Domain 3 - Security Architecture & Engineering

Question 1

A major strength of this Encryption type is communication between parties previously unknown to eachother

Answer 1

Public Key Encryption

Question 2

Define PKI Hierarchy of Trust Relationships

Answer 2

Trust = Permits combining asymmetric + symmetric cryptography to create a hybrid cryptography

Question 3

What is the difference between Asymmetric and Symmetric Encryption?

Answer 3

Asymmetric uses a key pair. One to encrypt/one to decrypt. It is also not identical on both sides.

Question 4

Shared Secret is _______ encryption

Answer 4

Symmetric

Question 5

When a sender uses a shared key to encrypt and the receiver uses the same key to decrypt, what kind of algorithm is this?

Answer 5

Symmetric

Question 6

The resource a user or process wants to access

Answer 6

Object

Question 7

The user or process that makes a request to access a resource

Answer 7

Subject

Question 8

This Framework uses various levels of testing (EAL) and confirmation of a system’s security capabilities

Answer 8

Common Criteria

Question 9

Developed to replace ITSEC

Answer 9

Common Criteria

Question 10

More flexible than TCSEC

Answer 10

Common Criteria

Question 11

The first attempt at establishing a single standard for evaluating security attributes of computer systems

Answer 11

ITSEC

Question 12

Gov’t Book that Addresses security evaluation topics for Networks and Network Components

Answer 12

Red Book

Question 13

True or False? The Red Book states that subjects accessing objects on the network need to be Controlled, Monitored, and Audited?

Answer 13

True

Question 14

Software designers do this to restrict actions of a program. It allows a process to read from and write to only certain memory locations and resources.

Answer 14

Process Confinement

Question 15

How could a program that writes to and reads from an area of memory that’s being used by another program violate the 3 tenets of security - CIA?

Answer 15

 Confidentiality
• I.e, if the data that’s processing was sensitive or secret, it’s confidentiality is no longer guaranteed
 Integrity
• I.e, if the data is overwritten or altered, there is no guarantee of integrity
 Availability
• If the data modification results in corruption or loss, it could become unavailable for future use

Question 16

Limits being set on Memory Addresses and Resources is a process known as setting b_______.

Answer 16

Bounds

Question 17

Bounds, similar to boundaries, state the area within which a p______ is confined or contained.

Answer 17

Process

Question 18

Describe the difference between Logical Bounds and Physical Bounds

Answer 18

Logical - Segment logical areas of memory
Physical - Require every bounded process to run an in area of memory that is physically separated from other bounded processes

Question 19

When a process is confined through enforcing access bounds, that process runs in ________n.

Answer 19

Isolation

Question 20

_____ _______ ensures that any behavior will affect only the memory and resources associated with the isolated process

Answer 20

Process Isolation

Question 21

Process Isolation is not required for preemtive multitasking, True or False?

Answer 21

False - Process Isolation is required for pre emptive multitasking

Question 22

A System that is Always secure no matter what state it is in

Security Models (Computer Architecture and Operating System Design)

Answer 22

State Machine Model

Question 23

Define a ‘State’ as it relates to the State Machine Model

Answer 23

A snapshot of a system at a specific Moment in Time

Question 24

Which Access Control uses Static Attributes of the Subject and Object

Access Controls - Access Rules

Answer 24

MAC

Question 25

Compartmented (Top Secret)
System High Mode
Multilevel Mode (Secret, Top Secret, and Clearance)
and Dedicated Mode are Security Modes in relation to which Access control?

Answer 25

MAC

Question 26

With this Access Control, the Subject has some ability to define Objects to Access

Access Control

Answer 26

DAC

Question 27

Which Kernel makes up the main component of the TCB?

Answer 27

The Security Kernel

Question 28

True or False?

The TCB is made up of Hardware, Software, and Firmware

Answer 28

TRU

Question 29

Which two Access Control Models Enforce Integrity?

Answer 29

Clark Wilson, Biba

Question 30

Name a specific Military Access Control model that enforces Confidentiality

Answer 30

Bell-LaPadula

Question 31

Does Clark Wilson use a Lattice or a 3 part relationship? Such as Subject/Transaction/Object

Answer 31

3 Part Relationship

Question 32

True or False - in Clark-Wilson Subjects DO NOT have direct access to Objects?

Objects can only be accessed through programs?

Answer 32

True; Objects can only be accessed through programs

Question 33

Bell lapadula addresses confidentiality.

True or false

Answer 33

TrUe
Does not address integrity
Keeps secret secret

Question 34

P points down in bell lapadula because ____ down?

Answer 34

P reads down