Domain 3: Security Architecture and Engineering 13% Flashcards

Question

The International Common Criteria (ISO/IEC 15408)

Answer 1

Common Criteria evaluations are performed on computer security products and systems. To be of practical use, the evaluation must verify the target's security features. This is done through the following: Target of Evaluation, Protection Profile, Security Target.

Answer 2

How did the product score on the testing? EAL Level 1-7 EAL1: Functionally Tested EAL2: Structurally Tested EAL3: Methodically Tested and Checked EAL4: Methodically Designed, Tested, and Reviewed. EAL5: Semi-formally Designed and Tested EAL6: Semi-formally Verifed Design and Tested EAL7: Formally Verified Designed and Tested.

Answer 3

Separates hardware ans software functionality into layers.Layers can influeence layers next to themselves, but not past that.

Answer 4

Hiding unnecessary details fro teh user, it provides a seamless experience for the user, they don't see the millions of background calculations.

Answer 5

A list of Objects a Subject is allowed to access, groups of Objects and Subjects with similar security requirements.

Answer 6

is where the kernel lives, allowing low-level unrestricted access to memory, CPU, disk, etc. Crashes are not recoverable

Answer 7

has no direct access to hardware, it is directed through an API. Crashes are recoverable. This is most of what happens on a PC.

Answer 8

use open standards, and can use standard components from multiple vendors.

Answer 9

use proprietary hardware and software. This is "security through obscurity."

Answer 10

``` 4-ring model that seperates Users (Untrusted) from the Kernel (Trusted). Ring 3: User applications Ring 2: Device drivers Ring 1: Other OS Ring 0: Kernel Ring -1: Hypervisor mode ```

Answer 11

connected to it are: CPU, Video mem, RAM, and Southbridge

Answer 12

connected to it are: Mouse/keyboard, HD, USB, CD DVD

Answer 13

contains Arithmetic logic unit (ALU) for math functions and Control Unit (CU) traffic cop.

Answer 14

Fetch, Decode, Execute, Store | Pipelining- combining multiple steps into one process: can do many functions in same clock cycle.

Answer 15

An interrrupt is a signal to the processor emitted by hardware or software indicating an event that needs immediate attention.

Answer 16

An executable program and its associated data loaded and running in memory. A heavy weight process (HWP) is also called a task. A parent process may spawn additional child processes called threads.

Answer 17

Light Weight Process (LWP) Threads can share memory, resulting in lower overhead compared to heavy weight processes.

Answer 18

is teh ability of a CPU or single core in a multi-core processor to execute multiple processes or threads concurrently, appropriately supported by the OS.

Answer 19

A comp using more than one CPU at a time for a task.

Answer 20

tasks sharing a common resource ( 1 CPU)

Answer 21

A computer running more than one program at a time (Word and Chrome at the same time).

Answer 22

prevents one process from affecting the confid, integr, or availability of another.

Answer 23

is a logical control that tries to prevent one process from Interfering with another.

Answer 24

takes that a step furhter by mapping processes to specific memory locations.

Answer 25

provides virtual address mapping between applicaitons and hardware memory.

Answer 26

moves entire processes from primary mem (RAM) from/to secondary mem (HD)

Answer 27

copies a block from primary memory (RAM) from/to secondary mem (HD)

Answer 28

(Low level OS) BIOS runs a asic POST. Once the POST process is complet and successful, it locates the boot sector for the OS. The Kernel loads and exe, and teh OS boots. BIOS is stored on ROM most likely EEPROM

Answer 29

CD/DVDs can be WORM media (R)

Answer 30

Is an int std for secure cryptoprocessor, which is dedicated microcont designed to secure hrdwr by integrating cryptographic keys into devices. Its is most commonly used to ensure boot integrity.

Answer 31

is a security feature that can prevent damage to your computer from viruses and other security threats.

Answer 32

is a memory-protection proess for OS'; it guards against buffer-overflow attacks by randomizing the location where system executables are loaded into memory.

Answer 33

It interfaces between the OS (and applications) and the hardware.

Answer 34

is one static executable and the kernel runs in supervisor mode.

Answer 35

are modular kernels

Answer 36

is a core function fo the kernel; it handles all access between subjects and objects. It is always on and can't be bypassed.

Answer 37

is a type of DAC (Discretionary Access Control)

Answer 38

we have many servers (clients) on the same hardware platform (host). Virtualization is software running under the OS and above the Hardware (Ring-1)

Answer 39

control the access between the virtual guest/clients and the host hardware.

Answer 40

is a part of a Virtualization OS that runs on top of the host hardware.

Answer 41

runs on top of a regular OS like Win 10.

Answer 42

is when an attacker can jump from the host or a client to another client.

Answer 43

There is no 'Cloud' it is just another computer somewhere else.

Answer 44

The vendor provides infrasturcutre up to the OS, the customer adds the OS and up.

Answer 45

The vendor provides the OS and applications/programs. (O365, Gmail, Payroll)

Answer 46

The vendor provides pre-configured OSs, then the customer adds all the programs and applications.

Answer 47

can make use of resources not currently in use from 100 or 100,000's of computers to perform very complex tasks.

Answer 48

Any system can be a client and/ or a server. Most commonly used on torrent networks.

Answer 49

Anything that connects to the Internet is some way (that didn't before)

Answer 50

often Electromagnetic Emanations. Info that can be disseminated from the electrical changes from a system or a wire.

Answer 51

Creates the capability to transfer info. using channels not intended to do so.

Answer 52

Operations that affect the "real response time observed" by the receiver.

Answer 53

Hidden info through the modification of a stored object.

Answer 54

hiding a message within another media

Answer 55

encode data into a file

Answer 56

require some sort of huma interaction and are often transmitted by USB or other portable devices.

Answer 57

Change their signature to avoid the antivirus signature definitions

Answer 58

Spread across multiple vectors. They are often hard to get rid of because even if you clean the file infections, the virus may still be in the boot sector and vice-versa.

Answer 59

spread through self propagation.

Answer 60

malicous code embedded in a program that is normal

Answer 61

replaces some of the OS/Kernel with a malicous payload.

Answer 62

Malicious code that executes at a certian time or event.

Answer 63

Programs to compress *.exe files, which can be used to hide malware in an executable, neutral tech.

Answer 64

Signature based - looks for known malware signatures | Heuristic (Behavioral) based - looks for a abnormal behavior

Answer 65

Attack directly from an attacker to a target.

Answer 66

The client initiates, then gets infected with malicious constent usually from web browsers or IM apps (You go to them)

Answer 67

small apps often embedded into other software (web browser)

Answer 68

applets run in a sandbox environment - segmenting the Java from the OS (limiting some threats); OS agnostic

Answer 69

runs with certificates (not sandbox) - since Active x is a MS prod it interacts more with the OS (Win only)

Answer 70

is a style of software design where services are provided to the other components by application components, through a communication protocol over a network.

Answer 71

Two (or more) instances of the same file depending on who accesses it.

Answer 72

is a collection of gathering of data together for the purpose of statistical analysis.

Answer 73

requires deducing from evidence and reasoning rather than from explicit statements

Answer 74

is the computing process of discovering patterns in large data sets.

Answer 75

is looking at what normal operations look like, then allowing us to more proactively identify abuse from insider threats or compromised accounts.

Answer 76

is a general term for several types of control sys and associated inst used in indust prod technology

Answer 77

is a control sys arch that uses comp, network data comm and GUI for high-level process supervisory management.

Answer 78

is a comp control sys for a process or plant in which autonomous controllers are distributed throughout the system, but there is central operator supervisory control.

Answer 79

is an industrial digital computer which has been ruggedized and adapted for the control and manufacturing processes.

Answer 80

a set of comm protocols used between components in process automation systems. Comm between a master station and remote terminal units (RTU) or IEDs.

Answer 81

is the science of securing comm

Answer 82

creates messages where the meaning is hidden

Answer 83

is the science of breaking encrypted communication.

Answer 84

is a cryptographic algorithm.

Answer 85

is an encrypted message

Answer 86

converts the plaintext to a ciphertext

Answer 87

turns ciphertext back into plaintext

Answer 88

Use of a well-known text (Often a book) as the key.

Answer 89

uses a well-known test as a key as well, but uses a previously agreed upon phrase

Answer 90

Substitues one letter for another - T would be W

Answer 91

Similar but uses different starting points each round

Answer 92

analyzing the frequency of a certain character - In English E is used 12.7% of the time

Answer 93

XOR is very useful in basic cryptography; we add a key to the plaintext to make the ciphertext

Answer 94

is the relationship between the plaintext and ciphertext; it should be as random (confusing) as possible

Answer 95

is how the order of the plaintext should be "diffused (dispersed) in the ciphertext

Answer 96

replaces one character for another, this provides diffusion

Answer 97

provides confusion by rearranging the characters of the plaintext

Answer 98

Message written lenghtwise on a long thin piece of parchment wrapped arond a certain size round stick.

Answer 99

Done by switching letters a certain numbers of spots in the alphabet.

Answer 100

a polyslphabetic cipher. The alphabet is repeated 26 times to form a matrix (Vigenere Square)

Answer 101

2 concentric disks with alphabets on them

Answer 102

rotary based. Breaking the Enigma was responsible for ending the war early and saving millions of lives.

Answer 103

Japanese rotary based, very similar to the Enigma

Answer 104

Cryptogrpahic algorithm where plaintext is combined with a random key. It is the only existing mathematically unbreakable encryption.

Answer 105

First known use of a one-time pad.

Answer 106

was a project by the US and UK to break KGB's encryption from 1943 to 1980 only broken because KBG reused pads.

Answer 107

a cipher sys using a set of wheels or disks, each with the 26 letters of the alpha bet arranged around the edge.

Answer 108

A rotor machine used by the US throughout WW2 similar to the Enigma. It used 3x 5 sets of rotors

Answer 109

was used to prevent export of "Critical Technologies" from Western countries to the Iron Curtain

Answer 110

currently in use. Limits exports on military and dual-use tech. Cryptography is part of that.

Answer 111

Pros: It does not need a pre-shared key, only 2x users = total keys Cons: It is much slower, it is weaker per bit.

Answer 112

Pros: Much faster, stronger per bit. Cons: Needs a pre-shared key, n(n-1)/2 users, become unmanageable with many users.

Answer 113

Uses Asymmetric encryption to share a Symmetic Key (session key)

Answer 114

For the exam it may be called DEA (algorithm) or DES (standard) Symmetric - 64 bit block cipher - 56 bit key. Has 5 different modes it can encrypt data with, they include: Block, Stream, Initialization Vector, if errors occurr they propagate to teh next block.

Answer 115

Symmetric - 64 bit block cipher - 56 bit key. K1 (keymode1) - 3 different keys with 112 bit key strength. Considered secure until 2030 and is still commonly used

Answer 116

Symmetric, 128bit key, 64 bit block size, considered safe. Not widely used now, since it is patented and slower than AES

Answer 117

Symmetric, considered secure, open source, 4x4 column-major order matrix of bytes

Answer 118

each byte is combined with a block of the round key using bitwise XOR

Answer 119

a non-linear subsititution step where each byte is replaced with another according to a lookup table.

Answer 120

a transportation step where the last three rows of the state are shifted a certain number of steps.

Answer 121

a mixing operation which operates on the columns, combining the four bytes in each column

Answer 122

subbytes, shiftrows, addrounkey

Answer 123

10 cycles for 128-bit keys 12 cycles for 192-bit keys 14 cycles for 256-bit keys

Answer 124

publish domain, uses Fistel, no longer considered secure

Answer 125

uses Fistel, considered secure

Answer 126

The cipher splits a plaintext block into two halves (L and R) The process goes through several rounds, the right half of the block does not change. The right half is XOR'ed with a subkey for each round.

Answer 127

Used by WEP/WPA/SSL/TLS | Pseudorandom keystream, no longer considered secure, Symmetric, Stream cipher, 40-2048 bit key lenght

Answer 128

Symmetric, block cipher, 32, 64,128bit blocks, key length 0-2040 bits, uses Fistel. considered secure (if enough blocks/key)

Answer 129

AES Finalist, based on RC5, but changed to meet AES require, uses Fistel, Symmetric, Block Cipher, 128bit blocks, 128, 192, 256 bit key length, considered secure

Answer 130

DH and RSA, uses 2 keys: a Public Key and a Private Key (key pair). Public key is publicly available, used by others to encrypt messages sent to you. Private key (you keep safe) used to decrypt messages sent with your public key. Also used for digital signatures, slightly reversed. You encrypt with your private key and teh recipient decrypts with your public key.

Answer 131

factoring large Prime numbers using a one-way factorization - It is easy to multiply 2 numbers, but hard to discern the 2 numbers multiplied form the result.

Answer 132

one way function - this one uses logarithms, which is teh opposite fo expenentiation.

Answer 133

new keypari from very large prime numbers - creates public/private key pair. Used to exchange symmetric keys, it is slow, Asymmetric, 1094-4096bit key, considered secure.

Answer 134

DH, ECC, RSA, El Gamal, DSA, Knapsak

Answer 135

was one of the 1st public key protocols

Answer 136

often found in low-power devices

Answer 137

used in GNU Privacy Guard software and PGP

Answer 138

no longer considered secure

Answer 139

are used for Integrity. A variable-lenght plaintext is hashed into a fixed-length value hash or MD (Message Digest). It is used to prove the Integrity of the data has not changed. Just 1 bit change completely changes the hash. Variable-lenght input, fixed-length output.

Answer 140

When 2 hashes of different data provide the same has.

Answer 141

128-bit Fixed-lenght has, used very widely until a flaw was found.

Answer 142

Was not used for very long, was supposed to replace MD5, but SHA2/3 were better.

Answer 143

160bit Hash Value. Found to have weak collision avoidance, but still commonly used.

Answer 144

Considered collision resistant. Somewhat used now, relatively new.

Answer 145

Finalized in August 2015

Answer 146

The MD length is variable 128,169,192,224,256bits. Uses the MD design principles, but is faster. Not widely used.

Answer 147

Developed outside of defense to ensure no gov backdoors. Not widely used, no longer secure

Answer 148

Redesigned, fixing flaws of RIPEMD. 160bit hashes. Not widely used. Considered secure.

Answer 149

random data that is used as an additional input to a 1-way function that "hashes" a password or passphrase. Defends against dictionary attacks or rainbow table attack.

Answer 150

Random number issed in an authentication protocol to ensure that old comm cannot be be reused in reply attacks.

Answer 151

Modern enryption is so difficult to break, it is easier to recover the private key. Law enfrocement does this with search warrants. Attackers do this by gaining access to your system or key repository.

Answer 152

Uses the entire key space (every possible key); with enough time, any plaintext can be decrypted. Effective against all key-based ciphers except the one-time pad.

Answer 153

adding 1-2 seconds to password verification

Answer 154

Similar to frequency analysis/attacks, but looks at common pairs of letters (th, he, in, er)

Answer 155

The attacker secretly relays and may alter communication between 2 parties, who believe they are directly comm with each other.

Answer 156

An attacker takes over a web user's session ID and masquerades as the authorized user.

Answer 157

much easier than breaking the key is convincing the key holder to hand it over to the "help desk"

Answer 158

pre-made list of plaintext and matching ciphertext. Often passwords and matching Hashes.

Answer 159

you know the plaintext and the ciphertext, and using those you try to figure out the key.

Answer 160

similar to known plaintext, but the attacker choses the plaintext, then tries to figure out the key.

Answer 161

Same as Chosen Plaintext, the attacker "adapts" the following rounds dependent on the previous rounds.

Answer 162

A known plaintext attack, the intruder has to know some parts of plaintext and their ciphertexts, used to break ciphers, which have two or more secrets key for multiple encryption using the same algorithm.

Answer 163

the attacker knows something about the key, making it easier to break it.

Answer 164

Tries to find the "difference" between the related plaintexts

Answer 165

A type of known plaintext attack where the attacker has a lot of plaintext/ciphertext pairs created with the same key.

Answer 166

is Differential and Linear Cryptanalysis combined.

Answer 167

Attackers use physical data to break a crypto sys. This can be CPU cycles, power consumption while encrypting/decrypting

Answer 168

Some vulnerability is left from the implementation of the application, system or service.

Answer 169

When 2 different Symmetric Keys used on the same plaintext produces the same ciphertext, both can decrypt ciphertext from teh other key.

Answer 170

Uses Asymmetric and Symmetric Encryption as well as Hashing to provide and manage digital certficates. To ensure PKI works well, we keep the private key secret.

Answer 171

keys are kept by a 3rd party org (often law enforcement)

Answer 172

are public signed with a digital signature

Answer 173

SSL for ie - is assigned to the server (stored on the server)

Answer 174

Digital Signature - is assigned to a person (stored on your PC)

Answer 175

Issues and revokes certificates. Can be internal or public (Verisign or GoDaddy)

Answer 176

Done within an organization. Authenticates the certificate holder prior to certificate issuance.

Answer 177

Maintained by the CA. Certificates are revoked if a private key is compromised, if an employee leaves the organization. Server side, starting to be replace by OCSP (client/server side hybrid)

Answer 178

Client/server hybrid, better balance, faster, keeps lists of revoked certificates.

Answer 179

a chipset developed and promoted by NSA was abandoned after public outcry, and was later found to have many security flaws.

Answer 180

provide integrity and non-repudiation

Answer 181

Set of protocols that provide cryptographic layer to IP traffic (IP v4/v6). Is often used for VPNs.

Answer 182

Provides Authentication and Integrity for each packet. Does not provie confidentiality. Protects against "replay attacks"

Answer 183

Provides confidentiality. It can provide Authentication and Integrity.

Answer 184

Simplex one-way comm (like walkie talkie). Can be used to negotiate ESPor AH parameters. If 2 sys use ESP they need 2 channels. If they use AH and ESP, they will use 4 SA's

Answer 185

Manages the SA creation process and key exchange mechanics.

Answer 186

encrypts and authenticates the entire package (including headers)

Answer 187

only encrypts and authenticates the payload. This is used for systems that speak ITSEC.

Answer 188

IPSEC can use different types of encryp and hashes. IKE negotiates the highest and fastest level of security algorithm

Answer 189

Provides privacy and authentication for data comm. Can provide confidentiality, integrity, authentication, and non-repudiation

Answer 190

provides a standard way to format email, including characters, sets, and attackments.

Answer 191

uses PKI to encryt and authenticate MIME-encoded email. The client or client's email server (called an S/MIME gateway) can perform the encryption.

Answer 192

Hash function using a key. Provides integrity and authenticity.

Answer 193

A pre-shared key is exchanged. The sender uses XOR to combine the plaintext with a shared key, then hashes the output using a hashing algorithem.

Answer 194

currently on v3. Mostly used for web traffic

Answer 195

More secure than SSL v3. Less commonly used for securing web traffic. Used mostly for Internet chat and email client access.

Answer 196

prevents actions from happening - Tall fences, locked doors, bollards

Answer 197

controls that detect an attack (before, during or after) - CCTV, alarms

Answer 198

controls that deter an attack - fences, security guards, dogs, lights, Beware of Dog signs

Answer 199

compensate other controls that are impossible or too costly to implement.

Answer 200

controls that give us admin framework - compliance, policies, procedures.

Answer 201

Class 1 residential, Class 2 Commercial/General Access, Class 3 Industrial/Limited access (18-wheeler loading dock), Class 4 Restricted access (airport or prison)

Answer 202

Can be copied and replicated without the key from either the numbers or a photo of it.

Answer 203

a lock mech that uses pins of varying lengths to prevent the lock form opening without the correct key.

Answer 204

with a lock pick sets or bumping, opening a lock without the key.

Answer 205

using a shaved-down key that matches the lock, the attacker "bumps" the key handle with a hammer or screwdriver which makes the pins jump, then the attacker quickly turns the key.

Answer 206

open any lock in a given area or security zone.

Answer 207

used to remoe a lock core in "interchangeable core locks."

Answer 208

Not very secure and have limited accountability even with unique codes. Should be used for low security areas.

Answer 209

They contain a computer circuit, using Integrated Circuit Card. Contact cards need to be inserted into a machine to be read. Contactless cards can be read by proximity.

Answer 210

swiped through a reader, no circuit. Very easy to duplicate.

Answer 211

a room with 2 doors; door 1 must close completely before door 2 can be opened.

Answer 212

All storage media should be encrypted.

Answer 213

Blackout = long loss of power, fault = short loss of power, brownout = long low voltage, Sag = short low voltage, Surge = long high voltage, Spike = Short high voltage.

Answer 214

Distrubance generated by an external source that affects an electical circuit by electromagnetic induction, electrostatic coupling, or conduction.

Answer 215

fiber > copper, because fiber is way more secure.

Answer 216

common temp levels ranage from 68-77 F with an allowable range of 59- 90F

Answer 217

Keeping positive pressure keeps outside contaminanats out.

Answer 218

should be kept between 40 and 60% (Relative Humidity)

Answer 219

You may like your servers more, but save the co-workers first.

Answer 220

is dont by removing one of the 3 requirements a fire has: oxygen (Halon,FM200,Argon), heat (chem/water), fuel (equipment).

Answer 221

Ordinary combustibles

Answer 222

Electrical equipment

Answer 223

for different temperatures: Oranage, Red, maybe Yellow.

Answer 224

not advisable in data center has water in the pipe.

Answer 225

sprinkler heads are closed. Pipe contains compressed air and a valve that stays shut as long as the air is present.

Answer 226

Sprinkler heads are open. Similar to Dryp Pipe, but sprinkler head is open, a deluge valve holds water back; normal air in pipers.

Answer 227

Single interlock: water released into pipes when teh fire alarm goes off, and when head opens. Double interlock: Similar to Dry Pipe, water not released until fire alarm and the sprinkler is open.

Answer 228

Should only be used in unmanned areas.

Answer 229

industry standard for protecting high-value assets. No longer used. Montreal Accord stopped the use of Halon except.

Answer 230

``` Data class C, Office class A PASS method to extingush a fire. Pull the pin in the handle Aim at the base of the fire Squeeze the lever slowly Sweep from side to side ```

Answer 231

primarily used for metal fires

Answer 232

most common extinguishers.

Answer 233

Normal compustibles

Answer 234

Flamible liquid and gasses

Answer 235

Electric equipment

Answer 236

Oils and fats

Answer 237

Compustible metals