Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISSP > Domain 3A: Security Architecture and Engineering > Flashcards

Domain 3A: Security Architecture and Engineering Flashcards

1
Q

What are the properties of the Bell LaPadula model?

A

Bell-LaPadula: (Confidentiality) (Mandatory Access Control):

  • Simple Security Property “No Read UP”.
  • Subjects with Secret clearance can’t read Top Secret data.
    • Security Property: “No Write DOWN”.
  • Subjects with Top Secret clearance can’t write Top Secret information to Secret folders.
  • Strong * Property: “No Read or Write UP and DOWN”.
  • Subjects can ONLY access data on their own level.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is lattice based access control?

A

Lattice-based access control allows security controls for complex environments. For every relationship between a subject and an object, there are defined upper and lower access limits implemented by the system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the properties of the BIBA model?

A

BIBA: (Integrity) (Mandatory Access Control):

  • Simple Integrity Axiom: “No Read DOWN”.
  • Subjects with Top Secret clearance can’t read Secret data.
  • Remember that integrity is the purpose here; we don’t want to have wrong or lacking lower clearance level data confuse us.
    • Integrity Axiom : “No Write UP”.
  • Subjects with Secret clearance can’t write Secret information to Top Secret folders.
  • We don’t want wrong or lacking lower level information to propagate to a higher level.
  • Invocation Property: “No Read or Write UP”.
  • Subjects can never access or alter data on a higher level
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How do Biba and Bell-LaPadula differ?

A

Biba takes the Bell-LaPadula rules and reverses them, showing how confidentiality and integrity are often at odds. If you understand Bell-LaPadula (no read up; no write down), you can extrapolate Biba by reversing the rules: “no read down”; “no write up.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the components of the Graham-Denning model?

A

Graham-Denning Model – uses Objects, Subjects, and Rules.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the 8 rules that a subject can execute on an object in the Graham-Denning model?

A

The 8 rules that a specific subject can execute on an object are:

  1. Transfer Access.
  2. Grant Access.
  3. Delete Access.
  4. Read Object.
  5. Create Object.
  6. Destroy Object.
  7. Create Subject.
  8. Destroy Subject.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the Clark Wilson model?

A

Clark-Wilson is a real-world integrity model that protects integrity by requiring subjects to access objects via programs. Because the programs have specific limitations to what they can and cannot do to objects, Clark-Wilson effectively limits the capabilities of the subject. Improves integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the Brewer-Nash model?

A

The Chinese Wall model (also known as Brewer-Nash) is designed to avoid conflicts of interest by prohibiting one person, such as a consultant, from accessing multiple conflict of interest categories

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the non-interference model?

A

Non-Interference Model:

  • Ensures that any actions that take place at a higher security level do not affect, or interfere with, actions that take place at a lower level.
  • The model is not concerned with data flow, but with what a subject knows about the state of the system.
  • Any changes by a higher level subject, will never be noticed by a lower level subject.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the Take-Grant protection model?

A

Take-Grant Protection Model:

  • Uses rules that govern the interactions between subjects and objects.
  • It uses permissions that subjects can grant to (or take from) other subjects.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the 4 rules of the Take-Grant protection model?

A
  • Take rule allows a subject to take rights of another subject.
  • Grant rule allows a subject to grant own rights to another subject.
  • Create rule allows a subject to create new objects.
  • Remove rule allows a subject to remove rights it has over another object.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is an access control matrix?

A

An access control matrix is a table that defines the access permissions that exist between specific subjects and objects. A matrix is a data structure that acts as a lookup table for the operating system. The table’s rows, or capability lists, show the capabilities of each subject. The columns of the table show the access control list (ACL) for each object or application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the six frameworks of the Zachman Framework? What rules do those six frameworks map to?

A

Zachman Framework (for Enterprise Architecture):

  • Provides six frameworks:
  • What, How, Where, Who, When, and Why.
  • Mapping those frameworks to rules for:
  • Planner, Owner, Designer, Builder, Programmer, and User.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What must all users have in the dedicated security mode?

A

Dedicated security mode - All users must have:

  • Signed NDA for ALL information on the system.
  • Proper clearance for ALL information on the system.
  • Formal access approval for ALL information on the system.
  • A valid need to know for ALL information on the system.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What must all users have in the system high security mode?

A

System high security mode - All users must have:

  • Signed NDA for ALL information on the system.
  • Proper clearance for ALL information on the system.
  • Formal access approval for ALL information on the system.
  • A valid need to know for SOME information on the system.
  • All users can access SOME data, based on their need to know
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What must all users have in the compartmented security mode?

A

Compartmented security mode - All users must have:

  • Signed NDA for ALL information on the system.
  • Proper clearance for ALL information on the system.
  • Formal access approval for SOME information they will access on the system.
  • A valid need to know for SOME information on the system.
  • All users can access SOME data, based on their need to know and formal access approval.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What must all users have in the multilevel security mode?

A

Multilevel security mode - (Controlled Security Mode) - All users must have:

  • Signed NDA for ALL information on the system.
  • Proper clearance for SOME information on the system.
  • Formal access approval for SOME information on the system.
  • A valid need to know for SOME information on the system.
  • All users can access SOME data, based on their need to know, clearance and formal access approval.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is IAAS?

A

IaaS - (Infrastructure as a Service) The vendor provides infrastructure up to the OS, the customer adds the OS and up.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is abstraction?

A

Abstraction hides unnecessary details from the user. It collects similar elements into groups classes or roles that are assigned security controls, restrictions or permissions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is a security domain?

A

A security domain is the list of objects a subject is allowed to access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is the ring model?

A

The ring model is a form of central processing unit (CPU) hardware layering that separates and protects domains, such as kernel mode and user mode, from each other. The innermost ring is the most trusted, and each successive outer ring is less trusted. Processes communicate between the rings via system calls, which allow processes to communicate with the kernel and provide a window between the rings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What are the four rings within the ring model?

A

The rings are (theoretically) used as follows:
• Ring 0: Kernel
• Ring 1: Other OS components that do not fit into Ring 0
• Ring 2: Device drivers
• Ring 3: User applications

most x86 operating systems, including Linux and Windows, use Rings 0 and 3 only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is pipelining?

A

Pipelining combines multiple CPU steps into one process, allowing simultaneous FDX and write steps for different instructions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is an interrupt?

A

An interrupt indicates that an asynchronous event has occurred. A CPU interrupt is a form of hardware interrupt that causes the CPU to stop processing its current task, save the state, and begin processing a new request. When the new task is complete, the CPU will complete the prior task.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is a trusted platform module?

A

A trusted platform module (TPM) chip is a processor that can provide additional security capabilities at the hardware level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What does a TPM chip allow for and what is it used for?

A

The TPM chip allows for hardware-based cryptographic operations. Security functions can leverage the TPM for random number generation; the use of symmetric, asymmetric, and hashing algorithms; and secure storage of cryptographic keys and message digests. The most commonly referenced use case for the TPM chip is ensuring boot integrity. By operating at the hardware level, the TPM chip can help ensure that kernel-mode rootkits are less likely to be able to undermine operating system security. In addition to boot integrity, TPM is also commonly associated with some implementations of full disk encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is a covert channel?

A

A covert channel is any communication that violates security policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is a backdoor?

A

A backdoor is a shortcut in a system that allows a user to bypass security checks, such as username/password authentication, to log in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is a logic bomb?

A

logic bomb is a malicious program that is triggered when a logical condition is met, such as after a number of transactions have been processed, or on a specific date (also called a time bomb)

30
Q

What is a packer?

A

Packers – Programs to compress *.exe files, which can be used to hide malware in an executable, neutral technology.

31
Q

What is an industrial control system?

A

ICS – (Industrial Control System) is a general term for several types of control systems and associated instrumentation used in industrial production technology.

32
Q

What is SCADA?

A

SCADA (Supervisory Control And Data Acquisition) is a control system architecture that uses computers, networked data communications and graphical user interface (GUI) for high-level process supervisory management.
-The operator interfaces which enable monitoring and the issuing of process commands, such as controller set point changes, are handled through the
SCADA supervisory computer system.
- However, the real-time control logic or controller calculations are performed by networked modules which connect to the field sensors and actuators.

33
Q

What is a DCS?

A
  • DCS (Distributed Control Systems) is a computerized control system for a process or plant in which autonomous controllers are distributed throughout the system, but there is central operator supervisory control.
34
Q

What is a PLC?

A
  • PLC (Programmable Logic Controllers) is an industrial digital computer which has been ruggedized and adapted for the control of manufacturing processes such as assembly lines, robotic devices or any activity that requires high reliability control, ease of programming and process fault diagnosis
35
Q

What is DNP3?

A

DNP3 (Distributed Network Protocol)

  • A set of communications protocols used between components in process automation systems.
  • Mainly used in utilities such as electric and water companies.
  • It plays a crucial role in SCADA systems, where it is used by SCADA Master Stations (Control Centers), Remote Terminal Units (RTUs), and Intelligent Electronic Device (IEDs).
  • It is primarily used for communications between a master station and RTUs or IEDs.
36
Q

What is polyinstantiation?

A

Two different instances of the same object. The actual content may be different depending on your clearance.

37
Q

What is SaaS?

A

SaaS - (Software as a Service) The vendor provides the OS and applications/programs. Either the customer interacts with the software manually by entering data on the SaaS page, or data is automatically pushed from your other applications to the SaaS application (Gmail, Office 365, Dropbox, Payroll).

38
Q

What is PaaS?

A

PaaS - (Platform as a Service) The vendor provides pre-configured OSs, then the customer adds all programs and applications.

39
Q

Which part of the CPU controls fetching from memory and execution of instructions?

A

Control unit (CU) handles fetching (from memory) and execution of instructions by directing the coordinated operations of the ALU, registers and other components. It also sends instructions to the ALU.

40
Q

The Central Processing Unit (CPU) consists of which two elements?

A

CPU (Central Processing Unit) is the brains of the system. Arithmetic logic unit (ALU) performs arithmetic and logic operations. It’s a processor that registers that supply operands (Object of a Mathematical Operation) to the ALU and stores the results of ALU operations. It does all the math. Control unit (CU) handles fetching (from memory) and execution of instructions by directing the coordinated operations of the ALU, registers and other components. It also sends instructions to the ALU.

41
Q

What are the four functions of a CPU?

A

CPU (Central Processing Unit), uses Fetch, Decode, Execute, and Store. Fetch - Gets the instructions from memory into the processor. Decode - Internally decodes what it is instructed to do. Execute - Takes the add or subtract values from the registers. Store - Stores the result back into another register (retiring the instruction). Pipelining – Combining multiple steps into one process; can Fetch, Decode, Execute, Store in same clock cycle.

42
Q

What would we use Distributed Control Systems (DSCs) for?

A

DCS (Distributed Control Systems) is a computerized control system for a process or plant in which autonomous controllers are distributed throughout the system, but there is central operator supervisory control.

43
Q

What is a key escrow?

A

Key Escrow: public and private keys are kept by a 3rd party organization (often law enforcement).

44
Q

What handles all access between objects and subjects in the computer kernel?

A

The reference monitor is a core function of the kernel; it handles all access between subjects and objects. It is always on and can’t be bypassed.

45
Q

We have part of our infrastructure migrated to cloud computing. We are responsible for the applications and the data. Which type of cloud computing are we using?

A

In public cloud PaaS - (Platform as a Service) The vendor provides pre-configured OSs, then the customer adds all programs and applications.

46
Q

What access control models are rule based?

A

MAC, RBAC, TBAC

47
Q

What is memory protection?

A

Memory protection is used to prevent an active process from interacting with an area of memory that was not assigned or allocated to it.

48
Q

What is a companion virus?

A

Self-contained executable files with their filenames similar to those of existing files but a modified extension. The virus is executed when a user types the filename without the extension at the command prompt.

49
Q

How does the teardrop attack operate?

A

It sends overlapping packet fragments to the victim machine.

50
Q

What is the Sutherland model?

A

Secure system states are defined, and systems are limited to that state to prevent interference and maintain integrity.

51
Q

What is a padded cell?

A

Similar to a honeypot, but performs intrusion isolation using a different approach. When an IDS detects an intruder, that intruder is automatically transferred to a padded cell.

52
Q

What is DRDoS?

A

Distributed reflective denial of service is a variant of a DoS. It doesn’t attack the victim directly but instead manipulates traffic or a network service so that attacks are reflected back to the victim from other sources.

53
Q

What is espionage?

A

Illegal intent to obtain and profit from sensitive information that belongs to someone else.

54
Q

What is DREAD?

A

DREAD is a threat rating system designed to provide a flexible rating solution that is based on asking five main questions to each threat:

Damage potential
Reproducibility
Exploitability
Affected users
Discoverability
55
Q

What is the Goguen-Meseguer model?

A

Integrity model based on predetermining the set or domain of objects that a subject can access. This model is based on automation theory and domain separation.

56
Q

What is the International Common Criteria?

A

The International Common Criteria (ISO/IEC 15408) is an internationally agreed-upon standard for describing and testing the security of information technology (IT) products. It presents a hierarchy of requirements for a range of classifications and systems.

57
Q

What are the 4 components of the Common Criteria?

A
  • Target of evaluation (ToE)
  • Security target
  • Protection profile
  • Evaluation assurance level (EAL)
58
Q

What are the 7 common criteria levels?

A

The Common Criteria levels are
• EAL1: Functionally tested
• EAL2: Structurally tested
• EAL3: Methodically tested and checked
• EAL4: Methodically designed, tested, and reviewed
• EAL5: Semiformally designed, and tested
• EAL6: Semiformally verified, designed, and tested
• EAL7: Formally verified, designed, and tested

59
Q

What is the target of evaluation within the common criteria?

A

Target of evaluation (ToE): The system or product that is being evaluated

60
Q

What is the security target within the common criteria?

A

Security target: The documentation describing the ToE, including the security requirements and operational environment

61
Q

What is the protection profile within the common criteria?

A

Protection profile: An independent set of security requirements and objectives for a specific category of products or systems, such as firewalls or intrusion detection systems

62
Q

What is the evaluation assurance level within the common criteria?

A

Evaluation assurance level (EAL): The evaluation score of the tested product or system

63
Q

What are the earliest evaluation models in use today?

A

“The Orange Book” - The Trusted Computer
System Evaluation Criteria – (TCSEC).
-It was developed by the U.S. Department of Defense inthe 1980s. The Orange book was part of a Rainbow Series(or Rainbow Books).
-The series also had a “The Red Book” Trusted Network
Interpretation - (TNI)

64
Q

What is Kernel mode?

A

Kernel mode (Supervisor mode) is where the kernel lives, allowing low-level unrestricted access to memory, CPU, disk, etc. This is the most trusted and powerful part of the system. Crashes are not recoverable.

65
Q

What is user mode?

A

User mode (Problem mode) has no direct access to hardware, it is directed through an API (Application programming interface). Crashes are recoverable. This is most of what happens on a PC.

66
Q

What is Address Space Layout Randomization (ASLR)?

A

Address Space Layout Randomization (ASLR) is a memory-protection process for OS’s; it guards against buffer-overflow attacks by randomizing the location where system executables are loaded into memory

67
Q

What are the two types of hypervisors?

A

Type 1 hypervisor (Bare Metal) is a
part of a Virtualization OS that runs on top of the host hardware (Think Data Center).
Type 2 hypervisor runs on top of a regular OS like Windows 10 - (Think your PC).

68
Q

What are electromagnetic emanations?

A

Electromagnetic Emanations - Information that can be disseminated from the electrical changes from a system or a wire.

69
Q

What is a server side attack?

A

Server (Service) Side Attacks: Attack directly from an attacker to a target.

70
Q

What is a client side attack?

A

Client Side Attacks: The client initiates, then gets infected with malicious content usually from web browsers or instant messaging applications. (You go to them).

CISSP (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions