Domain 3 - Security Engineering

Question 1

Abstraction

Answer 1

Involves the removal of characteristics from an entity in order to easily represent its essential properties.

Question 2

Access Control Matrix

Answer 2

A two-dimensional table that allows for individual subjects and objects to be related to each other.

Question 3

Asymmetric Algorithms

Answer 3

One-way functions, that is, a process that is much simpler to go in one direction (forward) than to go in the other direction (backward or reverse engineering).

Question 4

Address Space Layout Randomization (ASLR)

Answer 4

Involves randomly arranging the positions of key data areas of a program, including the base of the executable and the positions of the stack, heap, and libraries in a process’s memory address space.

Question 5

Aggregation

Answer 5

Combining non-sensitive data from separate sources to create sensitive information.

Question 6

Algorithm

Answer 6

A mathematical function that is used in the encryption and decryption processes.

Question 7

Bell-La Padula Model

Answer 7

Explores the rules that would have to be in place if a subject is granted a certain level of clearance and a particular mode of access.

Question 8

Brewer-Nash (The Chinese Wall) Model

Answer 8

This model focuses on preventing conflict of interest when a given subject has access to objects with sensitive information associated with two competing parties.

Question 9

Cable Plant Management

Answer 9

The design, documentation, and management of the lowest layer of the OSI network model - the physical layer.

Question 10

Certificate Authority (CA)

Answer 10

An entity trusted by one or more users as an authority in a network that issues, revokes, and manages digital certificates.

Question 11

Ciphertext or Cryptogram

Answer 11

The altered form of a plaintext message, so as to be unreadable for anyone except the intended recipients.

Question 12

Cloud Computing

Answer 12

A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management.

Question 13

Common Criteria

Answer 13

Provides a structured methodology for documenting security requirements, documenting and validating security capabilities, and promoting international cooperation in the area of IT security.

Question 14

Community Cloud Infrastructure

Answer 14

Provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns.

Question 15

Confusion

Answer 15

Provided by mixing (changing) the key values used during the repeated rounds of encryption. When the key is modified for each round, it provides added complexity that the attacker would encounter.

Question 16

Control Objects for Information and Related Technology (COBIT)

Answer 16

Provides a set of generally accepted processes to assist in maximizing the benefits derived using information technology (IT) and developing appropriate IT governance.

Question 17

Covert Channels

Answer 17

Communications mechanisms hidden from the access control and standard monitoring systems of an information system.

Question 18

Cryptanalysis

Answer 18

The study of techniques for attempting to defeat cryptographic techniques and, more generally, information security services.

Question 19

Cryptology

Answer 19

The science that deals with hidden, disguised, or encrypted communications. It embraces communications security and communications intelligence.

Question 20

Cyber-Physical Systems (CPS)

Answer 20

Smart networked systems with embedded sensors, processors, and actuators that are designed to sense and interact with the physical world and support real-time, guaranteed performance in safety-critical applications.

Question 21

Data Hiding

Answer 21

Maintains activities at different security levels to separate these levels from each other.

Question 22

Data Warehouse

Answer 22

A repository for information collected from a variety of data sources.

Question 23

Decoding

Answer 23

The reverse process from encoding - converting the encoded message back into its plaintext format.

Question 24

Diffusion

Answer 24

Provided by mixing up the location of the plaintext throughout the ciphertext.

Question 25

Digital Certificate

Answer 25

An electronic document that contains the name of an organization or individual, the business address, the digital signature of the certificate authority issuing the certificate, the certificate holder’s public key, a serial number, and the expiration date

Question 26

Digital Rights Management (DRM)

Answer 26

A broad range of technologies that grant control and protection to content providers over their own digital media.

Question 27

Digital Signatures

Answer 27

Provide authentication of a sender and integrity of a sender’s message.

Question 28

Enterprise Security Architecture (ESA)

Answer 28

Focused on setting the long-term strategy for security services in the enterprise.

Question 29

Firmware

Answer 29

The storage of programs or instructions in ROM.

Question 30

Generally Accepted Principles and Practices for Securing Information Technology Systems (NIST SP 800-14)

Answer 30

Provides a foundation upon which organizations can establish and review information technology security programs.

Question 31

Graham-Denning

Answer 31

Primarily concerned with how subjects and objects are created, how subjects are assigned rights or privileges, and how ownership of objects is managed.

Question 32

Inference

Answer 32

The ability to deduce (infer) sensitive or restricted information from observing available information.

Question 33

ISO/IEC 21827:2008, The Systems Security Engineering - Capability Maturity Model (SSE-CMM)

Answer 33

Describes the essential characteristics of an organization’s security engineering process that must exist to ensure good security engineering.

Question 34

Hash Function

Answer 34

Accepts an input message of any length and generates, through a one-way operation, a fixed-length output.

Question 35

Industrial Control Systems (ICS)

Answer 35

Used to control industrial processes such as manufacturing, product handling, production, and distribution.

Question 36

IT Infrastructure Library (ITIL)

Answer 36

Defines the organizational structure and skill requirements of an IT organization as well as the set of operational procedures and practices that direct IT operations and infrastructure, including information security operations.

Question 37

Embedded Systems

Answer 37

Used to provide computing services in a small form factor with limited processing power.

Question 38

Encoding

Answer 38

The action of changing a message into another format through the use of a code.

Question 39

Hybrid Cloud Infrastructure

Answer 39

A composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability.

Question 40

Initialization Vector (IV)

Answer 40

A non-secret binary vector used as the initializing input algorithm for the encryption of a plaintext block sequence to increase security by introducing additional cryptographic variance and to synchronize cryptographic equipment.

Question 41

Key Clustering

Answer 41

When different encryption keys generate the same ciphertext from the same plaintext message.

Question 42

Key Length

Answer 42

The size of a key, usually measured in bits or bytes, which a cryptographic algorithm used in ciphering or deciphering protected information.

Question 43

Key Space

Answer 43

This represents the total number of possible values of keys in a cryptographic algorithm or other security measure, such as a password.

Question 44

Message Authentication Code (MAC)

Answer 44

A small block of data that is generated using a secret key and then appended to the message.

Question 45

Message Digest

Answer 45

A small representation of a larger message. Message digests are used to ensure the authentication and integrity of information, not the confidentiality.

Question 46

Middleware

Answer 46

A connectivity software that enables multiple processes running on one or more machines to interact.

Question 47

Multilevel Lattice Models

Answer 47

A security model describes strict layers of subjects and objects and defines clear rules that allow or disallow interactions between them based on the layers they are in.

Question 48

Non-repudiation

Answer 48

A service that ensures the sender cannot deny a message was sent and the integrity of the message is intact.

Question 49

OpenID Connect

Answer 49

An interoperable authentication protocol based on the OAuth 2.0 family of specifications.

Question 50

OWASP

Answer 50

A nonprofit organization focused on improving the security of software.

Question 51

Paging

Answer 51

Divides the memory address space into equal-sized blocks called pages.

Question 52

Payment Card Industry Data Security Standard (PCI-DSS)

Answer 52

Provides the security architect with a framework of specifications to ensure the safe processing, storing, and transmission of cardholder information.

Question 53

Plaintext

Answer 53

The message in its natural format.

Question 54

Primary Storage

Answer 54

Stores data that has a high probability of being requested by the CPU.

Question 55

Private Cloud

Answer 55

In this model, the cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers.

Question 56

Protection Keying

Answer 56

Divides physical memory up into blocks of a particular size, each of which has an associated numerical value called a protection key.

Question 57

Public Cloud Infrastructure

Answer 57

Provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.

Question 58

Registration Authority (RA)

Answer 58

This performs certificate registration services on behalf of a CA.

Question 59

Secondary Storage

Answer 59

Holds data not currently being used by the CPU and is used when data must be stored for an extended period of time using high-capacity, nonvolatile storage.

Question 60

Security Assertion Markup Language (SAML)

Answer 60

An XML-based standard used to exchange authentication and authorization information.

Question 61

Security Zone of Control

Answer 61

An area or grouping within which a defined set of security policies and measures are applied to achieve a specific level of security.

Question 62

Segmentation

Answer 62

Dividing a computer’s memory into segments.

Question 63

Sherwood Applied Business Security Architecture (SABSA) Framework

Answer 63

Holistic life cycle for developing security architecture that begins with assessing business requirements and subsequently creating a “chain of traceability” through the phases of strategy, concept, design, implementation, and metrics.

Question 64

State Attacks

Answer 64

Attempt to take advantage of how a system handles multiple requests.

Question 65

State Machine Model

Answer 65

Describes the behavior of a system as it moves between one state and another, from one moment to another.

Question 66

Stream-based Ciphers

Answer 66

When a cryptosystem performs its encryption on a bit-by-bit basis.

Question 67

Symmetric Algorithms

Answer 67

Operate with a single cryptographic key that is used for both encryption and decryption of the message.

Question 68

Substitution

Answer 68

The process of exchanging one letter or byte for another.

Question 69

System Kernel

Answer 69

The core of an OS, and one of its main functions is to provide access to system resources, which includes the system’s hardware and processes.

Question 70

The Open Group Architecture Framework (TOGAF)

Answer 70

An architecture content framework (ACF) to describe standard building blocks and components as well as numerous reference models.

Question 71

Transposition

Answer 71

The process of reordering the plaintext to hide the message.

Question 72

Work Factor

Answer 72

This represents the time and effort required to break a protective measure.

Question 73

Zachman Framework

Answer 73

A logical structure for identifying and organizing the descriptive representations (models) that are important in the management of enterprises and to the development of the systems, both automated and manual, that comprise them.