Domain 3: Security Architecture and Engineering Flashcards

Question

# Define: Android OS

Answer 1

An open-source operating system by Google for mobile devices, known for its app ecosystem and user customization, with built-in security features like app sandboxing and periodic updates. ## Footnote The Android operating system is an open-source platform developed by Google for mobile devices. While security is a component of the OS, Android is known for its wide app ecosystem, user customization, and integration with various Google services. Security features within Android include app sandboxing, Google Play Protect, and periodic security updates. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Android_(operating_system)).*

Answer 2

Programs designed to protect systems from malicious software by detecting, preventing, and removing threats like viruses and ransomware. ## Footnote Software tools designed to detect, prevent, and remove malicious software, such as viruses, worms, trojans, ransomware, and spyware. These solutions typically include real-time scanning, threat databases, and removal capabilities to protect systems from infection and help maintain security. *For more information, view this lecture on [Malware- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/18684054-malware-part-1). Or view this lecture on [Malware- Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/18684286-malware-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Antivirus_software).*

Answer 3

The delivery of diverse services over the Internet, such as SaaS, PaaS, and IaaS, offering scalable, flexible solutions to meet various needs. ## Footnote A broad term that refers to the growing trend of delivering various services and applications over the Internet rather than through on-premises installations or traditional software licensing. This can include software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS), as well as numerous other specialized offerings. By leveraging cloud-based delivery models, XaaS providers can offer scalable, flexible, and cost-effective solutions that cater to the diverse needs of businesses and end-users. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/As_a_service).*

Answer 4

Companies that deliver software services and network management to customers over the Internet, allowing access to advanced technology without significant infrastructure investment. ## Footnote These are companies that deliver software services, network management, system maintenance, or other computing services to customers over the Internet. This model allows businesses to access and use sophisticated technology without the need for substantial infrastructure investment or in-house expertise. It's crucial for ASPs/MSPs to maintain robust security measures to protect customer data and ensure the integrity of the services they provide. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Application_service_provider).*

Answer 5

The overarching design and structure of a system, detailing components and their interrelations, crucial for the organization's security infrastructure against threats. ## Footnote The overall design and structure of a system, including the components, relationships, and interfaces between them. In the context of information security, architecture refers to the design of an organization's security infrastructure and the ways in which it protects against various threats and vulnerabilities. Examples of security architecture include network architecture, application architecture, and data architecture.

Answer 6

A core component of a computer's CPU that performs arithmetic and logic operations on data, essential for the processing capabilities of the system. ## Footnote A fundamental building block of a central processing unit (CPU) in a computer system. It performs arithmetic and logical operations on the data stored in the system's registers or memory. Its functions include addition, subtraction, multiplication, and division, along with bitwise operations and comparisons. *For more information, view this lecture on [Hardware architecture- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/18591300-hardware-architecture-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Arithmetic_logic_unit).*

Answer 7

Malware designed to hinder analysis and removal by using complex obfuscation and encryption techniques, making it resistant to security efforts. ## Footnote A type of malicious software designed to make analysis, detection, and removal exceptionally difficult. The term "armored" comes from the virus's protective mechanisms that resist attempts to study or eliminate it. These mechanisms might involve complex and misleading code, encryption, or self-modifying behavior.

Answer 8

A provider that hosts and delivers software applications to clients over the internet, offering an alternative to on-premise installations and reducing IT management overhead. ## Footnote A service provider that hosts and delivers software applications over the internet, enabling clients to use software without having to install or manage it on local systems. ASPs support various business applications, offering an alternative to on-premise solutions, which can help reduce IT overhead and facilitate remote access to software functionality. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Application_service_provider).*

Answer 9

A program that translates assembly language, a low-level coding language closely linked to machine language, into executable machine code for the computer. ## Footnote A type of computer program that interprets software programs written in assembly language into machine language, code, and instructions that can be executed by a computer. The assembler enables the translation of human-readable assembly language into the computer's binary code. It is often used when direct hardware manipulation, maximum efficiency, or compact code size is required. *For more information, view this lecture on [Programming Concepts - Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19182075-programming-concepts-part-1). Or view this lecture on [Network and Software forensics](https://courses.thorteaches.com/courses/take/cissp/lessons/19180221-network-and-software-forensics). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Assembly_language#Assembler).*

Answer 10

An encryption algorithm using two separate keys, a public key for encryption and a private key for decryption, enabling secure data exchange. ## Footnote An encryption algorithm where two separate keys are used, one for encryption (the public key) and another for decryption (the private key). It's distinct from symmetric ciphers, which use the same key for both encryption and decryption. Asymmetric ciphers, such as RSA, are fundamental for secure data exchange over the Internet. *For more information, view this lecture on [Asymmetric encryption- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19149672-asymmetric-encryption-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Public-key_cryptography).*

Answer 11

A method where keys come in pairs, with one key encrypting data and the other key, known as the private key, decrypting it, allowing secure communications between parties without pre-shared keys. ## Footnote Asymmetric encryption, also known as public-key cryptography, is a form of encryption where keys come in pairs. What one key encrypts, only the other can decrypt. This method enables secure, encrypted communication between parties who have not previously exchanged encryption keys, thus providing a solution to what is known as the key distribution problem. It's widely used in many types of data exchange and digital signatures. *For more information, view this lecture on [Asymmetric encryption- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19149672-asymmetric-encryption-part-1). Or view this lecture on [The encryption we use today](https://courses.thorteaches.com/courses/take/cissp/lessons/19215118-the-encryption-we-use-today). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Public-key_cryptography).*

Answer 12

A pair of keys in asymmetric encryption, comprising a public key for encryption and a private key for decryption, used for secure communications. ## Footnote A pair of keys used in asymmetric encryption. This pair consists of a public key, which may be freely distributed and used for encryption, and a private key, kept secret and used for decryption. The uniqueness of this approach is that data encrypted with one key can only be decrypted by its counterpart, providing a powerful tool for secure communications. *For more information, view this lecture on [Asymmetric encryption- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19149672-asymmetric-encryption-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Public-key_cryptography#Key_generation).*

Answer 13

A system where processors are assigned specific tasks, leading to an unequal workload distribution, often requiring additional security considerations. ## Footnote A type of multiprocessing system where each processor is assigned specific tasks or applications, leading to an unequal distribution of the computational workload. This contrast with symmetric multiprocessing systems, where each processor performs any task in the workload, often requires a thoughtful approach to security due to the distinct roles of each processor. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Multiprocessing#Asymmetric_multiprocessing).*

Answer 14

Generating authentication tokens without real-time communication with the server, useful for multifactor authentication in connectivity-limited scenarios. ## Footnote A method used in security systems to generate a token, such as a one-time password (OTP), without requiring real-time communication between the token generator and the authentication server. This allows the token to be used as an effective form of multifactor authentication, even in scenarios where immediate connectivity is unavailable.

Answer 15

A digital signature technology by Microsoft to verify software authenticity and integrity, ensuring it's from a legitimate source and untampered. ## Footnote A digital signature technology used to verify the authenticity and integrity of software. It uses a certificate issued by a trusted third-party to ensure that the software has not been tampered with and comes from a legitimate source. For example, when downloading a software update, Authenticode may be used to verify that the update is safe and comes from the official software developer. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Code_signing#Implementations).*

Answer 16

The property of cryptographic algorithms where a minor input change drastically alters the output, enhancing encryption security by impeding prediction. ## Footnote In cryptography, it refers to a desirable property of cryptographic algorithms, where a small change in input leads to a significant and unpredictable change in the output. This effect is essential for the security of encryption schemes; it ensures that the ciphertext is radically different, even with minor alterations to the plaintext, which makes cryptanalysis more difficult. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Avalanche_effect).*

Answer 17

A physical or digital identifier for verifying individual identity or device authorization, commonly used in access control systems for secure entry or data access. ## Footnote A physical or digital identifier that is used to verify the identity of an individual or the authorization of a device. It is commonly used in the context of access control to ensure that only authorized individuals or devices can enter a secured area or access sensitive information. Examples of badges include a security card, a key fob, or a digital certificate. *For more information, view this lecture on [Physical security- Part 4](https://courses.thorteaches.com/courses/take/cissp/lessons/19632100-physical-security-part-4). Or view this lecture on [Physical security- Part 6](https://courses.thorteaches.com/courses/take/cissp/lessons/19709740-physical-security-part-6). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Badge).*

Answer 18

A security device that monitors doors and windows, triggering alerts when the magnetic circuit is disrupted by openings, integrated into broader security systems. ## Footnote A security device used to monitor the opening and closing of doors and windows. It consists of a magnet and a sensor that form a circuit, which, when disturbed (for example, by a door opening), triggers an alert. BMS systems are commonly integrated into broader security systems to detect unauthorized entries.

Answer 19

Special-purpose registers in computer architecture that hold the starting address of a memory segment, crucial for memory management and preventing unauthorized access. ## Footnote In computer architecture, Base Registers are special-purpose registers that hold the starting address of a memory segment. They play a critical role in memory management and protection, ensuring that memory accesses are within the permitted address space, thereby preventing unauthorized access or modification of data. Incorrect configuration of base registers can lead to security vulnerabilities, potentially allowing for privilege escalation, buffer overflows, or other forms of exploitation.

Answer 20

A reference point or standard for measuring the system or process performance or status, used in IT to assess configurations, performance, and security postures for comparison and improvement identification. ## Footnote A reference point or standard against which the performance or status of a system or process can be measured. It is commonly used in project management, quality control, and performance monitoring to establish a baseline for comparison and to identify deviations or improvements. Examples of baselines in IT include the baseline configuration of a server or network device, the baseline performance of a system or application, and the baseline security posture of an organization. *For more information, view this lecture on [Information Security Governance: Policies, Procedures, Guideline, and Frameworks](https://courses.thorteaches.com/courses/take/cissp/lessons/18588064-information-security-governance-policies-procedures-guideline-and-frameworks). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Baseline_(configuration_management)).*

Answer 21

The documented current state of an organization's technological framework, detailing the interactions between technology, processes, and people. ## Footnote The current state of an architectural framework within an organization, including the interplay of technology, processes, and people. It provides a comprehensive view of how different components of a system interact, from hardware to applications to data flows. This architecture serves as the reference point for planning future changes, identifying gaps, or analyzing potential impacts of modifications. Its understanding is crucial in maintaining system stability and security, ensuring changes don't introduce new vulnerabilities or disrupt existing safeguards. *For more information, visit this [Wikipedia page](https://en.wikipedia.org/wiki/Systems_architecture).*

Answer 22

A formal access control model for government and military applications focusing on confidentiality and preventing unauthorized access to classified information. ## Footnote A formal model designed for the enforcement of access control in government and military applications. It focuses primarily on maintaining the confidentiality of information and preventing unauthorized users from accessing classified data. The model is known for two significant rules - the "no read up, no write down" (also called the "simple security property" and "*-property"), which restricts the flow of information to protect against data leakage and unauthorized access. *For more information, view this lecture on [Security models and concepts - Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/47772487-security-models-and-concepts-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Bell%E2%80%93LaPadula_model).*

Answer 23

A formal security model emphasizing data integrity in computer systems, employing a lattice-based control to prevent lower integrity information from contaminating higher levels. ## Footnote A formal security model focused on maintaining data integrity within computer security systems. It employs a lattice-based access control to enforce integrity levels. The model prevents information from lower integrity levels from contaminating higher ones. No Read Up (No Read-Up) - Subjects can't read data at a higher integrity level (write-up is allowed). No, Write Down (No Write-Down) - Subjects can't write data to a lower integrity level (read-down is allowed). *For more information, view this lecture on [Security models and concepts - Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/47772487-security-models-and-concepts-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Biba_Model).*

Answer 24

Extremely large data sets that require advanced processing approaches, characterized by high volume, velocity, and variety, and used for complex analytics applications. ## Footnote Large and complex data sets that traditional data processing applications cannot handle effectively. Big Data often involves the three Vs. Volume (large amounts of data), Velocity (quickly generated or processed), and Variety (different types of data). It's used for advanced analytics and other data-driven applications. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Big_data).*

Answer 25

A base-2 number system using only 0 and 1 to express values, extensively utilized in digital computing and logic for straightforward implementation with electronic circuits. ## Footnote This pertains to a base-2 number system, which uses only two digits, 0 and 1, to represent all its values. This system is used extensively in digital computers and digital logic because it's straightforward to implement with digital electronic circuitry. As every piece of data or instruction in a computer is represented in binary, understanding and protecting binary data is critical to overall system security. *For more information, view this lecture on [Introduction to Cryptography- Part 2.](https://courses.thorteaches.com/courses/take/cissp/lessons/19121903-introduction-to-cryptography-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Binary_number).*

Answer 26

A representation system using only two digits, 0 and 1, to encode numbers, letters, and symbols, pivotal in computer science for data transmission and program instruction. ## Footnote A system of representing numbers, letters, and other symbols using only two digits, 0 and 1. This concept is used in computer science to encode and transmit data, as well as to write instructions for computer programs. For example, a binary code for the letter "A" might be 01000001. *For more information, view this lecture on [Introduction to Cryptography- Part 2.](https://courses.thorteaches.com/courses/take/cissp/lessons/19121903-introduction-to-cryptography-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Binary_code).*

Answer 27

Low-level software controlling computer hardware and enabling boot-up and basic functions, providing an interface for hardware configuration and system start-up. ## Footnote A low-level software that controls the hardware of a computer and enables it to boot up and perform basic functions. This concept is used in computers to provide a user-friendly interface for accessing and configuring hardware settings, as well as to boot up the operating system. For example, a BIOS might allow a user to change the boot order of devices, or to enable or disable specific hardware components. *For more information, view this lecture on [Hardware architecture- Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/45831595-hardware-architecture-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/BIOS).*

Answer 28

A cryptographic attack exploiting probability theory to find hash function collisions, where different inputs produce the same output, potentially compromising cryptographic systems. ## Footnote A type of cryptographic attack that exploits the mathematics behind the birthday problem in probability theory. It takes advantage of the fact that in a set of randomly chosen people, there's a high probability that two of them will share the same birthday. Similarly, in cryptography, the attack uses this principle to find collisions in hash functions, which occur when two different inputs produce the same hash output. This can compromise cryptographic systems that rely on the uniqueness of hash values. The attacker generates multiple variants of input data and computes their hash values until a collision is found. This is significantly faster than a brute force search for two inputs with the same hash value due to the birthday paradox's counterintuitive probability curves. It's particularly a concern for digital signatures and data integrity checks that rely on hashing algorithms. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Birthday_attack).*

Answer 29

Bloatware refers to pre-installed or unnecessary software that occupies system resources, often slowing performance and cluttering devices without offering clear benefits. ## Footnote Commonly found on new computers or smartphones, bloatware may include trial apps, vendor utilities, or intrusive toolbars. Users typically experience reduced storage space and more background processes hogging CPU and memory. Removing or disabling these programs can enhance speed and battery life, but it requires careful steps to avoid breaking essential functions. Overall, limiting bloatware improves user experience and device efficiency. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Bloatware).*

Answer 30

An encryption method dividing text into blocks for independent encryption using a symmetric key, critical for securing data in protocols and applications like AES. ## Footnote A method of encrypting text where it is divided into blocks, each of which is then encrypted. The encryption of each block happens independently using a symmetric key, meaning the same key is used for both encryption and decryption. The size of the block and the key determines the type of block cipher, such as AES (Advanced Encryption Standard), which is widely used and considered highly secure. The utility of block ciphers in securing data in transit or at rest makes them a critical component in various protocols and applications. *For more information, view this lecture on [Symmetric encryption- Part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19149624-symmetric-encryption-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Block_cipher).*

Answer 31

A symmetric-key block cipher designed for general-purpose use with variable-length keys, renowned for speed, simplicity, and despite age, still widely utilized. ## Footnote A symmetric-key block cipher invented by Bruce Schneier in 1993. Designed as a general-purpose algorithm, it uses variable-length keys, making it ideal for both domestic and exportable use. Despite its age, Blowfish remains widely utilized due to its speed, simplicity, and security. However, its successor, Twofish, offers enhancements such as larger block sizes and additional security features. *For more information, view this lecture on [Symmetric encryption- Part 2.](https://courses.thorteaches.com/courses/take/cissp/lessons/19215140-symmetric-encryption-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Blowfish_(cipher)).*

Answer 32

A storage device area with code loaded during system boot-up, containing instructions for OS loading and startup processes, often targeted by malware. ## Footnote A region of a storage device containing machine code to be loaded into RAM by a computer system's built-in firmware during the boot-up process. It typically includes a small program that tells the computer how to load the operating system and start the initial processes. The boot sector is a critical component in system startup and is often targeted by malware to control the boot process. *For more information, view this lecture on [Hardware architecture- Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/45831595-hardware-architecture-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Boot_sector).*

Answer 33

A performance limitation that restricts system efficiency or throughput. ## Footnote A bottleneck occurs when one component in a system limits the overall performance, causing delays or reduced throughput. Identifying and alleviating bottlenecks is crucial in optimizing resource allocation, balancing workload, and improving the efficiency and speed of computing systems or processes. *For more information, view this lecture on [Virtualization, Cloud, and Distributed Computing - Part 5](https://courses.thorteaches.com/courses/take/cissp/lessons/29450175-virtualization-cloud-and-distributed-computing-part-5). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Bottleneck_(network)).*

Answer 34

Verifying that operational data falls within expected parameters to prevent errors and security vulnerabilities such as buffer overflow attacks. ## Footnote The practice of verifying that the data being operated on falls within the expected parameters or 'bounds.' For instance, in a data array, it would mean ensuring an index does not exceed the size of the array. This prevents errors, crashes, and security vulnerabilities like buffer overflow attacks, where an attacker can exploit an out-of-bounds write to inject malicious code or manipulate the system's operation. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Bounds_checking).*

Answer 35

A security model that prevents conflicts of interest by limiting access to sensitive data based on a user's access history, commonly applied in industries managing confidential information. ## Footnote Also known as the "Cinderella" or "Chinese Wall" model, Brewer–Nash is a security model designed to prevent conflicts of interest by limiting access to sensitive information. This model ensures that once a user has accessed specific sensitive data, they are prevented from accessing other related information that could lead to a conflict of interest or unethical action. It's dynamically based on the user's data access history and is especially applicable in industries where proprietary or confidential information must be strictly controlled, such as finance or law. *For more information, view this lecture on [Security models and concepts- Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/18591282-security-models-and-concepts-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Brewer_and_Nash_model).*

Answer 36

The occurrence of a device becoming inoperable, often due to firmware or software issues, which may be accidental or result from a malicious attack, highlighting the need for secure update processes. ## Footnote An event or action that renders a device unusable, often as a result of a firmware update or software alteration gone wrong. In this state, the device is as useful as a 'brick.' This term can also refer to a deliberate act of sabotage or a potential outcome of a severe malware attack. It emphasizes the importance of proper update procedures, reliable software sourcing, and robust security measures to protect against such threats. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Brick_(electronics)).*

Answer 37

A method of decoding encrypted data by trying every possible password or key, effective against weak security but time-consuming and resource-intensive. ## Footnote A trial-and-error method used to decode encrypted data by systematically trying every possible combination of passwords or keys until the correct one is found. It is time-consuming and computationally intensive. This is achieved by systematically checking all possible keys or passwords until the correct one is found. Although this method can be time-consuming and resource-intensive, it can also be effective if the password is weak or the system lacks sufficient security measures to detect and prevent such attempts. *For more information, view this lecture on [Attacks on our cryptography- Part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19149711-attacks-on-our-cryptography-part-1). Type 1 authentication - "Something you know" or "Knowledge factors" [here](https://courses.thorteaches.com/courses/take/cissp/lessons/19178829-type-1-authentication-something-you-know-or-knowledge-factors). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Brute-force_attack).*

Answer 38

The process of encrypting large data quantities, usually during transit, to safeguard against unauthorized access or tampering, with security and performance influenced by encryption methods and keys. ## Footnote The process of encrypting large amounts of data, often during transit, to protect it from unauthorized access or tampering. This type of encryption can be applied at various levels, such as the file system, disk, or network level, and is often employed in secure data storage or transmission systems. The choice of encryption algorithm, key length, and encryption mode can significantly impact the security level and performance of the bulk encryption process.

Answer 39

Mechanisms in security models that allow for selectively skipping security checks under certain conditions, used in high-performance systems where some checks are deemed unnecessary. ## Footnote In certain security models, BLP refers to mechanisms that allow for selectively skipping security checks under predefined conditions, often to balance security with system performance. It is typically used in high-performance systems where certain types of data or operations are deemed low-risk, and the overhead of constant checks is unwarranted. Due to the risks inherent in not performing standard security checks, BLP should only be used when appropriate compensating controls are in place.

Answer 40

A physical security tool designed to prevent the theft of devices by tethering them to an immovable object, serving as a deterrent against opportunistic theft. ## Footnote A physical security tool designed to prevent theft of devices. Typically, it is a cable that is securely attached to an immovable object at one end and a device (like a laptop) at the other end. While not a direct deterrent for advanced attacks, cable locks can help prevent opportunistic theft and tampering, enhancing the overall security posture of an environment. *For more information, view this lecture on [Physical security- Part 3.](https://courses.thorteaches.com/courses/take/cissp/lessons/19632079-physical-security-part-3). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Bicycle_lock#Cable_locks).*

Answer 41

A side-channel attack exploiting the timing information of system cache accesses to gain insights into the data and operations processed, such as cryptographic keys. ## Footnote A side-channel attack that exploits the timing information of a system's cache to gain insights into the data and operations processed by the system. Attackers measure the time it takes to perform certain operations to make inferences about the data, such as cryptographic keys, in the cache. These attacks are sophisticated and rely on understanding the timing discrepancies caused by cache hits and misses. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cache_timing_attack).*

Answer 42

A substitution cipher encoding messages by shifting each letter a fixed number of places in the alphabet, simple and easily breakable but sometimes used for basic encryption. ## Footnote A type of substitution cipher that is used to encode messages by shifting each letter in the original message by a fixed number of places in the alphabet. It is a simple and easily breakable cipher but is still sometimes used as a basic form of encryption for simple communication or as a starting point for more complex ciphers. For example, the message "Hello" with a shift of 3 would be encoded as "Khoor". *For more information, view this lecture on [The history of Cryptography - Part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19149612-the-history-of-cryptography-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Caesar_cipher).*

Answer 43

Named after developers, CAST encryption algorithms secure data transmission or storage, ensuring confidentiality and preventing unauthorized access. ## Footnote A series of symmetric encryption algorithms, including CAST-128 and CAST-256. Named after their developers, Carlisle Adams and Stafford Tavares, these algorithms are used to secure data during transmission or storage, ensuring confidentiality and preventing unauthorized access. CAST-128 is commonly used in various encryption protocols, including Secure Shell (SSH) and OpenVPN. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/CAST-128).*

Answer 44

A cryptographic technique providing data origin authentication and integrity, dividing input data into blocks, encrypting, and chaining them to generate a MAC. ## Footnote A cryptographic technique that provides data origin authentication and data integrity for block ciphers. In this method, input data is divided into fixed-size blocks, which are then encrypted and combined sequentially using a chaining mechanism. The final encrypted block serves as the MAC (Message Authentication Code) that can be verified by the recipient to ensure the message has not been tampered with or altered during transmission. As an essential component of secure communication protocols, CBC-MAC protects sensitive information from unauthorized access, manipulation, or impersonation attacks. *For more information, view this lecture on [MAC, HMAC, SSL, and TLS.](https://courses.thorteaches.com/courses/take/cissp/lessons/19149773-mac-hmac-ssl-and-tls). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/CBC-MAC).*

Answer 45

An encryption method securing individual cells within a database table, allowing fine-grained control over access to sensitive data. ## Footnote A database encryption method that encrypts individual cells, or fields, within a database table, allowing for fine-grained control over access to sensitive data. Each cell can be encrypted with a unique key, which prevents unauthorized users from reading the data while still allowing the database to perform complex queries, as the database structure remains accessible.

Answer 46

The primary component executing most of the processing in a computer, performing arithmetic, logic, control, and I/O operations defined by program instructions. ## Footnote The primary component of a computer that performs most of the processing inside a computer. Known as the "brain" of the computer, it executes instructions from programs, performing basic arithmetic, logic, controlling, and input/output (I/O) operations specified by the instructions. The CPU's performance is a key determinant of the computer's overall system speed. *For more information, view this lecture on [Hardware architecture- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/18591300-hardware-architecture-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Central_processing_unit).*

Answer 47

A system managing data in a single location, commonly used to maintain control over data access and management, such as for managing employee records. ## Footnote A system in which data is collected and processed in a single location or server. It is commonly used in organizations to manage and control access to data. For example, a company may use centralized data processing to manage employee records and financial data.

Answer 48

A request sent to a certificate authority to obtain a digital certificate, used to authenticate an entity's identity in PKI. ## Footnote A request for a certificate authority (CA) to issue a digital certificate for a specific entity or purpose. It is used in public key infrastructure (PKI) to authenticate the identity of a person or organization and establish trust for secure communication and transactions. Examples of CSRs include requesting an SSL/TLS certificate for a website or an email signing certificate for an individual. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Certificate_signing_request).*

Answer 49

A digit added to a number sequence that is calculated from the other digits, used to detect data entry errors and ensure the integrity of the data. ## Footnote A form of redundancy check used for error detection on identification numbers (e.g., bank account numbers, credit card numbers). It is a digit added to a string of numbers and is calculated from the other digits in the string. The presence of this additional digit helps in identifying incorrect input of the number sequence, thereby aiding in the prevention of data entry errors and enhancing the integrity of data. *For more information, view this lecture on [Hashing- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19149697-hashing-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Check_digit).*

Answer 50

An error detection mechanism that uses a check digit, calculated from the other digits in a string, to ensure data integrity during transmission or entry. ## Footnote A form of error detection mechanism that ensures the integrity of data during transmission or entry. It involves using a formula to calculate a check digit from the other digits in a string and then comparing that check digit to the one included with the string. If the calculated check digit matches the included one, the data is assumed to be correct; if not, an error is assumed, prompting a recheck or rejection of the data. This mechanism helps maintain data accuracy and can serve as a first line of defense against certain types of data corruption or fraudulent activity. *For more information, view this lecture on [Hashing- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19149697-hashing-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Check_digit).*

Answer 51

A data verification method to detect errors after transmission or storage, similar to a check digit but applied to strings of characters. ## Footnote A form of data verification that's used to detect errors after data transmission or storage. It is similar to a check digit but applies to a word or string of characters rather than just a number. By calculating a check word from a data string and comparing it to a stored or transmitted check word, it is possible to identify errors such as corruption or tampering. Maintaining the integrity of data is a key component of information security, making check words a useful tool in error detection and prevention.

Answer 52

A calculated value to verify data integrity, used to ensure data is unchanged and uncorrupted after transfer or retrieval. ## Footnote A calculated value that is used to determine the integrity of data. This value is computed from the binary sequence of a digital file or message, creating a unique signature of sorts. When the data is transferred or retrieved, the checksum is recalculated and compared with the original. If the values match, the data is considered intact; if they don't, it indicates that the data has been corrupted or tampered with during transmission or storage. *For more information, view this lecture on [Hashing- Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/19314170-hashing-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Checksum).*

Answer 53

An attack where the adversary can manipulate the ciphertext and tries to derive the corresponding plaintext or encryption key. ## Footnote In a chosen-ciphertext attack, the attacker has access to a ciphertext (encrypted message) and is able to manipulate it in some way to try and derive the plaintext (original message). For example, the attacker may try to modify the ciphertext and see how the resulting decryption changes in order to learn more about the encryption algorithm and key being used. *For more information, view this lecture on [Attacks on our cryptography- Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/19423030-attacks-on-our-cryptography-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Chosen-ciphertext_attack).*

Answer 54

An attack allowing the adversary to encrypt plaintexts of their choice, aiming to learn the encryption algorithm and key. ## Footnote In a chosen-plaintext attack, the attacker has access to a plaintext (original message) and is able to encrypt it using the same algorithm and key that the target uses. By comparing the resulting ciphertext to the ciphertext of other known messages, the attacker may be able to determine the encryption algorithm and key being used. *For more information, view this lecture on [Attacks on our cryptography- Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/19423030-attacks-on-our-cryptography-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Chosen-plaintext_attack).*

Answer 55

A cryptographic algorithm for encryption and decryption, involving a series of well-defined steps based on a key. ## Footnote An algorithm used for performing encryption or decryption—a series of well-defined steps that can be followed to transform an input (plaintext) into an output (ciphertext) or vice versa. Ciphers are fundamental to modern cryptography and operate based on a piece of auxiliary information known as a key. The key determines the particular transformation of plaintext into ciphertext, or vice versa, during encryption and decryption. *For more information, view this lecture on [Introduction to Cryptography- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19121869-introduction-to-cryptography-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cipher).*

Answer 56

A block cipher operation where each plaintext block is XORed with the previous ciphertext block before encryption. ## Footnote A mode of operation for block ciphers where each block of plaintext is XORed with the previous ciphertext block before being encrypted. This method ensures that identical plaintext blocks will encrypt to different ciphertext blocks, enhancing security. It uses an initialization vector (IV) for the first block to ensure randomness. *For more information, view this lecture on [Symmetric encryption- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19149624-symmetric-encryption-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#CBC).*

Answer 57

A tool used for encrypting messages via rotational substitution of alphabets. ## Footnote A cipher disk is a manual encryption device comprising two concentric disks with arranged alphabets. By rotating the disks, users create different substitution patterns to encode and decode messages, providing a tangible introduction to substitution ciphers and early encryption techniques used before the digital era. *For more information, view this lecture on [The history of Cryptography - Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19149612-the-history-of-cryptography-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cipher_disk).*

Answer 58

A mode that converts a block cipher into a self-synchronizing stream cipher, encrypting previous ciphertext blocks and XORing with plaintext. ## Footnote A mode of operation for block cipher systems that effectively converts a block cipher into a self-synchronizing stream cipher. In CFB mode, the previous ciphertext block is encrypted, and the output is XORed with the current plaintext block to get the current ciphertext block. As with CBC mode, the chaining mechanism causes the output to be highly sensitive to changes in the input, increasing security by masking patterns in the plaintext. *For more information, view this lecture on [Symmetric encryption- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19149624-symmetric-encryption-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#CFB).*

Answer 59

A set of algorithms defining the cryptographic functions for secure network connections like key exchange and encryption. ## Footnote A set of algorithms that work together to secure network connections. It defines the way that a system will implement cryptographic functions such as key exchange, bulk encryption, and message authentication. When two devices communicate, they agree on a cipher suite to use for the session, ensuring that both parties have the necessary mechanisms to establish a secure communication channel. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cipher_suite).*

Answer 60

The unreadable output of the encryption process, designed to be meaningless unless decrypted with the correct key. ## Footnote The output of the encryption process. It is the scrambled, unreadable version of an original plaintext message that has been encrypted using a cipher. Ciphertext is designed to be meaningless and confusing, so it is unreadable and incomprehensible to anyone who intercepts it without the correct decryption key. *For more information, view this lecture on [Introduction to Cryptography- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/19121869-introduction-to-cryptography-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Ciphertext).*

Answer 61

An attack where the adversary only has access to ciphertext and tries to deduce the plaintext or key. ## Footnote A type of attack where an attacker only has access to the ciphertext of a message or data and not the plaintext or the key used to encrypt it. This type of attack is often used to test the security of a cipher algorithm or to try to break the encryption. Examples include using statistical analysis to try to determine the key used to encrypt a message or using a brute-force attack to try all possible keys. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Ciphertext-only_attack).*

Answer 62

A security model enforcing transaction-based integrity, requiring users to execute authorized transactions and making them auditable. ## Footnote A security model focused on maintaining data integrity by enforcing a transaction-based approach. It ensures that users can only execute transactions for which they are authorized, and each transaction must maintain the system's integrity by transforming data from one consistent state to another. The model also requires auditing of these transactions to provide accountability. *For more information, view this lecture on [Security models and concepts- Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/18591282-security-models-and-concepts-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Clark%E2%80%93Wilson_model).*

Answer 63

Power generated from renewable resources with minimal environmental impact. ## Footnote Clean electricity refers to energy produced using renewable sources such as solar, wind, or hydroelectric power, which generate minimal pollution compared to fossil fuels. This type of power supports environmental sustainability and reduces carbon emissions. Its adoption is critical for combating climate change, promoting public health, and ensuring a resilient energy infrastructure for the future. *For more information, view this lecture on [Electricity](https://courses.thorteaches.com/courses/take/cissp/lessons/19149858-electricity).*

Answer 64

A data encryption strategy where keys are created and managed by the client, granting them control over their data's encryption and decryption. ## Footnote A strategy in data encryption where the encryption keys are generated and controlled by the client rather than the server. This approach gives the client exclusive control over the encryption and decryption of their data, adding an extra layer of security as even the service provider does not have access to the encryption keys. This model is common in zero-knowledge systems and enhances the privacy and security of the encrypted data. *For more information, view this lecture on [Digital signatures](https://courses.thorteaches.com/courses/take/cissp/lessons/19149728-digital-signatures).*

Answer 65

A government-designed encryption device with built-in backdoors for law enforcement. ## Footnote The Clipper Chip was an encryption device developed in the early 1990s that featured a government-accessible backdoor for decryption. Designed to balance privacy with national security, it allowed authorized agencies to access communications if necessary. However, the inherent trade-off between security and privacy sparked significant controversy, leading to widespread opposition and the eventual abandonment of the technology. *For more information, view this lecture on [The encryption we use today](https://courses.thorteaches.com/courses/take/cissp/lessons/19215118-the-encryption-we-use-today). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Clipper_chip).*

Answer 66

A setting where an organization has total control and can ensure unauthorized users cannot gain access to the system or network. ## Footnote A state where an entity has full control over the system or network and can ensure that unauthorized users cannot gain access. Typically, this involves rigorous access controls, stringent security policies, and practices such as keeping all hardware physically secure. In such environments, the system's operation or the data within it is deemed so critical that an extra layer of protection is required to prevent unauthorized access or compromise.

Answer 67

A proprietary system with restricted access to data and operations, as opposed to an open system, which is modifiable and interoperable. ## Footnote In computing, a closed system refers to a software or hardware system that is proprietary and restricts access to its data and operations from outside sources. It operates under strict control, often with no interoperability with other systems, and users cannot modify it freely. This is opposed to an open system, which is designed to be interoperable and modifiable. In thermodynamics, a closed system can exchange energy but not matter with its surroundings. *For more information, view this lecture on [Secure system design concepts](https://courses.thorteaches.com/courses/take/cissp/lessons/18591293-secure-system-design-concepts). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Closed_system).*

Answer 68

The use of cameras to transmit to a set of monitors for security, used to deter crime, monitor safety, and gather evidence, with privacy implications. ## Footnote The use of video cameras (Closed-Circuit Television) to transmit a signal to a specific, limited set of monitors for security and monitoring purposes. It's commonly employed in public areas, businesses, and private properties to deter crime, monitor traffic, ensure public safety, and gather evidence for legal purposes. Advanced systems may include features like motion detection, night vision, and remote access. The widespread use of CCTV has implications for privacy and civil liberties, which are addressed by various regulations and laws. *For more information, view this lecture on [Physical security- Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/19149796-physical-security-part-2).*

Answer 69

A cloud-based solution for data backup and recovery, where data is stored on remote servers to protect against hardware failures and other disasters. ## Footnote A data backup and recovery solution that involves storing data on a remote, cloud-based server. It is used to ensure that data is protected against loss due to hardware failure, natural disasters, or other unforeseen events. Examples include using a cloud-based storage service like Google Drive or Dropbox to store data or using a specialized cloud backup service like Carbonite or Mozy to store data. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cloud_backup).*

Answer 70

Third-party intermediaries between cloud service providers and consumers, assisting in service selection and offering additional services like contract management. ## Footnote Third-party entities that serve as intermediaries between cloud service providers and consumers. They simplify the purchasing process and assist customers in selecting services that best meet their needs. Furthermore, cloud brokers can provide value-added services such as managing contracts, handling service issues, and ensuring that performance and security requirements are met. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cloud_broker).*

Answer 71

A strategy to handle workload spikes by dynamically using public cloud resources when private cloud capacity is exceeded, allowing for efficient resource management. ## Footnote A strategy used to manage spikes in workload by dynamically allocating additional resources from a public cloud when the capacity of a private cloud is exceeded. This process can happen automatically and is seamless to the end-user. Cloud bursting provides a cost-effective solution to manage workload fluctuations without over-provisioning resources. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cloud_computing#Hybrid).*

Answer 72

A distributed storage architecture in cloud environments that combines resources from multiple servers for high availability and scalability. ## Footnote A distributed storage system that pools together resources from multiple cloud servers, ensuring high availability and scalability. Cloud clustered storage provides redundancy and fault tolerance for managing and storing large volumes of data across a cloud environment.

Answer 73

Data center services where privately owned servers and networking equipment are housed and provided with power, bandwidth, and cooling, while clients maintain control. ## Footnote A co-located cloud environment refers to the practice of housing privately owned servers and networking equipment in a third-party data center instead of keeping it on-premises. The data center provides the power, bandwidth, IP address, and cooling systems that the server requires to function optimally, while the client retains full control and responsibility over its own equipment. This model combines the benefits of private infrastructure with the convenience and scalability of a cloud-like environment. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cloud_computing#Hybrid).*

Answer 74

A model offering on-demand access to shared resources like servers, storage, and services over the internet, enabling scalable and flexible technology use. ## Footnote A computational model that enables on-demand access to shared resources, such as servers, storage, applications, and services, over the Internet. This model allows businesses and individuals to access technology services without the need for substantial infrastructure investment or ongoing maintenance, enhancing operational agility and scalability. *For more information, view this lecture on [Virtualization, Cloud, and Distributed Computing - Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/18591376-virtualization-cloud-and-distributed-computing-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cloud_computing).*

Answer 75

Defined roles in cloud computing including service providers, consumers, and sometimes brokers, each with their own responsibilities in data management and security. ## Footnote In cloud computing, various roles and responsibilities are defined to ensure smooth operations and clear governance. Key roles typically include the cloud service provider (offering the cloud service), the cloud consumer (using the services), and sometimes a cloud broker (facilitating the relationship between the other two). Each role has specific responsibilities tied to data management, service provision, security, and compliance. *For more information, view this lecture on [Virtualization, Cloud, and Distributed Computing - Part 3](https://courses.thorteaches.com/courses/take/cissp/lessons/18591378-virtualization-cloud-and-distributed-computing-part-3).*

Answer 76

Packages including all necessary components to run software across different computing environments, ensuring consistency and efficiency. ## Footnote Lightweight, stand-alone, executable packages that include everything needed to run a piece of software, including the code, a runtime, libraries, environment variables, and config files. They isolate software from its environment to ensure that it works uniformly despite differences, for instance, between staging and production. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cloud-native_computing).*

Answer 77

Methods used to identify, classify, and manage cloud data based on its content, aiding compliance and enforcing security policies. ## Footnote Refers to methods employed to identify, classify, and control data residing within cloud environments based on the content contained within those files. This is crucial for the identification and protection of sensitive data, aiding in adherence to compliance requirements and enforcing data security policies.

Answer 78

A framework by the Cloud Security Alliance providing best practices for security controls in cloud environments, aiding in risk reduction and compliance. ## Footnote A comprehensive framework designed by the Cloud Security Alliance to ensure the necessary security controls in cloud environments are in place and to streamline due diligence processes. CCM covers multiple areas, including compliance, data governance, facility security, human resources, information security, legal issues, operations management, risk management, release management, resilience, and security architecture. It offers organizations a clear roadmap for implementing security controls and reducing risk when leveraging cloud-based resources.

Answer 79

The degree of interdependence between cloud services and applications, affecting their scalability and resilience. ## Footnote The degree to which a cloud service or application is interconnected with other cloud services. Cloud coupling can range from loosely coupled systems, which operate independently, to tightly coupled systems, which rely heavily on each other, affecting scalability and resilience.

Answer 80

Cloud customers contract with providers for cloud services, while cloud users are the actual individuals interacting with the cloud system. ## Footnote Cloud customers are the entities that contract with a cloud service provider to use their services. This could be organizations, teams, or individuals. On the other hand, cloud users are those who interact with the cloud system to perform various tasks. While all users are customers, not all customers are users, such as when an organization is a customer, but its employees are the users.

Answer 81

The delineation of responsibility for managing and safeguarding cloud-hosted data, varying by the service model and agreements. ## Footnote Refers to the delineation of accountability regarding who is responsible for managing and safeguarding data hosted in the cloud. Responsibilities can vary depending on the service model (IaaS, PaaS, SaaS) and the provider-customer agreement, but typically, the cloud provider secures the infrastructure while the customer is responsible for protecting their data through access controls, encryption, and compliance with privacy regulations. *For more information, view this lecture on [Virtualization, Cloud, and Distributed Computing - Part 3](https://courses.thorteaches.com/courses/take/cissp/lessons/18591378-virtualization-cloud-and-distributed-computing-part-3).*

Answer 82

Different methods of cloud service deployment, including public, private, hybrid, and multi-cloud, based on ownership and access. ## Footnote The various ways that cloud services can be deployed based on infrastructure ownership and access. These include public clouds, which are accessible to the general public; private clouds, which are used exclusively by a single organization; hybrid clouds, which combine public and private cloud services; and multi-cloud environments, which use multiple cloud services, often from different providers. *For more information, view this lecture on [Virtualization, Cloud, and Distributed Computing - Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/18591376-virtualization-cloud-and-distributed-computing-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cloud_computing#Service_models).*

Answer 83

Instances where cloud services or deployments differ from standard procedures, requiring documentation and management for security and compliance. ## Footnote Refers to the instances where cloud services or deployments diverge from standard operational procedures, security policies, or compliance requirements. Deviations may be intentional or unintentional, whereas exceptions are typically authorized variances granted for specific reasons. Documenting and managing these deviations and exceptions are critical for maintaining the security and integrity of cloud environments, ensuring that risks are identified, assessed, and mitigated appropriately and that compliance with industry standards and regulations is maintained.

Answer 84

The process of securely storing and preserving digital resources in the cloud for long-term accessibility and integrity. ## Footnote The process of securely storing and preserving digital resources in a cloud environment. The aim is to ensure long-term accessibility, maintain data integrity, and protect the resources from data loss or corruption. Key activities include implementing secure backup strategies, maintaining versions of data, and ensuring the appropriate metadata is retained for the accurate retrieval and utilization of the resources.

Answer 85

The virtual or logical placement of cloud data, defined by network paths, impacting access speed and adherence to data location regulations. ## Footnote The virtual or logical location of data in the cloud, which may be distinct from its physical location. This virtual location is defined by the network paths used to access the data and is relevant in contexts where data access speed, network costs, and legal or regulatory restrictions on data location are important considerations.

Answer 86

The process of transferring data, applications, or other elements from on-premises or one cloud environment to another, requiring careful planning for security. ## Footnote The process of moving data, applications, or other business elements from an on-premises environment into a cloud (public or private) or from one cloud environment to another. The migration process can be a complex task, requiring careful planning and execution to minimize disruption to services and ensure data integrity and security during the transfer. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cloud_computing#Cloud_migration_challenges).*

Answer 87

Privacy concerns and risks linked to data storage and activities in the cloud, such as unauthorized access and challenges with data ownership. ## Footnote The potential privacy concerns and risks that arise when storing data or conducting activities in a cloud environment. Because data stored in the cloud is often spread across multiple servers in various locations, it can be subject to different privacy laws and regulations. Furthermore, as the data is under the control of a third-party cloud service provider, there could be concerns about unauthorized data access, data mining, or issues with data ownership. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cloud_computing_security).*

Answer 88

The obligations of cloud service providers to ensure service integrity, security, and compliance, outlined in service agreements. ## Footnote The duties and obligations of cloud service providers are to ensure the availability, integrity, and security of their services. These responsibilities often include maintaining infrastructure, implementing security measures to protect data and systems, providing reliable access, managing system updates, and ensuring compliance with relevant regulations and standards. They are typically outlined in the service level agreement (SLA) between the provider and the customer. *For more information, view this lecture on [Virtualization, Cloud, and Distributed Computing - Part 3](https://courses.thorteaches.com/courses/take/cissp/lessons/18591378-virtualization-cloud-and-distributed-computing-part-3). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cloud_computing_security).*

Answer 89

The specific duties of cloud service providers to secure the data and applications they host, including physical and digital security measures. ## Footnote The specific duties and tasks that a cloud service provider must undertake to ensure the security of the data and applications they host. These responsibilities can range from physical security measures, such as controlling access to data centers, to digital security practices, like encryption, intrusion detection systems, and frequent security audits. The exact responsibilities can vary depending on the cloud service model, with more duties falling on the provider in infrastructure as a Service (IaaS) and less in software as a Service (SaaS). *For more information, view this lecture on [Virtualization, Cloud, and Distributed Computing - Part 3](https://courses.thorteaches.com/courses/take/cissp/lessons/18591378-virtualization-cloud-and-distributed-computing-part-3). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cloud_computing_security).*

Answer 90

The sharing of computing resources among multiple users in a cloud environment, providing scalability and cost efficiency. ## Footnote The model of sharing resources among multiple users in a cloud environment. In this paradigm, the provider's computing resources, such as storage, processing power, memory, and network bandwidth, are pooled together and allocated dynamically to meet the demands of individual users. This allows for efficient utilization of resources, scalability, and cost-effectiveness, as users only pay for the resources they use. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Pool_(computer_science)).*

Answer 91

Security threats and challenges vary by cloud model, with different risks for public, private, and hybrid cloud environments. ## Footnote The potential security threats and challenges vary by the cloud deployment model—public, private, or hybrid cloud. Public Cloud - Risks include data breaches, loss of control over data security, and shared technology vulnerabilities due to the multi-tenant nature. Private Cloud - Less exposure to external threats but higher responsibility for securing and maintaining the infrastructure compared to public clouds. Hybrid Cloud - Combines public and private cloud risks, plus challenges in data and application interoperability and complexities in consistently applying security policies across diverse environments.

Answer 92

The definition of tasks, duties, and accountabilities of stakeholders in a cloud environment, ensuring clarity for managing and securing resources. ## Footnote The definition of the tasks, duties, and responsibilities of different stakeholders in a cloud environment. It's critical for delineating the obligations of cloud service providers and customers in managing and securing cloud resources, data, and services. A clear definition of roles and responsibilities helps ensure accountability, promotes transparency and improves overall security and efficiency in cloud operations. *For more information, view this lecture on [Virtualization, Cloud, and Distributed Computing - Part 3](https://courses.thorteaches.com/courses/take/cissp/lessons/18591378-virtualization-cloud-and-distributed-computing-part-3). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cloud_computing_security).*

Answer 93

A structured framework for assessing cloud security risks, offering guidance for security control implementation. ## Footnote A comprehensive and structured framework established by the Cloud Security Alliance to help organizations identify and assess the security risks associated with cloud environments. It provides a detailed list of security controls categorized into different domains, serving as a guide for organizations to design, implement, and evaluate their cloud security strategies. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cloud_Security_Alliance).*

Answer 94

A set of security practices to protect Internet of Things devices and data, addressing unique IoT challenges. ## Footnote A comprehensive set of practices and controls designed to secure Internet of Things (IoT) devices and their associated data. The framework addresses the unique security challenges posed by IoT, providing guidance on device identity, secure communication, data protection, and regular updates. It aids organizations in mitigating the risks associated with the increasing connectivity and complexity of IoT ecosystems. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cloud_Security_Alliance).*

Answer 95

Policies and procedures to manage risks within cloud computing environments, providing guidelines for securing data, applications, and infrastructure. ## Footnote A set of policies, guidelines, and procedures designed to manage the risks and security posture of cloud computing environments. These frameworks guide organizations in securing data, applications, and infrastructure in the cloud.

Answer 96

Layers of cloud computing offering different levels of control from infrastructure (IaaS) to platforms (PaaS) and applications (SaaS), shifting more responsibility to the provider. ## Footnote They encompass the different layers of cloud computing that offer varying degrees of control from infrastructure to applications. Infrastructure as a Service (IaaS) provides virtualized computing resources over the Internet, such as servers and storage. Platform as a Service (PaaS) supplies a cloud-based environment for developers to create, manage, and deploy applications without the complexity of building and maintaining the underlying infrastructure. Software as a Service (SaaS) delivers fully managed applications to users on a subscription basis, eliminating the need for installations and running software on individual computers. Each model shifts more operational responsibility from the consumer to the cloud provider. *For more information, view this lecture on [Virtualization, Cloud, and Distributed Computing - Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/18591376-virtualization-cloud-and-distributed-computing-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cloud_computing#Service_models).*

Answer 97

Companies providing computing services over the Internet, ranging from storage and computational resources to complete applications and platforms. ## Footnote Companies that offer a range of computing services over the Internet. These services can span from simple storage and computing resources to complete applications and platforms. Customers often leverage these services to reduce infrastructure costs, increase scalability, and improve business agility. *For more information, view this lecture on [Virtualization, Cloud, and Distributed Computing - Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/18591376-virtualization-cloud-and-distributed-computing-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cloud_computing#Multi_cloud).*

Answer 98

Agreements between organizations and cloud providers detailing service terms, roles, performance, security, costs, and dispute resolutions. ## Footnote These are legally binding agreements between an organization and a cloud service provider. They detail the terms of service, roles and responsibilities, performance metrics, data privacy and security provisions, costs, and what happens in the event of a dispute or termination of service. Understanding these contracts is crucial in ensuring that service expectations are met and risks are properly managed. *For more information, view this lecture on [Virtualization, Cloud, and Distributed Computing - Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/18591376-virtualization-cloud-and-distributed-computing-part-2).*

Answer 99

Volume storage refers to block storage for tasks like databases, while 'object storage' manages large unstructured data with unique identifiers for each object. ## Footnote In cloud storage, 'volume storage' refers to block storage that acts like a traditional disk drive and is suitable for scenarios where low-latency access is crucial, such as databases. 'Object storage' treats data as individual objects accessed via a unique identifier and is ideal for storing large quantities of unstructured data, offering benefits like scalability and easy access through APIs. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cloud_storage).*

Answer 100

A strategy prioritizing cloud solutions over on-premises alternatives for new applications or infrastructure, considering benefits like scalability and cost savings. ## Footnote An organizational policy or strategy where cloud solutions are prioritized and preferred over on-premises solutions. Under a cloud-first strategy, when a business needs a new application or infrastructure, the default approach is to consider cloud-based options first due to their potential benefits, such as cost-effectiveness, scalability, and flexibility.

Answer 101

Applications designed specifically for the cloud, utilizing its features like scalability and resilience, often developed with microservices and managed via DevOps. ## Footnote The design and development of applications specifically for the cloud environment. Cloud-native applications are designed to leverage the advantages of cloud computing frameworks, including scalability, flexibility, and resilience. These applications are generally developed using microservices architecture, managed through DevOps processes, and run in containers, enabling them to be easily scaled and modified. *For more information, view this lecture on [Secure Access Service Edge](https://courses.thorteaches.com/courses/take/cissp/lessons/54398562-new-2024-sase-secure-access-service-edge). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cloud-native_computing).*

Answer 102

Cloud-Native Security integrates security measures throughout microservices, containers, and orchestration platforms, aligning protections with dynamic, distributed architectures from development to deployment. ## Footnote Emphasizing speed and scalability, cloud-native security weaves protective controls into the design and operation of containerized workloads and microservices. It leverages declarative infrastructure, policy-as-code, and continuous integration/continuous delivery pipelines, automating security checks at each stage. Monitoring and logging are essential, offering visibility into ephemeral resources and detecting anomalies rapidly. By embedding security from the outset, organizations reduce vulnerability windows and maintain compliance across cloud environments. This approach supports agile, resilient, and secure software delivery. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cloud-native_computing).*

Answer 103

An undesirable pattern in pseudorandom number generation where values appear grouped, potentially compromising the security of cryptographic systems. ## Footnote This refers to the undesirable pattern in pseudorandom number generation where values are not evenly distributed but rather appear grouped or 'clustered' together. Such patterns can compromise the security of cryptographic systems that rely on pseudo-randomness, making them vulnerable to predictability and potential attacks. *For more information, view this lecture on [Symmetric encryption- Part 2.](https://courses.thorteaches.com/courses/take/cissp/lessons/19215140-symmetric-encryption-part-2).*

Answer 104

A cryptographic technique using symmetric key block ciphers for message authentication, providing integrity and authenticity. ## Footnote A cryptographic technique for message authentication using a symmetric key block cipher algorithm such as AES. It provides integrity and authenticity for messages or data by producing a fixed-size output, known as a tag or MAC, which is sent along with the message. The receiver then computes the CMAC using the same secret key to verify the integrity of the message. CMAC is resistant to forgery and is widely used in various security protocols and applications. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Message_authentication_code).*

Answer 105

Techniques used to obscure the internal workings of software, such as obfuscation or encryption, to secure intellectual property. ## Footnote The various techniques used to obfuscate the internal workings of a program or system. The main purpose is to prevent reverse engineering or unauthorized modification, thereby securing intellectual property and maintaining the integrity of the software. Techniques used can range from simple code obfuscation to more advanced methods like encryption or running code in a secure environment.

Answer 106

An event where two different inputs produce the same hash output, compromising the uniqueness assured by cryptographic hash functions. ## Footnote In the context of cryptography, a collision refers to an event where two different input values yield the same hash output in a hash function. Such collisions undermine the cryptographic assurance that hash values are unique, thereby challenging data integrity and security. Robust cryptographic systems aim to minimize the likelihood of such occurrences. *For more information, view this lecture on [Hashing- Part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19149697-hashing-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Collision_attack).*

Answer 107

An international standard for evaluating information security products, ensuring they conform to security standards for government use. ## Footnote An international set of guidelines and specifications developed for evaluating information security products, specifically to ensure they meet an agreed-upon security standard for government deployments. It provides a broad range of evaluation criteria for various types of products and systems, and its use can help to ensure a consistent and reliable level of security. *For more information, view this lecture on [Security evaluation models.](https://courses.thorteaches.com/courses/take/cissp/lessons/18591287-security-evaluation-models). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Common_Criteria).*

Answer 108

A cloud computing model where infrastructure and services are shared by a group of organizations with common goals or requirements, offering privacy and efficiency. ## Footnote A shared cloud computing environment where resources are accessible by a specific group of organizations or individuals with shared concerns or objectives. This setup allows for a higher level of privacy, security, or policy compliance than a public cloud while also offering cost savings and resource-sharing advantages of the cloud technology. *For more information, view this lecture on [Virtualization, Cloud, and Distributed Computing - Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/18591376-virtualization-cloud-and-distributed-computing-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cloud_computing).*

Answer 109

Malware that attaches to executable files without altering them and creates new executables with the same name to execute malicious actions. ## Footnote A type of malware that attaches itself to valid executable files on a system. Instead of modifying the original file, it creates a new program with the same name in a different directory. When the user attempts to run the original program, the virus program executes instead, often running the original program afterward to avoid detection. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Computer_virus).*

Answer 110

Dividing system components to limit exposure to threats and minimize potential damage by keeping separate areas isolated from each other. ## Footnote The strategic division of various components, resources, or entities within a larger system to limit exposure to threats and minimize potential damage. This separation can be achieved in several ways, such as through physical separation, virtualization, or role-based access controls, ensuring that a compromise in one area doesn't lead to a breach in others. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Compartmentalization_(intelligence)).*

Answer 111

An operating mode where users only access data necessary for their roles, applying the principle of least privilege to sensitive environments. ## Footnote In a compartmented mode setup, users are given access only to the data they require to perform their tasks and nothing else, thereby minimizing the exposure and possible leakage of sensitive information. This is a rigorous application of the principle of least privilege, often used in environments dealing with highly sensitive data, such as military or intelligence operations. *For more information, view this lecture on [Security models and concepts- Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/18591282-security-models-and-concepts-part-2).*

Answer 112

Malware that compresses executable files and embeds itself within, making detection challenging by mimicking standard compressed files. ## Footnote A type of malware that compresses executable files and embeds itself within them. When an infected file is run, the virus is activated and decompresses the original file to try to hide its presence. These viruses can be difficult to detect because they may appear as standard compressed files to users and some antivirus programs. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Computer_virus).*

Answer 113

A cipher that hides the existence of a message within another, aiming to avoid detection by making the presence of the message undetectable. ## Footnote Also known as a steganographic cipher, concealment cipher hides the existence of a message within another innocent-looking message. Unlike traditional ciphers, which make it apparent that a message has been encrypted, a concealment cipher's goal is to prevent an observer from even suspecting that a hidden message exists. This is achieved by embedding the secret information within the ordinary data in such a way that it doesn't alter the apparent nature of the data.

Answer 114

The simultaneous execution of multiple operations, tasks, or transactions in a computing system, managed to prevent inconsistencies and conflicts. ## Footnote The simultaneous execution or handling of multiple operations, tasks, or transactions. In computing, concurrency enables a system to perform various computational processes during overlapping time periods, increasing efficiency, especially in multi-core processors, distributed systems, or networks. It's a fundamental concept for developing applications that perform several tasks at once, such as web servers and interactive applications. Concurrency mechanisms manage access to shared resources to avoid conflicting actions and data inconsistencies. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Concurrency_(computer_science)).*

Answer 115

A process to maintain data integrity in systems where multiple users access or modify data at the same time, using mechanisms to prevent conflicting changes. ## Footnote A process in databases and software systems that ensures data integrity and consistency when multiple users access or modify data simultaneously. Concurrency control mechanisms prevent conflicting changes and maintain database transaction accuracy. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Concurrency_control).*

Answer 116

Confidential Computing protects sensitive data during processing by using secure, hardware-based enclaves or trusted execution environments (TEEs) that keep data isolated from external threats. ## Footnote Traditional security measures encrypt data at rest and in transit, but vulnerabilities can arise while data is being processed. Confidential Computing addresses this gap by employing specialized processor features that create an isolated, encrypted region of memory. Even system administrators or cloud providers cannot access the data within these enclaves. This approach ensures stronger privacy, enabling sensitive workloads—such as healthcare analytics or financial computations—to run securely in shared or untrusted environments. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Confidential_computing).*

Answer 117

A cryptographic principle where the relationship between ciphertext and key is obscured, ensuring each ciphertext bit depends on several key parts. ## Footnote A property of cryptographic algorithms that aims to obscure the relationship between the key and the ciphertext, making it difficult for an attacker to deduce any meaningful patterns or information. The concept of confusion was introduced by Claude Shannon to ensure that each bit of the ciphertext should depend on several parts of the key, creating a complex and non-obvious relationship. This is typically achieved through substitution algorithms and other complex transformations. Confusion adds to the security of encryption schemes by making them more resistant to cryptanalysis and brute-force attacks. *For more information, view this lecture on [Introduction to Cryptography- Part 2.](https://courses.thorteaches.com/courses/take/cissp/lessons/19121903-introduction-to-cryptography-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Confusion_and_diffusion).*

Answer 118

Security devices triggered by physical contact or activation, commonly used in systems to alert on unauthorized entries or attempted breaches. ## Footnote Alarms that are triggered by the activation of a contact device. They are commonly used in security systems to alert individuals or authorities of an unauthorized entry or attempted entry. Examples include alarm systems that are triggered by the opening of a door or window, pressure mats that trigger an alarm when stepped on, or touch-sensitive pads that trigger an alarm when touched. *For more information, view this lecture on [Physical security- Part 5.](https://courses.thorteaches.com/courses/take/cissp/lessons/19149815-physical-security-part-5). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Security_alarm#Wired,_wireless,_and_hybrid_systems).*

Answer 119

Cards that transmit data wirelessly using near-field communication technology. ## Footnote Contactless Cards use radio frequency identification (RFID) or near-field communication (NFC) to exchange information with terminals without direct physical contact. These cards, widely used for payments and secure access, incorporate encryption and other security measures to protect sensitive data. Their convenience and speed highlight the balance between technological advancement and the need for robust security protocols against potential wireless exploits. *For more information, view this lecture on [Physical security- Part 4.](https://courses.thorteaches.com/courses/take/cissp/lessons/19632100-physical-security-part-4). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Contactless_smart_card).*

Answer 120

Container Technologies like Docker package applications and dependencies into portable units, while Kubernetes orchestrates and manages these containers at scale across clusters of hosts. ## Footnote Docker simplifies deployment by bundling code, libraries, and settings into lightweight, isolated containers that run consistently across environments. Kubernetes oversees container scheduling, scaling, and networking, allowing teams to manage complex, distributed applications. Kubernetes uses controllers to maintain desired states, automatically adjusting resources when workloads change. Together, these technologies enable continuous delivery, efficient resource utilization, and quick updates. Security and compliance require vigilance, including image scanning, role-based access, and network segmentation. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Containerization_(computing)).*

Answer 121

A virtualization approach that packages applications with their runtime environment, enhancing portability and minimizing resource use. ## Footnote A lightweight form of virtualization that allows for the packaging and isolation of applications with their entire runtime environment—all of the necessary code, system tools, libraries, and settings included. This encapsulation ensures that the application works uniformly and consistently across different computing environments. Containers are more portable and use fewer resources than traditional hardware-based or full-machine virtualization approaches, such as virtual machines (VMs) because they share the host system's kernel rather than requiring their own operating system. This technology is widely used to streamline and simplify the deployment of applications, enhance scalability, and improve security by isolating applications from each other and the underlying infrastructure. *For more information, view this lecture on [Hardware architecture- Part 2](https://courses.thorteaches.com/courses/take/cissp/lessons/18591307-hardware-architecture-part-3). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Containerization_(computing)).*

Answer 122

The boundary where security controls are enforced to protect assets, which can be physical or virtual, delineating areas of responsibility. ## Footnote The boundary within which security controls are enforced to protect assets. The perimeter can be physical or virtual and is often established through measures such as firewalls, access control lists, or even physical barriers like walls or locked doors. It is a critical concept in risk management, delineating areas of responsibility and defining where protective measures are implemented. *For more information, view this lecture on [Physical security- Part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19149785-physical-security-part-1). For more information, view this lecture on [Physical security- Part 2.](https://courses.thorteaches.com/courses/take/cissp/lessons/19149796-physical-security-part-2).*

Answer 123

A CPU component that directs processor operations, manages data flow, and interprets program instructions, acting as a 'traffic cop' for the system. ## Footnote A component of the central processing unit (CPU) in a computer that directs the operation of the processor. It controls the flow of data within the CPU and between the CPU and other components of the computer by coordinating and executing instruction sequences, managing the timing of operations, and interpreting the computer's program instructions. Essentially, it acts as the 'traffic cop' for data and instructions within the computer system. *For more information, view this lecture on [Hardware architecture- Part 1](https://courses.thorteaches.com/courses/take/cissp/lessons/18591300-hardware-architecture-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Control_unit).*

Answer 124

A physical or digital region with strict access regulations to ensure that only authorized personnel can enter or access the data. ## Footnote A designated region, either physical or digital, where access is strictly regulated and monitored to ensure only authorized personnel can enter. In a physical setting, this could be a room housing sensitive data storage devices, while in a digital scenario, it might refer to certain parts of a network or database. *For more information, view this lecture on [Physical security- Part 2.](https://courses.thorteaches.com/courses/take/cissp/lessons/19149796-physical-security-part-2). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Access_control#Access_control_system_components).*

Answer 125

An encryption mode converting a block cipher into a stream cipher by encrypting counter values and XORing with plaintext. ## Footnote An encryption mode that transforms a block cipher into a stream cipher. It operates by encrypting successive values of a "counter" and then XORing the output with the plaintext to produce the ciphertext. The counter value is incremented for each subsequent block, ensuring a unique sequence for each encryption. This mode allows for random access to encrypted data blocks and can provide high levels of security when implemented correctly. *For more information, view this lecture on [Symmetric encryption- Part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19149624-symmetric-encryption-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#CTR).*

Answer 126

A pathway allowing secret communication within a system, often utilized to bypass security policies. ## Footnote A communication channel that enables information transfer in a way that violates security policies, typically by using mechanisms that were not originally intended for communication. This can include using system properties or resources (like processor usage or file modification times) to covertly transmit information, enabling entities to communicate surreptitiously without detection. *For more information, view this lecture on [Emanations and Covert Channels](https://courses.thorteaches.com/courses/take/cissp/lessons/18591390-emanations-and-covert-channels). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Covert_channel).*

Answer 127

Examining systems to identify and mitigate hidden communication paths for unauthorized information transfer. ## Footnote The process of examining systems to identify and mitigate covert channels. This process involves reviewing system design and operations to uncover unintended communication paths that could be exploited for unauthorized information transfer. It's a crucial component of comprehensive security audits and assessments, particularly in high-security environments. *For more information, view this lecture on [Emanations and Covert Channels](https://courses.thorteaches.com/courses/take/cissp/lessons/18591390-emanations-and-covert-channels). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Covert_channel).*

Answer 128

An indirect method of transmission that modifies a system's stored data to encode and convey information. ## Footnote A type of concealed pathway that facilitates unauthorized data transmission by modifying a system's stored data. The subtle alterations in this data, such as changes in file sizes or timestamps, can be exploited to encode and transmit information in a manner that's difficult to detect. *For more information, view this lecture on [Emanations and Covert Channels](https://courses.thorteaches.com/courses/take/cissp/lessons/18591390-emanations-and-covert-channels). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Covert_channel#TCSEC_criteria).*

Answer 129

A communication method conveying information via controlled manipulation of event timings. ## Footnote A surreptitious communication pathway that conveys information by manipulating the timing of events, such as process execution or network packet delivery. By varying these timing characteristics in a controlled manner, an entity can transmit data to a receiving entity that's observing the same timings, all without arousing suspicion. *For more information, view this lecture on [Emanations and Covert Channels](https://courses.thorteaches.com/courses/take/cissp/lessons/18591390-emanations-and-covert-channels). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Covert_channel#Timing_channels).*

Answer 130

A narrow underfloor area used for access to building utilities. ## Footnote A Crawl Space is a shallow, accessible area located beneath the primary floor of a building. It provides space for electrical wiring, plumbing, and HVAC systems while offering limited storage. Although not intended for regular occupancy, proper crawl space management is important to prevent moisture, pest infestations, and structural damage, thereby safeguarding the overall integrity of the building. *For more information, view this lecture on [Physical security- Part 5.](https://courses.thorteaches.com/courses/take/cissp/lessons/19149815-physical-security-part-5). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Crawl_space).*

Answer 131

Technology allowing secure data transfer between networks with different security levels. ## Footnote A technology that allows the transfer of data between networks with different security levels while ensuring that security policies for each network are not violated. It ensures the secure sharing of information across different security domains, preventing unauthorized access and data leakage, and is often used in organizations dealing with highly sensitive data across various clearance levels. *Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cross-domain_solution).*

Answer 132

The study of breaking cryptographic systems to find methods that defeat or weaken them. ## Footnote The study and practice of examining and breaking cryptographic systems, understanding how they work, and finding methods to defeat or weaken them. It involves analyzing the encrypted data (ciphertext) to discover the hidden structures and derive the original information (plaintext) without necessarily having access to the secret key used. Cryptanalysis is used both for academic research to test the strength of encryption algorithms and by adversaries to compromise security systems. It encompasses a variety of techniques, such as frequency analysis, pattern detection, brute force attacks, and more sophisticated mathematical approaches. *For more information, view this lecture on [Introduction to Cryptography- Part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19121869-introduction-to-cryptography-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cryptanalysis).*

Answer 133

Devices or software designed to perform cryptographic operations like encryption and decryption. ## Footnote Hardware or software designed specifically to perform cryptographic operations, such as encryption, decryption, digital signing, or key generation. Crypto-equipment safeguards sensitive information by transforming it into a secure form for transmission or storage, and it's commonly used in secure communication systems, data protection solutions, and other security applications. Examples include hardware security modules (HSMs), encrypted hard drives, and secure mobile phones. *For more information, view this lecture on [Introduction to Cryptography- Part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19121869-introduction-to-cryptography-part-1).*

Answer 134

Mathematical procedures used for encryption and decryption, transforming data to secure it from unauthorized access. ## Footnote A set of mathematical procedures or rules that are used in the processes of encryption and decryption. Algorithms like RSA, AES, and DES work by transforming data into an unreadable format, making it secure from unauthorized access and preserving data integrity and confidentiality during transmission or storage. *For more information, view this lecture on [Introduction to Cryptography- Part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19121869-introduction-to-cryptography-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Algorithm).*

Answer 135

A part of a cryptographic system performing specific functions related to encryption or decryption. ## Footnote An integral part of a cryptographic system that performs a specific function related to encryption or decryption processes. These components can include algorithms, key generators, or hash functions. The secure functioning of a cryptographic system heavily depends on the reliability and robustness of these components. *For more information, view this lecture on [Introduction to Cryptography- Part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19121869-introduction-to-cryptography-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Cryptographic_module).*

Answer 136

Setting up a cryptographic system, usually involving key generation and installation. ## Footnote The process of setting up a cryptographic system or component before it can be used securely. The process typically involves the generation and installation of cryptographic keys. Initialization ensures that the system has a secure starting state from which it can operate and often includes steps to ensure the secure generation, distribution, and storage of keys. *For more information, view this lecture on [Introduction to Cryptography- Part 1.](https://courses.thorteaches.com/courses/take/cissp/lessons/19121869-introduction-to-cryptography-part-1). Or visit this [Wikipedia page](https://en.wikipedia.org/wiki/Initialization_vector).*

Domain 3: Security Architecture and Engineering Flashcards

Learn essential terms related to secure system design, hardware, and cryptographic principles.