, enabling secure communication and identity verification.

Question 75

Non-repudiation

Answer 75

Non-repudiation ensures that a sender cannot deny having sent a message or performed an action. Cryptographic techniques, such as digital signatures, provide non-repudiation by authenticating the sender and verifying data integrity.

Question 76

Integrity (e.g., hashing)

Answer 76

Cryptographic hashing algorithms, such as SHA-256, maintain data integrity by creating a unique, fixed-size output (hash) from an input. A small change in the input data results in a significantly different hash, making it easy to detect alterations.

Question 77

Brute force

Answer 77

Brute-force attacks involve systematically attempting all possible combinations of keys or passwords until the correct one is found. These attacks can be resource-intensive but may succeed when weak encryption or passwords are used.

Question 78

Ciphertext only

Answer 78

In ciphertext-only attacks, an attacker attempts to decrypt a message using only the ciphertext without knowing the plaintext or encryption key.

Question 79

Known plaintext

Answer 79

In known plaintext attacks, the attacker possesses both the ciphertext and corresponding plaintext, which can be used to deduce the encryption key or reveal weaknesses in the encryption algorithm.

Question 80

Frequency analysis

Answer 80

Frequency analysis is a cryptanalysis technique that exploits the frequency of letters or patterns in the encrypted text to deduce the underlying plaintext or encryption key.

Question 81

Chosen ciphertext

Answer 81

In chosen ciphertext attacks, the attacker can choose ciphertexts and obtain their corresponding plaintexts, which can reveal weaknesses in the encryption scheme or deduce the encryption key.

Question 82

Implementation attacks

Answer 82

Implementation attacks: These attacks exploit weaknesses in how cryptographic algorithms or protocols are implemented in software or hardware rather than targeting the algorithms.

Question 83

Side channel

Answer 83

Side-channel attacks exploit information leaked through unintended channels, such as power consumption, electromagnetic emissions, or timing, to deduce sensitive data like encryption keys.

Question 84

Fault injection

Answer 84

Fault injection: These attacks intentionally induce errors in a system to exploit its behavior and reveal sensitive information or bypass security controls.

Question 85

Timing

Answer 85

Timing attacks exploit the time it takes for a system to perform cryptographic operations, allowing attackers to deduce sensitive information, such as encryption keys.

Question 86

Man-in-the-middle (MITM)

Answer 86

MITM attacks involve an attacker intercepting and potentially altering communications between two parties, allowing the attacker to eavesdrop or impersonate one of the parties.

Question 87

Pass the hash

Answer 87

These attacks exploit weaknesses in authentication protocols, allowing an attacker to use a stolen password hash to authenticate as a user without knowing the actual password.

Question 88

Kerberos exploitation

Answer 88

Kerberos exploitation: Exploitation attacks target the Kerberos authentication protocol, aiming to obtain or forge authentication tickets to gain unauthorized access to resources.

Question 89

Ransomware

Answer 89

Ransomware: This is a malware that encrypts a victim’s files or systems, demanding a ransom payment for the decryption key. This attack can have severe consequences like data loss or business disruption.

Question 90

Wiring closets/intermediate distribution facilities

Answer 90

Wiring closets and intermediate distribution facilities house telecommunications and networking equipment. They should be secured to prevent unauthorized access and tampering and maintain the integrity and availability of the network infrastructure.

Question 91

Server rooms/data centers

Answer 91

Server rooms and data centers house critical computing and storage resources. These facilities should be designed with strict access controls, redundancy, and environmental controls to ensure the continuous operation and security of the housed systems.

Question 92

Media storage facilities

Answer 92

Media storage facilities store sensitive data on physical media, such as tapes or hard drives. They should be secured against unauthorized access, theft, and environmental hazards like fire, water damage, or electromagnetic interference.

Question 93

Evidence storage

Answer 93

Evidence storage facilities store physical evidence related to investigations or legal proceedings. They should be designed to maintain the stored evidence’s integrity and chain of custody and protect against unauthorized access and tampering.

Question 94

Restricted and work area security

Answer 94

Restricted and work areas should have appropriate access controls, such as badge readers or biometric authentication, to ensure that only authorized personnel can access sensitive spaces and resources.

Question 95

Utilities and heating, ventilation, and air conditioning (HVAC)

Answer 95

Utilities and HVAC systems should be designed to maintain the proper environmental conditions for the equipment and personnel. This includes temperature, humidity, air quality control, and ensuring essential services like power and water availability.

Question 96

Environmental issues

Answer 96

Environmental issues, such as natural disasters, pollution, or climate change, can significantly impact the security and availability of facilities and systems. Organizations should assess and mitigate these risks through planning, design, and operational measures.

Question 97

Fire prevention, detection, and suppression

Answer 97

Fire prevention, detection, and suppression systems should be in place to minimize the risk of fire damage to facilities and equipment. This includes using fire-resistant materials, fire detection systems, and appropriate fire suppression systems, such as sprinklers or clean agent systems.

Question 98

Power (e.g., redundant, backup)

Answer 98

Power systems should be designed to ensure the continuous availability of critical systems. This includes redundant power sources, uninterruptible power supplies (UPS), and backup generators to maintain power during outages or other disruptions.

Question 99

Risk assessment and planning

Answer 99

A thorough assessment helps organizations identify potential threats and vulnerabilities in their site and facility design. This information can be used to develop a comprehensive security plan that addresses identified risks and implements appropriate security measures.

Question 100

Layered security

Answer 100

Layered security: Implementing a layered security approach ensures multiple security measures are in place to protect assets and personnel. This can include perimeter security, access controls, surveillance systems, and intrusion detection systems, which provide a robust and comprehensive security solution.

Question 101

Secure access control

Answer 101

Secure access control: Access control measures, such as card readers, biometric authentication, and security guards, should be implemented to restrict access to sensitive areas and resources. These controls help prevent unauthorized access and maintain the security of the site and facility.

Question 102

Surveillance and monitoring

Answer 102

Surveillance and monitoring: Installing surveillance systems, such as CCTV cameras and intrusion detection systems, can help monitor and detect unauthorized access, theft, or vandalism. Monitoring systems should be strategically placed to cover critical areas and entry points, providing a clear view of the facility’s premises.

Question 103

Environmental controls

Answer 103

Environmental controls, such as HVAC systems, fire detection and suppression systems, and backup power systems, should be implemented to maintain a safe and secure environment for personnel and equipment. These controls help ensure the continuous operation of critical systems and protect sensitive data from environmental hazards.

Question 104

Segregation of duties and restricted areas

Answer 104

Segregation of duties and restricted areas can help prevent unauthorized access to sensitive information or resources. By separating responsibilities and access to sensitive areas, organizations can minimize the risk of insider threats and maintain the security of their assets.

Question 105

Physical security measures

Answer 105

Implementing physical security measures, such as barriers, gates, locks, and lighting, can help deter unauthorized access and protect the site and facility from external threats. These measures should complement other security controls, providing a comprehensive security solution.