Domain 3 - Security Engineering

Question 1

Common Criteria ISO 15408

Answer 1

Structured methodology for documenting security requirements, documenting and validating

Question 2

What is a Protection Profile (PP)?

Answer 2

Set of security requirements for a category of products that meet specific consumer security needs

Question 3

What is the Target of Evaluation (TOE)?

Answer 3

The product

Question 4

What is the Security Target (ST)?

Answer 4

Identifies the security properties of TOE

Question 5

Security Functional Requirements (SFRs)

Answer 5

Specific individual security functions

Question 6

EAL0

Answer 6

Inadequate assurance

Question 7

EAL1

Answer 7

Functionally tested

Question 8

EAL2

Answer 8

Structurally tested

Question 9

EAL3

Answer 9

Methodically tested and checked

Question 10

EAL4

Answer 10

Methodically designed, tested and reviewed

Question 11

EAL5

Answer 11

Semi formally designed and tested

Question 12

EAL6

Answer 12

Semi formally verified design and tested

Question 13

EAL7

Answer 13

Formally verified design and tested

Question 14

NIST SP 800-27

Answer 14

Engineering Principles for IT Security

A Baseline for Achieving Security

Question 15

NIST SP 800-27 - Step 1

Answer 15

Initiation; need expressed, purpose documented, impact assessment

Question 16

NIST SP 800-27 - Step 2

Answer 16

Development/Acquisition; system designed, purchased, programmed, developed or constructed.

Question 17

NIST SP 800-27 - Step 3

Answer 17

Implementation; system tested and installed, certification and accreditation

Question 18

NIST SP 800-27 - Step 4

Answer 18

Operation/Maintenance; performs function, security operations, audits

Question 19

NIST SP 800-27 - Step 5

Answer 19

Disposal; disposition of information, HW and SW

Question 20

CMM (Maturity Model)

Answer 20

I Regularly Drink My OrangeJuice

Initial
Repeatable
Defined
Managed
Optimizing

Question 21

What are the functions of OS Kernel?

Answer 21

Loads & runs binary programs,

schedules task swapping, allocates memory &

tracks physical location of files on computers hard disk,

manages IO/OP requests from software, &

translates them into instructions for CPU

Question 22

Primary Storage

Answer 22

A temporary storage area for data entering and leaving the CPU

Question 23

Random Access Memory (RAM)

Answer 23

A temporary holding place for data used by the operating systems. It is volatile; meaning if it is turned off the data will be lost. Two types of RAM are dynamic and static.

Question 24

Dynamic Ram

Answer 24

Needs to be refreshed from time to time or the data will be lost.

Question 25

Static RAM

Answer 25

Does not need to be refreshed

Question 26

Read-Only Memory (ROM)

Answer 26

Non-volatile, which means when a computer is turned off the data is not lost;

for the most part ROM cannot be altered.

ROM is sometimes referred to as firmware

Question 27

Erasable and Programmable Read-Only Memory (EPROM)

Answer 27

Nonvolatile like ROM, however EPROM can be altered.

Question 28

Multitasking

Answer 28

Execute more than one task at the same time

Question 29

Multiprocessing

Answer 29

More than one CPU is involved

Question 30

Multi-Threading

Answer 30

Execute different parts of a program simultaneously

Question 31

Single state machine

Answer 31

Operates in the security environment at the highest level of classification of the information within the computer.

In other words, all users on that system must have clearance to access the info on that system.

Question 32

Multi-state machine

Answer 32

Can offer several security levels without risk of compromising the system’s integrity.

Question 33

CICS

Answer 33

Complex instructions. Many operations per instruction. Less number of fetches

Question 34

RISC

Answer 34

Reduced instructions.

Simpler operations per instruction.

More fetches

Question 35

1 GL

Answer 35

machine language (used directly by a computer)

Question 36

2GL

Answer 36

assembler

Question 37

3GL

Answer 37

FORTRAN. Basic pl/1 and C++

Question 38

4GL

Answer 38

Natural / focus and SQL

Question 39

5GL

Answer 39

Prolog, lisp artificial intelligence languages based on logic

Question 40

In regards to memory protection, describe Segmentation.

Answer 40

Dividing a computer’s memory into segments.

Question 41

In regards to memory protection, what is Protection Keying?

Answer 41

Numerical values, Divides physical memory up into particular sized blocks, each of which has an associated numerical value called a protection key.

Question 42

In regards to memory protection, what is Paging?

Answer 42

Divides memory address space into even size blocks called pages. To emulate that we have more RAM than we have.

SYSTEM KERNAL KNOWS THE LOCATION OF THE PAGE FILE

Question 43

Data Execution Prevention

Answer 43

A system-level memory protection feature that is built into the OS DEP prevents code from being run from data pages such as the default heap, stacks, and memory pools

Question 44

ITIL

Answer 44

The ITIL Core includes five publications addressing the overall life cycle of systems. ITIL as a whole identifies best practices that an organization can adopt to increase overall availability, and the Service Transition publication addresses configuration management and change management processes.

• Service Strategy
• Service Design
• Service Transition
• Service Operations
• Continuous Service Improvemen

Question 45

What are the Types of Security Models?

Answer 45

State Machine Model
Information Flow Model
Noninterference Model

Question 46

State Machine Model

Answer 46

describes a system that is always secure no matter what state it is in. If all aspects of a state meet the requirements of the security policy, that state is considered secure.

A transition occurs when accepting input or producing output.

A transition always results in a new state (also called a state transition).

A secure state machine model system always boots into a secure state, maintains a secure state across all transitions, and allows subjects to access resources only in a secure manner compliant with the security policy.

Question 47

Information Flow Model

Answer 47

Focuses on the flow of information. Information flow models are based on a state machine model.

The Bell-LaPadula and Biba models are both information flow models. Information flow models don’t necessarily deal with only the direction of information flow; they can also address the type of flow.

Information flow models are designed to prevent unauthorized, insecure, or restricted information flow, often between different levels of security (these are often referred to as multilevel models).

The information flow model also addresses covert channels by specifically excluding all non-defined flow pathways.

Question 48

Noninterference Model

Answer 48

Loosely based on the information flow model. However, instead of being concerned about the flow of information, the noninterference model is concerned with how the actions of a subject at a higher security level affect the system state or the actions of a subject at a lower security level.

Basically, the actions of subject A (high) should not affect the actions of subject B (low) or even be noticed by subject B.

The noninterference model can be imposed to provide a form of protection against damage caused by malicious programs such as Trojan horses.

Question 49

What are some Techniques for Ensuring CIA?

Answer 49

Confinement
Bounds
Isolation

Question 50

Confinement

Answer 50

To restrict the actions of a program. Simply put, process confinement allows a process to read from and write to only certain memory locations and resources. This is also known as sandboxing.

Question 51

Bounds

Answer 51

A process consist of limits set on the memory addresses and resources it can access. The bounds state the area within which a process is confined or contained.

Question 52

Isolation

Answer 52

When a process is confined through enforcing access bounds that process runs in isolation. Process isolation ensures that any behavior will affect only the memory and resources associated with the isolated process.

Question 53

List 7 Security Models

Answer 53

MATRIX
BELL-LAPADULA
BIBA
 CLARK WILSON 
Information flow model
Brewer and Nash 
 Lipner Model – Confidentiality and Integrity, BLP + Biba                  1st Commercial

Question 54

MATRIX

Answer 54

• Provides access rights to subjects for objects
• Access rights are read, write and execute
• Columns are ACL’s
• Rows are capability lists - Supports discretionary access control

Question 55

BELL-LAPADULA

Answer 55

MAC SUBJECTS/OBJECTS/CLEARANECS/

• Confidentiality model
• developed by DOD, thus classification
• Cannot read up (simple e=read security rule)
• Cannot write down (* property rule AKA CONFINEMENT PROPERTY). Exception is a trusted subject.
• Uses access matrix to specify discretionary access control
• Use need to know principle
• Strong star rule: read and write capabilities at the same level
• First mathematical model defined
• tranquility principle in Bell-LaPadula prevents security level of subjects from being changed once they are created
• Bell-LaPadula is concerned with preventing information flow from a high security level to a low security level.

Question 56

BIBA

Answer 56

MAC “if I in it INTEGRITY MODEL”

• Integrity model
• Cannot read down (simple e=read integrity rule)
• Simple integrity property - cannot write up (* integrity)
• lattice based (least upper bound, greatest lower bound, flow policy)
• subject at one level of integrity cant invoke subject at a higher level of integrity
• Biba is concerned with preventing information flow from a low security level to a high security level.
• Focus on protecting objects from external threa

Question 57

CLARK WILSON

Answer 57

• integrity model
• Cannot be tampered, logged, and consistency
• Enforces segregation of duty
• Requires auditing
• Commercial use
• Works with SCI Constrained Data items, data item whose integrity is to be preserved
• Access to objects only through programs
• An integrity verification procedure (IVP) is a procedure that scans data items and confirms their integrity.

Question 58

Information flow model

Answer 58

• Each object is assigned a security class and value, and information is constrained to flow in the directions that are permitted by the security policy. Thus flow of information from one security level to another. (Bell & Biba)

Question 59

Brewer and Nash

Answer 59

The Chinese Wall model provides a dynamic access control depending on user’s previous actions. This model prevents conflict of interests from members of the same organization to look at information that creates a conflict of another member of that organization.

Question 60

Lipner Model

Answer 60

Confidentiality and Integrity, BLP + Biba 1st Commercial Model

Question 61

Graham-Denning

Answer 61

A computer security model that shows how subjects and objects should be securely created and deleted.

The model is based on the Access Control Matrix model

Question 62

TAKE-GRANT

Answer 62

uses a direct graph to specify the rights that subjects can transfer to objects or that subjects can take from other subjects

• Uses STATES and STATE TRANSTIONS

Question 63

Describe Composition Theories?

Answer 63

Some other models that fall into the information flow category build on the notion of how inputs and outputs between multiple systems relate to one another— which follows how information flows between systems rather than within an individual system.

These are called composition theories because they explain how outputs from one system relate to inputs to another system.

Question 64

Cascading

Answer 64

Input for one system comes from the output of another system.

Question 65

Feedback

Answer 65

One system provides input to another system, which reciprocates by reversing those roles (so that system A first provides input for system B and then system B provides input to system A)

Question 66

Hookup

Answer 66

One system sends input to another system but also sends input to external entities

Question 67

MAC

Answer 67

Mandatory Access Control

Subjects are labelled as to their level of clearance. Objects are labelled as to their level of classification or sensitivity.

Question 68

User

Answer 68

perform work task

Question 69

Data Owners

Answer 69

protect data

Question 70

Data Custodians

Answer 70

classify and protect data

Question 71

Information Technology Security Evaluation Criteria (ITSEC)

Answer 71

A structured set of criteria for evaluating computer security within products and systems.

Used in Europe Only

Addresses CIA

• refers to any system being evaluated as a target of evaluation
  (TOE).
• does not rely on the notion of a TCB, and it doesn’t require that a system’s security components be isolated within a TCB.
• includes coverage for maintaining targets of evaluation after changes occur without requiring a new formal evaluation.
  Certification

Question 72

TOE

Answer 72

Target of Evaluation refers to any system being evaluated

Question 73

Certification

Answer 73

Evaluation of security features and safeguards if it meets requirements.

Certification is the comprehensive evaluation of the technical and nontechnical security features of an IT system and other safeguards made in support of the accreditation process to establish the extent to which a particular design and implementation meets a set of specified security requirements

Question 74

Accreditation

Answer 74

The formal declaration by the designated approving authority (DAA) that an IT system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk.

Once accreditation is performed, management can formally accept the adequacy of the overall security performance of an evaluated system.

Question 75

System accreditation

Answer 75

A major application or general support system is evaluated

Question 76

Site accreditation

Answer 76

The applications and systems at a specific, self-contained location are evaluated

Question 77

Type accreditation

Answer 77

An application or system that is distributed to a number of different locations is evaluated

Question 78

Trusted Computer System Evaluation Criteria TCSEC: (Orange book)

Answer 78

From the U.S. DoD, it evaluates operating systems, application and systems.

It doesn’t touch the network part. It only addresses confidentiality!

Question 79

ITSEC: 1
TCSEC: D

Answer 79

Minimal protection, any systems that fails higher levels

Question 80

ITSEC: 2
TCSEC: C1

Answer 80

DAC; (identification, authentication, resource protection).

Question 81

ITSEC: 3
TCSEC: C2

Answer 81

DAC; Controlled access protection (object reuse, protect audit trail).

Question 82

ITSEC: 4
TCSEC: B1

Answer 82

MAC; (security labels) based on Bell LaPadula security model. Labeled security (process isolation, devices

Question 83

ITSEC: 5
TCSEC: B2

Answer 83

MAC; Structured protection (trusted path, covert channel analysis). Separate operator/admin roles. Configuration management

Question 84

ITSEC: 6
TCSEC: B3

Answer 84

MAC; security domain (trusted recovery, Monitor event and notification).

Question 85

ITSEC: 7
TCSEC: A

Answer 85

MAC; Formal, verified protection

Question 86

What are the Operational assurance requirements for TCSEC?

Answer 86

• System Architecture
• System Integrity
• Covert Channel analysis - Trusted Facility Management
• Trusted recovery

Question 87

Rainbow series: Red

Answer 87

trusted network

Question 88

Rainbow series: Orange

Answer 88

TCSEC evaluation

Question 89

Rainbow series: Brown

Answer 89

Trusted facilities management

Question 90

Rainbow series: Green

Answer 90

Password management

Question 91

ISO 27001

Answer 91

Focus on the standardization and certification of an organization’s information security management system (ISMS), security governance, a standard; ISMS.

Info security minimum systems

Question 92

ISO 27002

Answer 92

(inspired from ISO 17799) – a guideline which lists security control objectives and recommends a range of specific security controls;

more granular than 27001. 14 areas

BOTH INSPIRED FROM BS7799

Question 93

Control Frameworks

Answer 93

Consider the overall control framework or structure of the security solution desired by the organization

Question 94

COBIT

Answer 94

Control Objectives for Information and Related Technology, is a documented set of best IT security practices crafted by the Information Systems Audit and Control Association (ISACA).

It prescribes goals and requirements for security controls and encourages the mapping of IT security ideals to business objectives.

Question 95

COBIT 5

Answer 95

Based on five key principles for governance and management of enterprise IT:

 Principle 1: Meeting Stakeholder Needs

 Principle 2: Covering the Enterprise End-to-End

 Principle 3: Applying a Single, Integrated Framework

 Principle 4: Enabling a Holistic Approach

 Principle 5: Separating Governance from Management.

COBIT is used not only to plan the IT security of an organization but also as a guideline for auditors.

Question 96

What is Virtualization?

Answer 96

Used to host one or more operating systems within the memory of a single host computer.

Such an OS is also known as a guest operating system. From the perspective that there is an original or host OS installed directly on the computer hardware, the additional Oses hosted by the hypervisor system are guests.

Question 97

Virtual machine

Answer 97

Simulated environment created by the OS to provide a safe and efficient place for programs to execute

Question 98

Virtual SAN

Answer 98

Software-defined shared storage system is a virtual re-creation of a SAN on top of a virtualized network or an SDN.

Question 99

TOC/TOU attack

Answer 99

Race condition exploits, and communication disconnects are known as state attacks because they attack timing, data flow control, and transition between one system state to another.

Question 100

RACE

Answer 100

Two or more processes require access to the same resource and must complete their tasks in the proper order for normal functions

Question 101

Register

Answer 101

CPU also includes a limited amount of onboard memory, known as registers that provide it with directly acessible memory locations that the brain of the CPU, the arithmetic-logical unit (ALU), uses when performing calculations or processing instructions, small memory locations directly in the CPU.

Question 102

Stack Memory Segment

Answer 102

Used by processors to communicate instructions and data to each other

Question 103

Monolithic Operating System Architecture

Answer 103

All of the code working in kernel mode/system mode in an ad hoc and nonmodularized OS

Question 104

Memory Addressing

Answer 104

When using memory resources, the processor must have some means of referring to various locations in memory. The solution to this problem is known as addressing.

Question 105

Register Addressing

Answer 105

When the CPU needs information from one of its registers to complete an operation, it uses a register address (for example, “register 1”) to access its contents.

Question 106

Immediate Addressing

Answer 106

Is not a memory addressing scheme per se but rather a way of referring to data that is supplied to the CPU as part of an instruction. For example, the CPU might process the command “Add 2 to the value in register 1.” This command uses two addressing schemes. The first is immediate addressing— the CPU is being told to add the value 2 and does not need to retrieve that value from a memory location— it’s supplied as part of the command. The second is register addressing; it’s instructed to retrieve the value from register 1.

Question 107

Direct Addressing

Answer 107

In direct addressing, the CPU is provided with an actual address of the memory location to access. The address must be located on the same memory page as the instruction being executed. Direct addressing is more flexible than immediate addressing since the contents of the memory location can be changed more readily than reprogramming the immediate addressing’s hard-coded data. Indirect Addressing

Question 108

Indirect addressing

Answer 108

uses a scheme similar to direct addressing. However, the memory address supplied to the CPU as part of the instruction doesn’t contain the actual value that the CPU is to use as an operand. Instead, the memory address contains another memory address (perhaps located on a different page). The CPU reads the indirect address to learn the address where the desired data resides and then retrieves the actual operand from that address.

Question 109

Base + Offset Addressing

Answer 109

uses a value stored in one of the CPU’s registers as the base location from which to begin counting. The CPU then adds the offset supplied with the instruction to that base address and retrieves the operand from that computed memory location.

Question 110

PaaS

Answer 110

Platform-as-a-Service is the concept of providing a computing platform and software solution stack as a virtual or cloudbased service.

Essentially, this type of cloud solution provides all the aspects of a platform (that is, the operating system and complete solution package).

The primary attraction of PaaS is the avoidance of having to purchase and maintain high-end hardware and software locally.

Customer supplies application code that the vendor then executes on its own infrastructure

Question 111

SaaS

Answer 111

Software-as-a-Service, is a derivative of PaaS. SaaS provides on-demand online access to specific software applications or suites without the need for local installation. In many cases, there are few local hardware and OS limitations.

Question 112

IaaS

Answer 112

Infrastructure-as-a-Service, takes the PaaS model yet another step forward and provides not just on-demand operating solutions but complete outsourcing options.

This can include utility or metered computing services, administrative task automation, dynamic scaling, virtualization services, policy implementation and management services, and managed/ filtered Internet connectivity.

Deployment Models, parent organization still responsible for patching OS of virtual hosts,

Question 113

CaaS

Answer 113

not a TERM!

• Private; cloud-based assets for a single organization. Organizations can create and host private clouds using their own resources.
• Community; provides cloud-based assets to two or more organizations. Maintenance responsibilities are shared based on who is hosting the assets and the service models.
• Public; model includes assets available for any consumers to rent or lease and is hosted by an external CSP. Service level agreements can be effective at ensuring the CSP provides the cloud-based services at a level acceptable to the organization.

Question 114

What methods can provide Database Security?

Answer 114

Aggregation

Inference

Question 115

Aggregation

Answer 115

SQL provides a number of functions that combine records from one or more tables to produce potentially useful information.

Aggregation is not without its security vulnerabilities.

Aggregation attacks are used to collect numerous low-level security items and combine them to create something of a higher security level or value.

Question 116

Inference

Answer 116

Involve combining several pieces of non-sensitive information to gain access to information that should be classified at a higher level. However, inference makes use of the human mind’s deductive capacity rather than the raw mathematical ability of modern database platforms.

Question 117

Data Warehousing

Answer 117

Large databases, store large amounts of information from a variety of databases for use with specialized analysis techniques.

Question 118

Data Mining

Answer 118

Technique allow analysts to comb through data warehouses and look for potential correlated information.

Question 119

Data dictionary

Answer 119

Commonly used for storing critical information about data, including usage, type, sources, DBMS software reads the data
ISO

Question 120

What is the purpose of Encryption?

Answer 120

Protect transmitted information from being read and understood except by the intended recipient

Question 121

Substitution

Answer 121

like shifting and rotating alphabets, can be broken by statistical looking at repeating characters or repeats

Question 122

Vernam

Answer 122

cipher (one time pad): - key of a random set of non- repeating characters

Question 123

Information Theory

Answer 123

Claude Elmwood Shannon

Question 124

Transposition

Answer 124

Permutation is used, meaning that letters are scrambled.

The key determines positions that the characters are moved to, for example vertical instead of horizontal

Question 125

Null Cipher

Answer 125

used in cases where the use of encryption is not necessary but yet the fact that no encryption is needed must be configured in order for the system to work. Ex. Testing, stenograph

Question 126

Key Length

Answer 126

use with each algorithm based on the sensitivity of information transmitted, longer key the better!

Question 127

Key space

Answer 127

is the range of values that are valid for use as a key for a specific algorithm. A key space is defined by its bit size. Bit size is nothing more than the number of binary bits (0s and 1s) in the key.

The key space is the range between the key that has all 0s and the key that has all 1s.

Key space doubles each time you add a bit to key length, which makes cryptanalysis more difficult.

Question 128

Key Clustering

Answer 128

when different encryption keys generate the same ciphertext from the same plaintext message BAD

Question 129

Synchronous

Answer 129

each encryption or decryption request is performed immediately

Question 130

Asynchronous

Answer 130

encrypt/decrypt request are processed in queues.

Question 131

Hash Function

Answer 131

one-way mathematical operation that reduces a message or data file into a smaller fixed length output. Encrypted using private key of sender.

Question 132

Registration Authority

Answer 132

– performs certificate registration services on behalf of a CA. RA verifies user credentials

Question 133

Certificate Authority

Answer 133

PKI, entity trusted by one or more users as an authority in a network that issues, revokes, and manages digital certificates

Question 134

Key Space

Answer 134

represents the total number of possible values of keys in a cryptographic algorithm for the encryption of a plaintext block sequence to increase security by introducing additional cryptographic variance. HOW HARD TO BRUTE FORCE

Question 135

Transposition/permutation

Answer 135

process of reordering plaintext to hide the message rambo = ombar

Question 136

SP-network

Answer 136

process described by Claude Shannon used in most block ciphers to increase their strength

Question 137

Confusion

Answer 137

mixing the key values during repeated rounds of encryption, make the relationship between ciphertext and key as complex as possible

Question 138

Diffusion

Answer 138

mix location of plaintext throughout ciphertext, change of a single bit should drastically change hash, dissipate pattern

Question 139

Meet in the Middle

Answer 139

Attackers might use a meet-in-the-middle attack to defeat encryption algorithms that use two rounds of encryption.

This attack is the reason that Double DES (2DES) was quickly discarded as a viable enhancement to the DES encryption (it was replaced by Triple DES (3DES, TDES, EEE, EDE).
Key

Question 140

Block Cipher

Answer 140

segregating plaintext into blocks and applying identical encryption algorithm and key

Question 141

Cipher

Answer 141

cryptographically transformation that operates on characters or bits. DES, word scramble, shift letters

Question 142

Cipher text or Cryptogram

Answer 142

unintelligible message, encrypt text Clustering – situation wherein plain text messages generates identical cipher text messages using the same algorithm but with different crypto-variables or keys

Question 143

Codes

Answer 143

cryptographic transformation that operates at the level of words or phrases, one by land, two by sea

Question 144

Cryptanalysis

Answer 144

breaking the cipher text,

Question 145

Cryptographic Algorithm

Answer 145

Step by step procedure to encipher plaintext and decipher cipher text

Question 146

Cryptography

Answer 146

the art and science of hiding the meaning of communications from unintended recipients. (Greek: kryptos=hidden, graphein=to write)

Question 147

Cryptology

Answer 147

cryptography + cryptanalysis

Question 148

Cryptosystem

Answer 148

set of transformations from a message space to cipher space

Question 149

Decipher

Answer 149

To make the message readable, undo encipherment process

Question 150

Encipher

Answer 150

make message unintelligible

Question 151

End-to-end encryption

Answer 151

Encrypted information that is sent from point of origin to destination. In symmetric encryption this means both having the same identical key for the session

Question 152

Exclusive OR

Answer 152

Boolean operation that performs binary addition

Question 153

Key or Crypto variable

Answer 153

Information or sequence that controls the enciphering and deciphering of messages

Question 154

Link encryption

Answer 154

stacked encryption using different keys to encrypt each time

Question 155

One Time Pad

Answer 155

encipher each character with its own unique key that is used only once, unbreakable supposedly

Question 156

PGP (GPG)

Answer 156

encrypt attached files

Question 157

Plaintext

Answer 157

message in clear text readable form

Question 158

Steganography

Answer 158

secret communications where the existence of a message is hidden (inside images for example)

Question 159

Dumpster Diving

Answer 159

of going through someone’s trash to find useful or confidential info –it is legal but unethical in nature

Question 160

Phishing

Answer 160

act of sending spoofed messages that pretend to originate from a source the user trusts (like a bank)

Question 161

Social Engineering

Answer 161

act of tricking someone into giving sensitive or confidential info that may be used against the company

Question 162

Script kiddie

Answer 162

someone with moderate hacking skills, gets code from the Internet.

Question 163

Red boxing

Answer 163

pay phones cracking

Question 164

Black Boxing

Answer 164

manipulates toll-free line voltage to phone for free

Question 165

Blue Boxing

Answer 165

tone simulation that mimics telephone co. system and allows long distance call authorization

Question 166

White box

Answer 166

dual tone, multifrequency generator to control phone system

Question 167

Phreakers

Answer 167

– hackers who commit crimes against phone companies

Question 168

Salami

Answer 168

removal of a small amount of money otherwise known as skimming

Question 169

Zero-knowledge proof

Answer 169

a communication concept. A specific type of information is exchanged but no real data is transferred, as with digital signatures and digital certificates. Understand split knowledge. “magic door”

Question 170

Split knowledge

Answer 170

means that the information or privilege required to perform an operation is divided among multiple users.

This ensures that no single person has sufficient privileges to compromise the security of the environment.

M of N Control (multiparty key recovery) is an example of split knowledge.

Question 171

Skipjack

Answer 171

Like many block ciphers, Skipjack operates on 64-bit blocks of text.

It uses an 80-bit key and supports the same four modes of operation supported by DES.

Skipjack was quickly embraced by the US government and provides the cryptographic routines supporting the Clipper and Capstone encryption chips.

However, Skipjack has an added twist— it supports the escrow of encryption keys.

Question 172

What are the Goals of Cryptography?

Answer 172

Confidentiality
Integrity 
Proof of origin 
Non-repudiation 
Protect data at rest Protect data in transit

Question 173

Key Clustering

Answer 173

when different encryption keys generate the same ciphertext from the same plaintext message

Question 174

Work Factor

Answer 174

time and effort required to break a protective measure

Question 175

Kirchhoff’s Principle

Answer 175

all but key, secure Synchronous and self-synchronous

Random Number Generators (RNGs) Vigenere Cipher – uses key words and numerous rows (traditionally 26), each one of which is offset by one.

Question 176

Security Monitoring

Answer 176

• Reference Monitor and security kernel are used to determine whether a user should be allowed to access an object
• “complete mediation” means that all subjects must be authenticated and their access rights verified before they can access any object

Question 177

Stream-based Ciphers

Answer 177

Operate on one character or bit of a message (or data stream) at a time.

The Caesar cipher is an example of a stream and shift cipher.

The one-time pad is also a stream cipher because the algorithm operates on each letter of the plaintext message independently.

SUBSTITUTION, real-time Advantage – bit by bit substitution with XOR & keystream Emulates one time pad

No size difference between plaintext and ciphertext

Disadvantage Can be difficult to implement correctly

Generally weaker than block mode cipher

Difficult to generate a truly random unbiased keystream
Wireless
Stream Cipher Uses WEP, WPA – use WEP if you have nothing else
RC4
Audio Visual

Question 178

Block-based Ciphers

Answer 178

Ciphers operate on “chunks,” or blocks, of a message and apply the encryption algorithm to an entire message block at the same time.

The transposition ciphers are examples of block ciphers. SUBSTITUTION & TRANSPOSITION

No longer common/effective attack on wireless networks

Question 179

CBC Cipher Block Chaining

Answer 179

blocks of 64 bits with - 64bits initialization vector. Errors will propagate

Question 180

ECB Electronic Code Book

Answer 180

right block/left block pairing 1-1. Replication occurs. Secure short messages

Question 181

Cipher Feedback CFB

Answer 181

stream cipher where the cipher text is used as feedback into key generation. errors will propagate

Question 182

Output Feedback OFB

Answer 182

stream cipher that generates the key but XOR-ing the plaintext with a key stream. No errors will propagate

Question 183

Counter (CTR)

Answer 183

secure long messages

Question 184

Symmetric Cryptography

Answer 184

Both the receiver and the sender share a common secret key.

• Larger key size is safer > 128
• Can be time-stamped (to counter replay attacks)
• Does not provide mechanisms for authentication
• non-repudiation

Question 185

Examples of Symmetric Cryptography

Answer 185

DEA Data Encryption Algorithm

AES Advanced Encryption Standard

Rijndael Block Cipher Algorithm

RC5

IDEA - International Data Encryption Algorithm

Two fish

Blowfish

Question 186

DES (data Encryption Standard)

Answer 186

• DEA Data Encryption Algorithm x3.92, using 64 block size and 56bit key with 8bits parity
• 16-rounds of substitution and transposition cryptosystem
• Adds confusion(conceals statistical connect between cipher text and plaintext) and Diffusion (spread the influence of plaintext characters over many cipher text characters by means of transposition like HIDE IHED)
• Triple des = three times encrypted DES, preferably with 3 different keys = DES-EE3. Actual key length = 168 bits.

Uses 48 rounds of computations (3x16) -

Replaced by AES Advanced Encryption Standard

Question 187

AES Advanced Encryption Standard

Answer 187

• one of the most popular symmetric encryption algorithms
• NIST selected it as a standard replacement for the older Data Encryption Standard (DES) in 2001.
• BitLocker (a full disk encryption application used with a Trusted Platform Module) uses AES
• Microsoft Encrypting File System (EFS) uses AES for file and folder encryption
• AES supports key sizes of 128 bits, 192 bits, and 256 bits, and the US government has approved its use to protect classified data up to top secret
• Larger key sizes add additional security, making it more difficult for unauthorized personnel to decrypt the data.
• Keys are 128, 192, and 256 bits, blocks 128 bits.

Question 188

Rijndael Block Cipher Algorithm

Answer 188

for speed, simplicity and resistance against known attacks. Variable block length and variable key lengths (128,192 and 256 bits)

Question 189

RC5

Answer 189

variable algorithm up 0 to 2048 bits key size

• Rivest Cipher 5, or RC5, is a symmetric algorithm patented by Rivest, Shamir, and Adleman (RSA) Data Security, the people who developed the RSA asymmetric algorithm.

RC5 is a block cipher of variable block sizes (32, 64, or 128 bits) that uses key sizes between 0 (zero) length and 2,040 bits.

Question 190

IDEA

Answer 190

International Data Encryption Algorithm 64 bit plaintext and 128 key length with confusion and diffusion used in PGP software patented requires licenses fees/free noncom.

Question 191

Two fish

Answer 191

key lengths 256 bits blocks of 128 in 16rounds

Question 192

Blowfish

Answer 192

by Bruce Schneider key lengths 32 to 448 bits, used on Linux systems that use bcrypt (DES alternative)

Question 193

Asymmetric Cryptography

Answer 193

 Sender and receiver have public and private keys.

 Public to encrypt a message, private to decrypt

 Slower than symmetric, secret key (100 to 1000)

Question 194

Examples of Public Key Algorithms (Asymmetric)

Answer 194

RSA
Diffie Hellman Key exchange 
el Gamal 
DSA Digital Signature Algorithm 
ECC - Elliptic Curve Cryptosystem

Question 195

RSA

Answer 195

(Rivest, Shamir, & Adleman) works with one way math with large prime numbers (aka trap door functions).

Can be used for encryption, key exchange and digital signatures)

Question 196

Diffie Hellman Key exchange

Answer 196

About exchanging secret keys over an insecure medium without exposing the keys

Question 197

el Gamal

Answer 197

works with discrete logarithms, based on Diffie Hellman

Question 198

DSA Digital Signature Algorithm

Answer 198

the US Government Equivalent of the RSA algorithm

Question 199

ECC - Elliptic Curve Cryptosystem

Answer 199

mathematical properties of elliptical curves, IT REQUIRES FEWER RESOURCES THAN RSA.

Used in low power systems (mobile phones etc.)

Question 200

Hybrid Cryptography

Answer 200

Uses both asymmetrical and symmetrical encryption

• asymmetrical for key exchange
• symmetrical for the bulk - thus it is fast
• example: SSL, PGP, IPSEC S/MIME

Question 201

Message Digest

Answer 201

summaries of a message’s content (not unlike a file checksum) produced by a hashing algorithm, checksum?

Question 202

MAC

Answer 202

Message Authentication Code

Question 203

Security Assertion Markup Language (SAML)

Answer 203

SAML is an XML-based convention for the organization and exchange of communication authentication and authorization details between security domains, often over web protocols.

SAML is often used to provide a web-based SSO (single sign-on) solution.

If an attacker can falsify SAML communications or steal a visitor’s access token, they may be able to bypass authentication and gain access SAML is a common protocol used for SSO on the Internet.

*Best choice to support a federated identity management system,

Does not have a security mode and relies on TLS and digital signatures

If home organization offline implement a cloud based system

User training about SSO directs a good idea

Question 204

Service Provisioning Markup Language (SPML)

Answer 204

Allow platforms to generate and respond to provisioning requests

It is a newer framework based on XML but specifically designed for exchanging user information for federated identity single sign-on purposes.

It is based on the Directory Service Markup Language (DSML), which can display LDAP-based directory service information in an XML format.

Question 205

Cyber-Physical Systems

Answer 205

Smart networked systems with embedded sensors, processors, and actuators that are designed to sense and interact with the physical world

Question 206

Scythe

Answer 206

wound papyrus around a wooden rod to see message

Question 207

Substitution character

Answer 207

shifting 3 character (C3) for example in the one (mono-alphabet) alphabet system

Question 208

Cipher disks

Answer 208

2 rotating disks with an alphabet around it

Question 209

Jefferson disks

Answer 209

26 disks that cipher text using an alignment bar

Question 210

Unix

Answer 210

uses rot 13 rotate 13 places in the alphabet

Question 211

Hagelin machine (M-209)

Answer 211

mechanical cryptographic machine

Question 212

Enigma

Answer 212

poly-alphabetic substitution cipher machine

Question 213

SABSA

Answer 213

Sherwood Applied business security architecture chain of traceability, 6 layer

Question 214

TOGAF

Answer 214

method step by step process and framework. These are the tools to go forward FRAMEWORK AND METHOD

Question 215

Zachman Framework

Answer 215

common context to understand a complex architecture, communication and collaboration

Question 216

Asymmetric Alogorithms

Answer 216

• Uses a pair of keys (private and public) for encryption and decryption
• Built upon hard to resolve mathematical problem using factorization, discreet logarithms, and the elliptic curve theory.
• Slower than symmetric alogorithm

Question 217

Types of Asymmetric Systems

Answer 217

Diffie-Helman
RSA
El Gamal
Elliptic Curve Cryptosystems
LUC
Knapsack
Zero Knowledge Proof

Question 218

Types of Symmetric Algorithms

Answer 218

DES
3DES
AES
IDEA
Blowfish
Twofish
RC4
RC5
RC6
CAST
SAFER
Serpent

Question 219

Symmetric vs. Asymmetric Key Systems

Answer 219

Symmetric

• Same, shared keys
• Key Exchange is Out-of-band
• Speed is Faster
• Used for Bulk encryption such as files and communication
• Security service provided is Confidentiality

Asymmetric

• Public and Private Keys
• Key exchange: In Bound. Symmetric key is encrypted and sent with message
• Slower and more complex
• Use is Key encryption and key distribution
• Security service provided is Confidentiality, Authentication, Non-Repudiation

Question 220

Public Key Infrastructure (PKI).

Answer 220

In the public key infrastructure, certificate authorities (CAs) generate digital certificates containing the public keys of system users.

Users then distribute these certificates to people with whom they want to communicate.

Certificate recipients verify a certificate using the CA’s public key. X.509 standard = PKI .

Serial number, owner, issuer name Integrity (hash code and message digest), access control, confidentiality (by encryption), authentication (digital certificates) and non-repudiation (digital signatures) issuer signs a certificate

If you only want to check if a mail is not altered: use digital signature!

Proves that the signature was provided by the intended signer

trust anchor = public key that has been verified and that’s trusted

Question 221

Digital signatures

Answer 221

• no modifications allowed - identity can be derived
• Works with a one-way hash (message digest), like SHA- 1 (512 bit blocks) or MD5 (128 bits digest) or HMAC that uses a key
• Acceptable encryption algorithms choices – DSA, RSA, ECDSA

HASH it and ENCRYPT message digest

Correct way to create and use a digital signature

– hash the document, encrypt only the hash with the sender’s private key, send both the plain text document and the encrypted hash to recipient.

Question 222

S/Mime

Answer 222

Confidentiality (encryption) Integrity (using PKCS X.509 PKI) and non-rep through signed message digests PEM - Privacy Enhanced Email Encryption (AES) PKI X.509 and RSA

Question 223

Message Security protocol

Answer 223

Military X.400. Sign, Encrypt, Hash

Question 224

Pretty Good Privacy (PGP)

Answer 224

uses IDEA and RSA instead

Question 225

Digital Certificates

Answer 225

contain specific identifying information and their construction is governed by international standard (X.509), creation and validation of digital certificates

Who signs a digital certificate – someone vouching for person not the person.

CRLs - Certificate Revocation Lists are maintained by the various certificate authorities and contain the serial numbers of certificates that have been issued by a CA and have been revoked along with the date and time the revocation went into effect.

Question 226

Hashing

Answer 226

ATTACK HASH BY BRUTE FORCE and dictionary CRYPTANALYSIS

Basic Technique –

BRUTE Force will win with no constraints input of any length and generate a fixed length output Hash algorithms (Message Digests)

Requirements for HASH

• works on non-fixed length input
• must be relatively easy to compute for any input
• function must be one way
• function must be one way

Most used are MD5 (message Digest 128 bits) and SHA1 (signature hashing algorithm 160 bits)

Question 227

MD5

Answer 227

It also processes 512-bit blocks of the message, but it uses four distinct rounds of computation to produce a digest of the same length as the MD2 and MD4 algorithms (128 bits).

MD5 has the same padding requirements as MD4— the message length must be 64 bits less than a multiple of 512 bits.

MD5 implements additional security features that reduce the speed of message digest production significantly.

Unfortunately, recent cryptanalytic attacks demonstrated that the MD5 protocol is subject to collisions, preventing its use for ensuring message integrity.

It is possible to create two digital certificates from different public keys that have the same MD5 hash.

Question 228

SHA1

Answer 228

Was designed by NIST and NSA to be used in digital signatures

Question 229

Traffic analysis

Answer 229

Inference of information from analysis of traffic

Question 230

Traffic padding

Answer 230

generation of spurious data units

Question 231

Collision

Answer 231

Same message digest as a result of hashing.

Question 232

Ciphertext Only

Answer 232

attacker sees only the ciphertext, one of the most difficult

Question 233

Known Plaintext

Answer 233

attacker knowns both cipher and plaintext

Question 234

Chosen Plaintext

Answer 234

offline attack (attacker prepares list of plaintexts) -lunch box attack

Question 235

online attack

Answer 235

(attacker chooses the plaintext based on the ciphertext already received)

Question 236

Chosen ciphertext

Answer 236

attacker chooses both the plaintext values and the ciphertext values, cherry picking, feed info and based on what you learned get key

Question 237

Birthday Attack

Answer 237

Collisions appear much fasters, birthdays match

Question 238

POODLE

Answer 238

• (Padding Oracle on Downgraded Legacy Encryption) attack helped force the movement from SSL 3.0 to TLS because it allowed attackers to easily access SSL encrypted messages.

Question 239

CRIME/BEAST

Answer 239

earlier attacks against SSL

Question 240

STUXNET

Answer 240

worm aimed at Iranian nuclear capability

Question 241

Digital Rights Management

Answer 241

uses encryption to enforce copyright restrictions on digital media. serves to bring U.S. copyright law into compliance with terms of two

World Intellectual Property Organization (WIPO) treaties. The first major provision of the DMCA is the prohibition of attempts to circumvent copyright protection mechanisms placed on a protected work by the copyright holder.

Question 242

Applets

Answer 242

these code objects are sent from a server to a client to perform some action. In fact, applets are actually self-contained miniature programs that execute independently of the server that sent them.

Question 243

Java applets

Answer 243

are simply short Java programs transmitted over the Internet to perform operations on a remote system.

Question 244

ActiveX

Answer 244

Controls are Microsoft’s answer to Sun’s Java applets.

Operate in a similar fashion, but they are implemented using a variety of languages(C, C + +, Java).

Two key distinctions between Java applets and ActiveX controls.

First, ActiveX controls use proprietary Microsoft technology and, therefore, can execute only on systems running Microsoft browsers.

Second, ActiveX controls are not subject to the sandbox restrictions placed on Java applets.

They have full access to the Windows operating environment and can perform a number of privileged actions

Question 245

Natural environment threats

Answer 245

earthquakes
floods,
tornadoes

Question 246

Supply system threats

Answer 246

power
communications
water
gas

Question 247

Man-made threats

Answer 247

vandalism, fraud, theft

Question 248

Politically motivated threats

Answer 248

terroristic attacks,
riots
bombings

Question 249

Layered defense model

Answer 249

all physical controls should be work together in a tiered architecture (stacked layers)

Question 250

Vulnerability

Answer 250

weakness

Question 251

threat

Answer 251

someone will identify the weakness and use it against you and becomes the threat agent

Risk analysis–>Acceptable

Question 252

Kerchoff principle

Answer 252

a cryptographic system should be secure even if everything about the system, except the key, is public knowledge

Question 253

Input and Parameter Checking

Answer 253

limit how much data can be proffered as input. Proper data validation is the only way to do away with buffer overflows.

Question 254

Side-channel attack

Answer 254

a passive, noninvasive attack intended to observe the operation of a device.

When the attack is successful, the attacker is able to learn valuable information contained within the smartcard, such as an encryption key

Question 255

Transitive Trust

Answer 255

Transitive trust is the concept that if A trusts B and B trusts C, then A inherits trust of C through the transitive property— which works like it would in a mathematical equation: if a = b, and b = c, then a = c.

A transitive trust extends the trust relationship between the two security domains to all of their subdomains.

Within the context of least privilege, it’s important to examine these trust relationships.

Question 256

Nontransitive trust

Answer 256

Exists between two security domains, which could be within the same organization or between different organizations.

It allows subjects in one domain to access objects in the other domain.

A non-transitive trust enforces the principle of least privilege and grants the trust to a single domain at a time.
Interference

Question 257

Clean

Answer 257

no interference

Question 258

Line noise

Answer 258

can be EMI or RFI

Question 259

Transient

Answer 259

short duration of noise

Question 260

Countermeasures: Interference

Answer 260

voltage regulators, grounding/shielding and line conditioners

Question 261

COMMON mode noise

Answer 261

difference between hot and ground

HINT: common–grounds

Question 262

Traverse mode noise

Answer 262

difference between hot and neutral

Question 263

SPIKE

Answer 263

short high voltage

Question 264

SURGE

Answer 264

long high voltage

Question 265

Countermeasures: Excess voltage

Answer 265

surge protector

Question 266

FAULT

Answer 266

short outage

Question 267

BLACKOUT

Answer 267

long outage

Question 268

Countermeasures: Power loss

Answer 268

Backup power

Long term: Backup Power generator

Short term: UPS

Question 269

SAG/DIP

Answer 269

short low voltage

Question 270

BROWNOUT

Answer 270

long low voltage

Question 271

Countermeasures: Power degredation

Answer 271

constant voltage transformers

Question 272

Humidity

Answer 272

<40% static electricity up to 20.000 volts NORMAL 40-60% up to 4000 volts >60% corrosion

Question 273

Tempest

Answer 273

Shielding and other emanations-reducing mechanism, a technology that allows the electronic emanations that every monitor produces (known as Van Eck radiation) to be read from a distance (this process is known as Van Eck phreaking)

Question 274

White noise

Answer 274

broadcasting false traffic at all times to mask and hide the presence of real emanations.

Question 275

Faraday cage

Answer 275

A box, mobile room, or entire building designed with an external metal skin, often a wire mesh that fully surrounds an area on all sides (in other words, front, back, left, right, top, and bottom).

This metal skin acts as an EMI absorbing capacitor control zone - the implementation of either a Faraday cage or white noise generation or both to protect a specific area in an environment

Question 276

Fire Prevention

Answer 276

Training

construction, supplies, reach ability

Question 277

Manual Fire Detection

Answer 277

pull boxes

Question 278

Automatic Fire Detection

Answer 278

Automatic dial- up: Fire department, aka Auxiliary station alarm

Question 279

Types of Fire detectors

Answer 279

• Smoke activated,
• Heat activated,
• Flame activated (infrared)

Question 280

Common Fire

Answer 280

WATER, SODA ACID (take away temp)

Question 281

Liquids Fire

Answer 281

GAS/CO2, SODA ACID (takes away fuel)

Question 282

Electrical Fire

Answer 282

-GAS/CO2 (displace O2)

Question 283

Metals Fire

Answer 283

DRY POWDER

Question 284

WATER

Answer 284

suppress temperature

Question 285

SODA ACID

Answer 285

reduces fuel supply

Question 286

CO2

Answer 286

reduces oxygen

Question 287

HALON

Answer 287

chemical reaction

Question 288

Wet pipe sprinkler

Answer 288

always contains water, fuse nozzle melts at 165F

Question 289

Dry pipe sprinkler

Answer 289

water in tank until clapper valve releases it

• only begins to fill when triggered by excessive heat

Question 290

Halon replacements

Answer 290

FM-200 most common replacement (others: CEA, NAF, FE-13 Argon INERGEN Low Pressure Water

Question 291

TPM

Answer 291

Trusted Platform Module is both a specification for a cryptoprocessor chip on a mainboard and the general name for implementation of the specification.

A TPM chip is used to store and process cryptographic keys for the purposes of a hardware supported/ implemented hard drive encryption system.

Generally, a hardware implementation, rather than a software-only implementation of hard drive encryption, is considered to be more secure.

Question 292

Constrained or restricted interface

Answer 292

implemented within an application to restrict what users can do or see based on their privileges.
Natural