Domain 3 - Security Architecture and Engineering

Question 1

Define Brewer-Nash model

Answer 1

The Brewer-Nash model allows access controls to change dynamically based upon a user’s actions.

Question 2

What is the “ m of n “ control?

Harry would like to retrieve a lost encryption key from a database that uses m of n control, with m = 4 and n = 8. What is the minimum number of escrow agents required to retrieve the key?

Answer 2

In an m of n control system, at least m of n possible escrow agents must collaborate to retrieve an encryption key from the escrow database.

Question 3

Digital signatures that are approved part of the federal Digital Signature Standard under FIPS 186-4

Answer 3

RSA
ECDSA
DSA

Question 4

Another term for sandbox

Answer 4

Confinement

Question 5

_______ is the degree of confidence that an organization has that its security controls are correctly implemented. It must be continually monitored and reverified.

A Trust
B Credentialing
C Verification
D Assurance

Answer 5

D.
Assurance is the degree of confidence that an organization has that its security controls are correctly implemented. It must be continually monitored and reverified.

Question 6

Define Maintenance Hook

Answer 6

Maintenance hooks, otherwise known as backdoors, provide developers with easy access to a system, bypassing normal security controls. If not removed prior to finalizing code, they pose a significant security vulnerability if an attacker discovers the maintenance hook.

Question 7

Define Biba model (two) attributes

Answer 7

a. Simple Integrity Property NO READ DOWN
b. *(star) Integrity Property NO WRITE UP

INTEGRITY ONLY!!NO READ DOWN, NO WRITE UP**

Question 8

Define Bell-LaPadula model attributes

Answer 8

a. Simple Security Property. NO READ UP! Example: Secret cannot read up to TOP Secret
b. *(star) Security Property. NO WRITE DOWN Example: Moving TOP SECRET data to Secret level

CONFIDENTIALITY of DATA ONLY!!NO READ UP, NO WRITE DOWN**

Question 9

Define Clark-Wilson model attributes

Answer 9

a. Preventing unauthorized users from making modifications to data or programs
b. Preventing authorized users from making improper or unauthorized modifications
c. Maintaining internal and external consistency of data and programs

INTEGRITY ONLY!!SUBJECT|PROGRAM|OBJECT**

Question 10

What does TPM hardware restrict users from doing?

Answer 10

Prevents someone from accessing an encrypted drive by installing it in another computer.

Definition: Trusted Platform Module (TPM) is a hardware security technique that stores an encryption key on a chip on the motherboard

Question 11

Asymmetric cryptosystem

Answer 11

sender of a message always encrypts the message using the recipient’s public key.

Recipient decrypts with recipients private key

Sender creates digital signature using sender private key. Recipient verifies signature using sender public key

Question 12

What is a “salt” in terms of passwords?

Answer 12

salt is a random value added to a password before it is hashed by the operating system

Question 13

What type of fire suppression system fills with water when the initial stages of a fire are detected and then requires a sprinkler head heat activation before dispensing water?

A. Wet Pipe
B. Dry Pipe
C. Deluge
D. Preaction

Answer 13

D.

A preaction fire suppression system activates in two steps. The pipes fill with water once the early signs of a fire are detected. The system does not dispense water until heat sensors on the sprinkler heads trigger the second phase.

Question 14

What IPSEC configuration provides confidentiality for the content of packets?

Answer 14

ESP

Encapsulating Security Payload (ESP) protocol provides confidentiality and integrity for packet contents. It encrypts packet payloads and provides limited authentication and protection against replay attacks.

Question 15

What are the 5 defining characteristics of cloud based technologies?

Answer 15

1. On demand self service
2. Broad Network Access
3. Resource Pooling
4. Rapid Elasticity
5. Measured Service

Question 16

What are the 3 cloud service models that everyone agrees on?

Answer 16

1. SAAS (Software as a service)
2. PAAS (Platform as a Service)
3. IAAS (Infrastructure as a Service)

Question 17

What are the four cloud deployment models?

Answer 17

1. Private
2. Community (Private cloud within Private
   Cloud)
3. Public (World Wide Web)
4. Hybrid (Mix of two or more of above)

Question 18

Define Type I Hypervisor

Answer 18

Native Bare Metal

Example: eSXI, HYPER V

Question 19

Define Type II Hypervisor

Answer 19

Hosted on a client O/S

Example: Virtual Box, Parallels. Application that runs on top of OS that provides virtualization

Question 20

Define this OWASP attack type:

When un-trusted data is sent to an interpreter as part of a command query.

Answer 20

Injection.

SQL, NOSQL, OS, LDAP

Question 21

Define this OWASP attack type:

Application functions related to authentication and session management are often implemented incorrectly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities temporarily or permanently.

Answer 21

Broken Authentication

Question 22

Attackers may steal or modify weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data may be compromised without extra protection, such as encryption at rest or in transit, and requires special precautions when exchanged with the browser.

Answer 22

Sensitive Data Exposure

Question 23

Define this OWASP attack type:

Many older or poorly configured XML processors evaluate external entity references within XML documents. External entities can be used to disclose internal files using the file URI handler, internal file shares, internal port scanning, remote code execution, and denial of service attacks.

Answer 23

XML External Entities (XXE)

Applications and in particular XML-based web services or downstream integrations might be vulnerable to attack if:

• The application accepts XML directly or XML uploads, especially from
untrusted sources, or inserts untrusted data into XML documents, which is then parsed by an XML processor.

• Any of the XML processors in the application or SOAP based web services has
document type definitions (DTDs) enabled. As the exact mechanism for disabling DTD processing varies by processor, it is good practice to consult a reference such as the OWASP Cheat Sheet ‘XXE Prevention’.

• If your application uses SAML for identity processing within federated
security or single sign on (SSO) purposes. SAML uses XML for identity assertions, and may be vulnerable.

• If the application uses SOAP prior to version 1.2, it is likely susceptible
to XXE attacks if XML entities are being passed to the SOAP framework.

Question 24

Define this OWASP attack type:

Restrictions on what authenticated users are allowed to do are often not properly enforced. Attackers can exploit these flaws to access unauthorized functionality and/or data, such as access other users’ accounts, view sensitive files, modify other users’ data, change access rights, etc…

Answer 24

Broken Access Control

Question 25

Define this OWASP attack type:

The most commonly seen issue. The result of insecure default configurations, incomplete or ad hoc configurations, open cloud storage, misconfigured HTTP headers, and verbose error messages containing sensitive information. Not only must all operating systems, frameworks, libraries, and applications be securely configured, but they must be patched and upgraded in a timely fashion.

Answer 25

Security Misconfiguration

Question 26

Define this OWASP attack type:

flaws occur whenever an application includes untrusted data in a new web page without proper validation or escaping, or updates an existing web page with user-supplied data using a browser API that can create HTML or JavaScript.

Answer 26

Cross-Site Scripting (XSS)

Question 27

Define this OWASP attack type:

Often leads to remote code execution. Even if deserialization flaws do not result in remote code execution, they can be used to perform attacks, including replay attacks, injection attacks, and privilege escalation attacks.

Answer 27

Insecure Deserialization

Question 28

Define this OWASP attack type:

Components, such as libraries, frameworks, and other software modules, run with the same privileges as the application. If a vulnerable component is exploited, such an attack can facilitate serious data loss or server takeover. Applications and APIs using components with known vulnerabilities may undermine application defenses and enable various attacks and impacts.

Answer 28

Using Components with Known Vulnerabilities

Question 29

Define this OWASP attack type:

Insufficient logging and monitoring,
coupled with missing or ineffective integration with incident response, allows attackers to further attack systems, maintain persistence, pivot to more systems, and tamper, extract, or destroy data.

Answer 29

Insufficient Logging & Monitoring

Question 30

Where should server rooms be located in a building?

Answer 30

a. should be located in or near center of building
b. should not be on ground floor if possible
c. should not be on top floor if possible
d. should not be in basement if possible
e. should be away from water, gas, sewer runs if possible
f. walls of space should have a MINIMUM fire rating of 1 hour

Question 31

How many bits of keying material does the Data Encryption Standard use for encrypting information?

A. 56 bits
B. 64 bits
C. 128 bits
D. 256 bits

Answer 31

A.

DES uses a 64-bit encryption key, but only 56 of those bits are actually used as keying material in the encryption operation. The remaining 8 bits are used to detect tampering or corruption of the key.

Question 32

Which one of the following is not one of the basic requirements for a cryptographic hash function?

A. The function must work on fixed-length input.

B. The function must be relatively easy to compute for any input.

C. The function must be one way.Your selection is incorrect

D. The function must be collision free.

Answer 32

A.
Hash functions must be able to work on any variable-length input and produce a fixed-length output from that input, regardless of the length of the input.

Question 33

CC Evaluation Assurance Levels (EALs)

EAL 1

Answer 33

Functionally tested

Question 34

CC Evaluation Assurance Levels (EALs)

EAL 2

Answer 34

Structurally tested

Question 35

CC Evaluation Assurance Levels (EALs)

EAL 3

Answer 35

Methodically tested & checked

Question 36

CC Evaluation Assurance Levels (EALs)

EAL 4

Answer 36

Methodically designed, tested, reviewed

Question 37

CC Evaluation Assurance Levels (EALs)

EAL 5

Answer 37

Semi-formally designed & tested

Question 38

CC Evaluation Assurance Levels (EALs)

EAL 6

Answer 38

Semi-formally verified, designed, & tested

Question 39

CC Evaluation Assurance Levels (EALs)

EAL 7

Answer 39

Formally verified, designed, tested

Question 40

What does GPR (Ground Potential Rise) protect from?

Answer 40

Lightning Strikes

Question 41

Whats an ideal temperature range?

Answer 41

60 - 75 degrees

15 - 23 degrees Celsius

Question 42

Whats an ideal humidity range?

Answer 42

40 - 60%

Question 43

How many stages are there to a fire?

Answer 43

4

1. Incipient Stage
2. Smoke Stage
3. Flame Stage
4. Heat Stage

Question 44

What is Class A Fire extinguishers used for and whats the suppression material?

Answer 44

Common Combustibles;

Water and Soda Acid

Question 45

What is Class B Fire extinguishers used for and whats the suppression material?

Answer 45

Liquids;

C02, Halon Equivalent, soda acid

Question 46

What is Class C Fire extinguishers used for and whats the suppression material?

Answer 46

Electrical;

C02, Halon Equivalent

Question 47

What is Class D Fire extinguishers used for and whats the suppression material?

Answer 47

Metal;

Dry Powder

Question 48

What are the 5 fire detection system types?

Answer 48

1. Fixed Temperature
2. Rate of rise detection
3. Flame Actuated
4. Smoke Actuated
5. Incipient smoke detection

Question 49

What are the 4 types of water suppression system types?

Answer 49

wet pipes - Constant Water in them

dry pipes - do no have water in them

pre-action - incorporate a detection system

deluge - another type of dry pipe except all sprinkler heads are in the open position.

Question 50

What are the gas systems used in fire suppression?

Answer 50

a. FM-200
b. CEA-410 or CEA-308
c. Argon
d. Aero-K

Question 51

What are the goals of cryptography?

Answer 51

1. Confidentiality
2. Integrity
3. Authentication
4. Non repudiation

Question 52

“A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.”

Answer 52

Kerckoffs Principle

Question 53

How is logical operator “AND” also represented?

Answer 53

” ^ “

Question 54

How is logical operator “OR” also represented?

Answer 54

” v “

Question 55

How is logical operator “XOR” also represented?

Answer 55

” ⊕ “

Question 56

How is logical operator “NOT” also represented?

Answer 56

” - “

or

” ! “

Question 57

Modulo Function is defined as what?

Answer 57

Remainder left over AFTER a division operation has been performed.

Example: 8 MOD 6 = 2

6 goes into 8 ONCE with TWO left over

Question 58

easily produces output, but makes it impossible to retrieves the input values

Answer 58

One-Way Function

Question 59

Ability to prove your knowledge of a fact to a third party WITHOUT revealing that fact to the third party. “Show but don’t tell”

Answer 59

Zero knowledge proof

Question 60

Cryptographic systems of symbols that represent words or phrases, but are not always secret & DO NOT provide confidentiality.

Answer 60

Codes

Question 61

ALWAYS meant to hide the meaning of a transmitted message using a variety of techniques to achieve some measure of confidentiality.

Answer 61

Ciphers

Question 62

Only TRULY UNBREAKABLE cryptosystem, but only if implemented correctly

Answer 62

One-Time pad (Vernam Cipher)

Question 63

One of the earliest documented cipher systems, using substitution

Answer 63

Caeser Cipher

Question 64

A method of encrypting alphabetic text by using a series of different Caeser ciphers based on the letters of a keyword. It is a simple form of polyalphabetic substitution.

Answer 64

Vigenere Cipher

Question 65

Used in cases where the use of encryption is not necessary but yet the fact that no encryption is needed must be configured in order for the system to work.

Answer 65

Null Cipher

Question 66

Sender and receiver agree on a key word, for example, pizza. A table is the constructed used that word and then the rest of the alphabet - skipping over the letters already appearing in the key and using I and J as the same letter.

Answer 66

Playfair Cipher

Question 67

Which cryptographic algorithm uses only a SINGLE KEY?

Answer 67

Symmetric

Question 68

Different encryption keys generate the same cipher text from the same plain text message

Answer 68

Key Clustering

Question 69

DES , 3DES, IDEA, BLOWFISH , SKIPJACK and AES are all forms of what type of algorithm?

Answer 69

Symmetric

Question 70

How many keys do you need with asymmetric algorithm and 4 participants?

Answer 70

6 Keys

n ( n - 1 ) / 2 ….Where “n” is the number of participants

Question 71

Used to be the standard for the symmetric encryption for many governments and militaries but no longer because it is considered compromised?

Answer 71

DES

Question 72

How many bits is the KEY SPACE for DES?

Answer 72

56 bit key

8 bits are reserved for parity operations

Question 73

How many bits is the KEY SPACE for 2-DES?

Answer 73

112 bit key

Question 74

How many bits is the KEY SPACE for 3-DES?

Answer 74

168 bit key

Question 75

How many rounds of XOR does DES use?

Answer 75

16 rounds

Also may be referred to as “16 rounds of encryption”

Question 76

How many bits is the BLOCK space that DES operates on?

Answer 76

64 bits

Question 77

Which encryption algorithm contains the following:

64 bit block cipher and 128 bit key

Answer 77

IDEA

Question 78

Which encryption algorithm contains the following:

64 bit block cipher and variable key from 32 to 448 bits

Answer 78

Blowfish

Question 79

Which encryption algorithm contains the following:

64 bit block cipher and 80 bit key. Also has capability to use key escrow for encryption keys.

Was considered the basis for the US governments attempt’s at the clipper chip

Answer 79

Skipjack

Question 80

Which encryption algorithm contains the following:

128 bit block cipher with variable keys from 128, 192 and 256

Answer 80

AES

Question 81

What are the rounds that correspond with the following AES key lengths below:

128 bit key
192 bit key
256 bit key

Answer 81

128 bit key requires 10 rounds
192 bit key requires 12 rounds
256 bit key requires 14 rounds

Question 82

What was the original name for the AES algorithm?

Answer 82

Rijndael Algorithm

Question 83

Rijndael Algorithm (AES) consists of 4 major operations. What are those?

Answer 83

1. Substitute Bytes
2. Shift Rows
3. Mix Columns
4. Add Round Key

Question 84

Which encryption algorithm contains the following:

64 bit block and keys between 40 and 128 bits in length. Rounds are 12 -16

Answer 84

CAST-128

Question 85

Which encryption algorithm contains the following:

128 bit block with keys of 128, 192, 160, 224 and 256. Performs 48 rounds and is described in RFC2612

Answer 85

CAST-256

Question 86

Which encryption algorithm contains the following:

128 bit block with keys up to 256 bits

Answer 86

TwoFish

Question 87

Which encryption algorithm contains the following:

Variable block size 32, 64, 128 and with key length of 0 to 2048 bits

Answer 87

RC-5 (RIVEST)

Question 88

When implementing STREAM encryption. It is considered what?

Answer 88

synchronous

Question 89

When implementing BLOCK encryption. It is considered what?

Answer 89

asynchronous

Question 90

Secure holding facility for cryptographic key

Answer 90

key escrow

Question 91

ALL cryptosystems have a limited lifespan based on their ability to withstand attacks

Answer 91

Cryptographic Lifecycle

Question 92

Most famous asymmetric crypto system. Named for its creators:
Rivest
Shamir
Adleman

Answer 92

RSA

Question 93

Developed at approx same time as RSA and also based on difficulty of factoring but took different approach. Broken in 1984

Answer 93

Merkle-Hellman Knapsack

Question 94

Based on an extension of the diffie-hellman algorithm published without a patent so its freely available.

Answer 94

El Gamal

Question 95

Based on the elliptic curve discrete logarithm problem

Answer 95

ECC Elliptic Curve Cryptography

Question 96

Take a message and mix it with a hash to derive a unique output value

Answer 96

hash function

Question 97

RSA 5 basic requirments of a hash function

Answer 97

1. input can be of any length
2. output has fixed length
3. hash function is easy to compute for given input
4. hash function is “one-way”; almost impossible to figure out the input based on the output
5. hash function is collision free; almost impossible to find two messages that will produce the same hash value

Question 98

What hashing algorithm uses the following:

160 bits using 512 bit block size for processing the message

Answer 98

SHA-160

Question 99

What hashing algorithm uses the following:

224 bits using 512 bit block size for processing the message

Answer 99

SHA-224

Question 100

What hashing algorithm uses the following:

256 bits using 512 bit block size for processing the message

Answer 100

SHA-256

Question 101

What hashing algorithm uses the following:

384 bits using 1024 bit block size for processing the message

Answer 101

SHA-384

Question 102

What hashing algorithm uses the following:

512 bits using 1024 bit block size for processing the message

Answer 102

SHA-512

Question 103

Preferred hashing algorithm also known as Keccak Algorithm

Answer 103

SHA3

Question 104

All of the following are considered what?

HAVAL - bit= 128,60,192,224,256

MD2,4,5 - bit = 128

Hash Message Authentication Code (HMAC) - bit = Variable

RIPEMD- bit = 160

Answer 104

Hashing Functions

Question 105

Comprehensive system required to provide public-key encryption and digital signature services. It has three primary purpose:

1. Publish public keys/certs
2. Certify that the key is tied to individual or entity.
3. Provide verification of the validity of a public key.

Answer 105

PKI - Public Key Infrastructure

Question 106

Protects the entire communication circuit by creating an encrypted tunnel between two end points, encrypting ALL OF THE DATA, including the header, trailer, address and routing info

Answer 106

Link Encryption

Example: SSL/TLS

Question 107

Protects communications between two parties and is performed independently of link encryption. Just encrypts the data payload itself, not any of the routing information, so it is quicker.

Answer 107

End-To-End Encryption

Example: SSH

Question 108

Most commonly used VPN protocol IP Traffic ONLY!

1. Authentication Header - Authentication, integrity and non-repudiation
2. ESP Encapsulating Security Payload - Confidentiality with limited authentication, Operates at Layer 3 and can be deployed in Transport or Tunnel Mode

Answer 108

IPSec

IPSec must be deployed with AH and ESP!!!!

Question 109

Provides security support in IPSec by negotiating, establishing, modifying and deleting security associations (SAs).

Four Requirements Include:

1. Authenticate communicating peers
2. Create & Modify security associations
3. Provide key generation mechanisms
4. Protect against threats

Answer 109

ISAKMP - Internet Security Association and Key Management

Question 110

Negotiated by ISAKMP during the initialization of an IPSec session. It Requires a simplex connection, or a “one-way” transmission agreement.

Answer 110

Security Association (SAs)

Question 111

Algebraic manipulation attempting to reduce the complexity of the algorithim by focusing on the lofic of the algorthim

Answer 111

Analytic Attack

Question 112

Exploitiung weakness in the way in th which the cryptosystem has been architechted and implemented

Answer 112

Implementation Attack

Question 113

Exploits weakness such as floating point errors & an inability to produce truly random numbers

Answer 113

Statistical Attack

Question 114

Attempting EVERY POSSIBLE combination until the right one is found.

Ways to enhance this attack:

a. Rainbow Tables
b. Use of special hardware

Ways to defeat:

a. Salt the Passwords
b. pepper
c. Key stretching

Answer 114

Brute Force Attack