Domain 5: Security Architecture and Design Flashcards
What is RAM?
RAM (Random Access Memory): Volatile hardware memory that loses integrity after loss of power.
What is aReference Monitor?
Reference Monitor: Mediates all access between subjects and objects.
What is ROM?
ROM (Read Only Memory): Nonvolatile memory that maintains integrity after loss of power.
What is TCSEC?
TCSEC (Trusted Computer System Evaluation Criteria): Known as the Orange Book.
What is TCB?
TCB (Trusted Computer Base): The security relevant portions of a computer system.
What is Virtualization?
Virtualization: An interface between computer hardware and the operating system that allows multiple guest operating systems to run on one host computer.
What are the two things that Security Architecture and Design describes?
1: fundamental logical hardware, operating system and software security components
2: How to use those components to design, architect and evaluate secure computer systems.
What are the three Domain Parts to Security Architecture and Design describes?
1: Hardware and software required to have secure computer system
2: Logical models required to keep the computer secure
3: Evaluation models that quantify how secure a system really is
What does
Secure System Design represent?
universal best practices; It transcends specific hardware and software implementations.
What is layering?
Separates hardware and software functionality into modular tiers.
What networking protocol isi similar to layering by profiding a similar function?
TCP/IP
Explain how layeriing works when in your systej when you change disk drives from IDE to SCSI
Example: A disk drive in the hardware layer has changed from IDE to SCSI. The device drivers in the adjoining layer will also change but the other layers in the Operating System and the Application layers will remain unchanged.
What are the generic names for the four layers?
1: Hardware
2: kernel and device drivers
3: Operating System
4: Applications
Why is abstraction a good design principal?
Complexity is the enemy to security and computers are extremely complex machines.
Why does abstraction provide the user?
Abstraction hides unnecessary detail from the user and provides a way to manage that complexity.
In the context of Secure System Design Concepts, Name two definitions for a a Securitiy Domain?
1: A list of objects a subject is allowed to access.
2: Groups of subjects and objects with similar security requirements like CONFIDENTIAL, SECRET and TOP Secret or User Mode and kernel Mode.
What does kernel mode provide access to?
Allows low-level access to hardware (memory, CPU, disk, etc).
Most trusted and powerful part of the system.
What is another name for does kernel mode ?
Supervisor Mode
What is The Ring Model?
A form of CPU layering that separates and protects domains from each other.
What are the four generic names to the the Ring Model layers?
Ring 0: Kernel
Ring 1: Other OS components that do not fit into Ring 0
Ring 2: Device Drivers
Ring3: User Applications
What is the name for the process for communicting between layers in the Ring Model?
System Calls
What is one advantage and one disadvantage to System Calls?
System Calls are slow compared to inner ring communication but provide security.
Practically, why do most X86 CPUs, including Linux and Windows, only use Ring 0 and Ring 3
because of performance issues.
What Ring Layer does a Hypervisor operate in?
Hypervisor (Ring 1)
Allows virtual guests to operate in Ring 0.
What is the difference beetween an Open and Closed System?
An open system uses open hardware and standards from a variety of vendors.
A closed system uses proprietary hardware.
What is the difference beetween an Open system and Open Source?
An open system uses open hardware and standards from a variety of vendors.
Open source makes source code publicly available.
What is the difference beetween The System Unit and the Motherboard?
System Unit: The case and all the internal electronic computer parts including the motherboard, disk drives, power supply, etc.
Motherboard: hardware components like the CPU, memory slots, firmware, and peripheral slots
What is the purpose of The Computer Bus?
Primary communications channel between all components.
Some systems have two buses. What are thier names?
Northbridge & Southbridge: Two buses
What does each bus (Northbridge & Southbridge) propvide the communication channels for?
- *Northbridge**
1: Memory Controller Hub – MCH)
2: Connects CPU to RAM and Video Memory
The Northbridge Bus is directly connected to the CPU and is faster than southbridge
Southbridge
1: I/O Controller Hub – ICH)
2: Connects input/output devices.
What does the acronym MCH stand for?
Memory Controller Hub – MCH
What does the acronym ICH stand for?
I/O Controller Hub – ICH
What does the acronym CPU stand for?
Central Processing Unit
What is the difference between the Arithmetic Logic Unit (ALU) and Control Unit?
ALU performs mathematical calculations
Control Unit feeds instructions to the ALU
What does the acronym ALU stand for?
Arithmetic Logic Unit
What is another name for Fetch & Execute?
Also called Fetch – Decode – Execute (FDX)
What does the acronym FDX stand for?
Fetch – Decode – Execute (FDX)
What are the generic four steps to the Fetch & Execute clock cycle?
1: Fetch Instruction 1
2: Decode Instruction 1
3: Execute Instruction 1
4: Write (save) Result
What is Pipelining?
Combines multiple steps into one process allowing simultaneous FDX and increasing throughput.
What is the pipeline depth?
The pipeline depth is the number of simultaneous stages which may be completed at once.
What is an Interrupt?
Indicate that an asynchronous event has occurred that causes the CPU from processing its current task, save the state, and begin processing a new request.
When the new task is complete, the CPU will complete the prior task.
What is a Process?
An executable program and its associated data loaded and running in memory.
What is a Heavy Weight Process called?
(HWP) is called a task.
What is a Light Weight Process called?
LWP is called a thread
What does the acronym LWP stand for?
Light Weight Process
What does the acronym HWP stand for?
Heavy Weight Process
What is the differenece between Heavy Weight Processes and Light Weight Processes?
HWPs do not share memory while LWPs share memory resulting in low overhead.
What is a thread?
A Parent process may spawn child processes called Threads.
What is a zombie process?
A child process whose parent has terminated.
What are the five process states?
1: New: A process being created
2: Ready: Processes waiting to be executed by the CPU
3: Running: Processes being executed by the CPU
4: Blocked: Processes waiting for I/O
5: Terminated: Process that are complete.
What is Multitasking?
Multitasking: Allows multiple HWP (Heavy Weight Processes) to run simultaneously on one computer.
What is Multiprogramming?
Allows multiple programs to run simultaneously on one computer.
What is Multithreading?
Multithreading: Allows multiple LWP (Light Weight Processes - threads) to run simultaneously on one computer.
What is Multiprocessing?
Multiprocessing: Allows multiple processes to run simultaneously on multiple CPUs.
What is Symmetric Multiprocessing (SMP)?
Symmetric Multiprocessing (SMP): One operating system manages all CPUs.
What is Asymmetric Multiprocessing (ASMP or AMP)?
Asymmetric Multiprocessing (ASMP or AMP): One operating system essentially all independent systems.
Name the six types of “Multi” processing schemes:
1: Multitasking: Allows multiple HWP (Heavy Weight Processes) to run simultaneously on one computer.
2: Multiprogramming: Allows multiple programs to run simultaneously on one computer.
3: Multithreading: Allows multiple LWP (Light Weight Processes - threads) to run simultaneously on one computer.
4: Multiprocessing: Allows multiple processes to run simultaneously on multiple CPUs.
5: Symmetric Multiprocessing (SMP): One operating system manages all CPUs.
6: Asymmetric Multiprocessing (ASMP or AMP): One operating system essentially all independent systems.
What is a Watchdog Timer?
Watchdog Timer: Design to recover a system by rebooting after critical processes hang.
What is the difference between CISC and RISC architectures??
CISC (Complex Instruction Set Computer): Low-level commands are longer and powerful using less individual instructions to perform a complex task.
RISC (Reduced Instruction Set Computer): Low-level commands are shorter and simpler using more individual instructions to perform a complex task but allowing less cycles per instruction and more efficient code.
What does the acronym CISC stand for?
CISC (Complex Instruction Set Computer): Low-level commands are longer and powerful using less individual instructions to perform a complex task.
What does the acronym RISC stand for?
RISC (Reduced Instruction Set Computer): Low-level commands are shorter and simpler using more individual instructions to perform a complex task but allowing less cycles per instruction and more efficient code.
Which architecture is best: RISC or CISC?
No correct answer
CISC used in x86 CPUs
RISC used in smart phones, powerPCs, SPARC
Which architecture is best: RISC or CISC?
No correct answer
CISC used in x86 CPUs
RISC used in smart phones, powerPCs, SPARC
What does the acronym RAM stand for?
Random Access memory
Is RAM volatile?
Yes but some RAM has remanence for seconds or minutes after loss.
What os Sequential memory?
Like a tape, must sequentially read memory.
What is memory Volatility?
Like RAM, loses integrity after power loss.
What is memory Nonvolatility?
Like ROM, Disk or tape, does not lose integrity after power loss.
What does the acronym ROM stand for?
ROM (Read Only Memory).
What is the main difference between ROM and RAM?
ROM is Nonvolatile while RAM is volatile.
Can you overwrite ROM?
Yes - Some types of ROM may be overwritten in a process called flashing
What is Real or Primary Memory?
Real or Primary: Like RAM, directly accessible by the CPU and is used to hold data and instructions for currently running processes.
What is Secondary Memory?
Secondary: Like disks, is not directly accessible.
What is Cache?
Fastest memory on the system, the data most frequently used by the CPU.
Name the five types of cache in order of speed.
1: Register File: The fastest portion of the cache, small storage locations used to store instructions and data.
2: Level 1: Next Fastest, Located on the CPU.
3: Level 2: Next Fastest, connected to the CPU but Located outside.
4: SRAM (Static Random Access Memory): Expensive and Fast, uses small latches called flip-flops to store bits.
5: DRAM (Dynamic Random Access memory):: Stores bits in small capacitors (like batteries) and is slower and cheaper than SRAM.
In regards to cache, what is a Register File?
Register File: The fastest portion of the cache, small storage locations used to store instructions and data.
In regards to cache, what is Level 1 cache?
Reallyy fast memory Located on the CPU.
In regards to cache, what is Level 2 cache?
Reallyy fast memory Located outside the CPU but directly connected.
In regards to cache, what is SRAM?
SRAM (Static Random Access Memory): Expensive and Fast, uses small latches called flip-flops to store bits.
What does the acronym SRAM stand for?
SRAM (Static Random Access Memory):
What does the acronym DRAM stand for?
Dynamic Random Access memory
What does the acronym DRAM stand for?
Dynamic Random Access memory
In regards to cache, what is DRAM memory?
Stores bits in small capacitors (like batteries) and is slower and cheaper than SRAM.
Leak charge and must be refreshed
What is the difference between asynchronous and synchronous SRAM?
Synchronous SRAM is designed to exactly match the speed of the CPU, while asynchronous is not. That little bit of timing makes a difference in performance. Matching the CPU’s clock speed is a good thing, so always look for synchronized SRAM.
What is the General Rule cache and location to the CPU?
General Rule: the closer memory is to the CPU, the faster and more expensive it is. As you move away from the CPU (SRAM, DRAM to Disk, tape, etc) it becomes slower and less expensive.
In terms of Memory Addressing, what is Direct Addressing?
The CPU adds the values stored here (at this memory location).
In terms of Memory Addressing, what is Indirect Addressing?
Indirect Addressing (Pointer):
The CPU adds the value stored in memory location here.
In terms of Memory Addressing, what is Register Direct Addressing?
The same as Direct Addressing except that it references a CPU register.
In terms of Memory Addressing, what is Register Indirect Addressing?
The same as InDirect Addressing except the pointer is stored in the register.
What is Memory Proteection?
Prevents one process from affecting the CIA of other processes.
What is Memory design requirement for secure multiuser and multitasking systems.
Memory Protection
In terms of Memory Protection,
What is Process Isolation?
A logical control that attempts to prevent one process from interfering with another.
In terms of Memory Protection,
Why is Process Isolation important?
A lack of process isolation means that one process crash could crash the entire operating system or that an attacker could affect the CIA of any transaction
In terms of Memory Protection,
What is an Interference attack?
Interference attacks are CIA attacks on process isolation.
In terms of Memory Protection,
what is one exampleof an interferenceattack for each element of CIA?
Confidentiality: read your credit card number during an online purchase.
Integrity: Change your credit card number during an online purchase
Availability: Stopping an online purchase
In terms of Memory Protection,
what are the four techniques used to provide process isolation
1: Virtual memory
2: Object Encapsulation
3: Time Multiplexing
4: Hardware Segmentation
In terms of Memory Protection,
how does Virtual Memory provide Process Isolation?
Provides virtual address mapping between applications and hardware memory.
where process A’s address space is different from process B’s address space - preventing A to write into B.
In terms of Memory Protection,
Is the function of Virtual Memory only Process Isolation?
No - it has Multiple Functions:
1: Multitasking (multiple tasks on one CPU)
2: Shared library for multiple processes
3: Swapping
What are the three functions of Virtual Memory?
1: Multitasking (multiple tasks on one CPU)
2: Shared library for multiple processes
3: Swapping
Is Virtual Memory = Swapping?
No - it has three functions:
1: Multitasking (multiple tasks on one CPU)
2: Shared library for multiple processes
3: Swapping
In terms of Virtual Memory,
What is paging?
Paging: Copies blocks of memory between RAM and secondary memory.
In terms of Virtual Memory,
What is swap space?
Swap space is often a dedicated partition on the hard drive and is used to extend the amount of available memory.
In terms of Virtual Memory,
What is a page fault?
If the kernel attempts to access a page (fixed-length block of memory) located in swap space, a page fault occurs telling the computer to swap the page from the Swap Space into RAM.
In terms of Virtual Memory,
What is a swapping designed to do?
Designed as a protective measure to handle occasional bursts of memory usage.
In terms of Virtual Memory,
What is the generic process for swapping?
1: Computers keep filling RAM until almost filled.
2: The system will Swap idle processes to Swap Space.
3: As both RAM and Swap Space fills up, the system will start thrashing by swapping active processes to Swap space.
In terms of Virtual Memory,
What is thrashing?
As both RAM and Swap Space fills up, the system will start thrashing by swapping active processes to Swap space.
In terms of Virtual Memory,
What is are two mitigations to thrashing?
1: Add more memory
2: Remove processes
In terms of Virtual Memory,
What is firmare?
Stores small programs that do not change that often in ROM.
In terms of Virtual Memory,
What are the three types of firmare?
1: PROM (Programmable Read Only Memory): Can be written once typically at the factory.
2: EPROMS (Erasable Programmable Read Only Memory):
3: EEPROMS (Electrically Erasable Programmable Read Only Memory):
In terms of Virtual Memory and firmware
What is a PROM?
PROM (Programmable Read Only Memory): Can be written once typically at the factory.
In terms of Virtual Memory and firmware
What is a EPROM?
Erasable Programmable Read Only Memory that May be flashed or erased or written many times.
In terms of Virtual Memory and firmware
Where did the term Flashing come from?
Flashing derived from EPROMs because they were erased by flashing ultraviolet light onto a small window on the chip.
In terms of Virtual Memory and firmware
What is Flashing?
Flashing is the process of erasing and re-writing EPROMs.
In terms of Virtual Memory and firmware
What is an EEPROM?
EEPROMS (Electrically Erasable Programmable Read Only Memory): May be flashed or erased or written many times
In terms of Virtual Memory and firmware
What is the difference between a EPROM and an EEPROM?
EEPROMS are a Modern type of ROM, electrically erasable via flashing programs.
Any byte of a EEPROM can be overwritten.
In terms of Virtual Memory and firmware
What is the difference between a EPROM and an EEPROM?
EPROMs can be flashed but it is all or nothing.
EEPROMS are a Modern type of ROM, electrically erasable via flashing programs. Any byte of a EEPROM can be overwritten.
In terms of Virtual Memory and firmware
What is Programmable Logic Device (PLD):
Programmable Logic Device (PLD) are programmed after it leaves the factory.
In terms of Virtual Memory and firmware
Name three types of Programmable Logic Devices (PLDs)
1: EPROMS
2: EEPROMS
3: Flash memory are all PLDs.
In terms of Virtual Memory and firmware
What is the issue with destroying firmware as compared to other electronics?
Chip-based media is not like magnetic disks; Degausers may not work.
In terms of Virtual Memory and firmware
What does the acronym BIOS stand for?
Basic Input Output System
In terms of Virtual Memory and firmware
What is a BIOS?
Code in firmware that is executed when the PC is turned on,
In terms of Virtual Memory and firmware
What does the acronym WORM stand for?
WORM (Write Once Read Many) Storage
In terms of Virtual Memory and firmware
What is the advantage WORM memory?
Insures Integrity because there is some assurance that the data cannot be modified.
In terms of Virtual Memory and firmware
Name three types of WORM memory?
1: CD-R: Compact Disc Recordable
2: DVD-R: Digital Versatile Disk Recordable
3: Some Digital Linear Tape (DLT) drives and media
In terms of Virtual Memory and firmware
Name two types memory that are often confused as WORM memory but are not?
1: CD-RW
2: DVD-RW
What is Secure Operating System and Software Architecture
Provides a secure interface between the hardware and application layers.
What does an operating system do?
Operating systems provide memory, resource and process management.
What does the kernel do?
Provides interface between the Operating System and the hardware.
What ring number does the kernel operate at?
Usually runs at Ring 0
What are two kernel designs?
1: Monolithic
2: Microkernel
how does a monolithic kernel design work?
Monolithic: compiled into one static executable and runs in supervisor mode.
How does a Microkernel kernel design work?
Microkernel: Modular kernels; smaller, less native functionality compared to Monolithic kernels.
Can add new functionality via loadable kernel modules.
May run modules at User Level – Ring 3
What does a Reference Monitor do?
Mediates access between subjects and objects.
How does a Reference Monitor work?
Enforces system security policy like restricting SECRET subjects from accessing TOP SECRET objects
What is a key design principla for a Reference Monitor ?
Always enabled and cannot be bypasses
Can you evaluate the security of the reference monitor?
Secure systems can evaluate the security of the reference monitor.
What is the difference between UNIX/LINUX and Windows User and File Permisisons?
Both LINUX/UNIX and Windows Operating systems usually grant read, write and execute permissions. Windows has more: Modify and full control.
What is a Privileged Program?
Normal users can’t edit the system files like the password file but they need to be able to change their password.
What is the Unix setuid programs for?
In Unix, setuid programs let normal users run Privileged Programsas as the file’s owner. Setgid runs with the permission’s of the file’s group.
What is virtualization?
Adds a software layer between an operating system and the underlying computer hardware.
Allows multiple guest operating systems to run simultaneously on one physical host.
What are types of virtualization?
1: Transparent
2: Paravirtualization
What is Transparent virtualization?
runs stock operating systems
What is Paravirtualization ?
runs specially modified operating systems with modified kernel system calls.
Name one advantage and one disadvantage to Paravirtualization ?
Advantage:Can be more efficient
Disadvantage: Requires changing the guest operating systems; may not be possible for closed systems like windows.
Name four advantages virtualization ?
1: Lower hardware costs by consolidation and lower power and cooling requirements
2: Snapshots allows admins to create OS images that can be restore at the click of a mouse.
3: Testing becomes simple
4: Clustering virtual guests is easier than clustering Operating Systems directly on hardware.
Name three security issues with virtualization ?
1: Technology complex and relatively new.
2: It is not a replacement for a firewall; never combine guests with different security requirements (like a DMZ and an Internal Box)
3: Risk of virtualization escape is of high interest to the research community
What is a Thin Client?
Runs on a full operating system but uses a web browser as a universal client.
Name four advantages to Thin Clients?
1: Simplify client server architecture and design
2: Improve Performance
3: Lower costs
4: All data is stored on servers
Name two security issues with Thin Clients?
1: Client must patch the browser and operating system for security.
2: Applications are patched in the server.
In terms of System Vulnerabilities, Threats and Countermeasures
What is an Emanation?
Energy that escapes electronic systems.
In terms of System Vulnerabilities, Threats and Countermeasures
What is TEMPEST?
A codename by the US NSA for a standard for shielding emanations
In terms of System Vulnerabilities, Threats and Countermeasures
What is a Covert Channels?
Any communications that violates security policy
In terms of System Vulnerabilities, Threats and Countermeasures
Name Two Types of Covert Channels?
1: Storage Channels: The storage of an item has some secret meeting that has nothing to do with the item itself.
2: Timing Channels: The response times to various scenarios may indicate unintended information.
In terms of Covert Channels,
What is a Storage Channel?
Storage Channels: The storage of an item has some secret meeting that has nothing to do with the item itself.
In terms of Covert Channels,
What is a Timing Channelsl?
Timing Channels: The response times to various scenarios may indicate unintended information.
In terms of Covert Channels,
What is the opposite of a Covert Channel?
The opposite of a Covert Channel is a Overt Channel; authorized communications that complies with policy.
In terms of System Vulnerabilities, Threats and Countermeasures,
What is a Buffer Overflow?
Occur when a programmer fails to perform boundary checking.
In terms of System Vulnerabilities, Threats and Countermeasures,
What is Smashing the Stack?
Another name for Buffer Overflow, Smashing the Stack is what an attacker does when he tries to insert information into a variable that is much larger than the programmer intended.
In terms of System Vulnerabilities, Threats and Countermeasures,
How do you mitigate Buffer Overflows?
Mitigated by secure application development.
In terms of System Vulnerabilities, Threats and Countermeasures,
What does the acronym TOCTOU stand for?
TOCTOU: Time of Check / Time of Use Race Conditions
In terms of System Vulnerabilities, Threats and Countermeasures,
What is a race condition?
A race condition is when an attacker attempts to alter a condition after it has been checked by the operating system but before it is used.
In terms of System Vulnerabilities, Threats and Countermeasures,
What is a Backdoor?
Shortcut in the system that allows a user to bypass security controls.
In terms of System Vulnerabilities, Threats and Countermeasures,
How do attackers install Backdoors?
Attackers will often install a backdoor once they compromise a system.
In terms of System Vulnerabilities, Threats and Countermeasures,
Are there legitimate Backdoors?
Yes- Maintenance hooks are a type of backdoor; shortcuts installed by system designers to allow developers to bypass security during development.
In terms of System Vulnerabilities, Threats and Countermeasures,
What is Malicious Code?
Generic term for any type of software that attacks an application or system.
In terms of System Vulnerabilities, Threats and Countermeasures,
What are four types Malicious Code?
1: Viruses
2: Worms
3: Trojans
4: Logic bombs
In terms of Malicious Code,
What is a virus?
Malcode that does not spread automatically; they require a carrier like a USB drive or floppy disk.
In terms of Malicious Code,
Name five types of viruses?
1: Macro Virus: written in a macro language like MS Office.
2: Boot Sector Virus: Installs itself in the boot sector of the hard drive ensuring that the virus loads every time the system is started.
3: Stealth Virus: Hides itself from the OS and AV systems.
4: Polymorphic Virus: a virus that changes its signature upon infection to evade AV
5: Multipartite Virus (Multipart): spreads via multiple vectors
In terms of Malicious Code viruses,
What is Macro Virus?
Macro Virus: written in a macro language like MS Office.
In terms of Malicious Code viruses,
What is a Boot Sector Virus?
Boot Sector Virus: Installs itself in the boot sector of the hard drive ensuring that the virus loads every time the system is started.
In terms of Malicious Code viruses,
What is a Stealth Virus?
Stealth Virus: Hides itself from the OS and AV systems.
In terms of Malicious Code viruses,
What is a Polymorphic Virus?
Polymorphic Virus: a virus that changes its signature upon infection to evade AV
In terms of Malicious Code viruses,
What is a Multipartite Virus ?
Multipartite Virus (Multipart): spreads via multiple vectors
In terms of Malicious Code,
What is a Worm?
Malware that self-propagates.
Coined by John Brunner in 1975’s “The Shockwave Rider”
In terms of Malicious Code,
Name two ways that a Worm casues damage.
Cause damage in two ways:
1: with the malicious code they carry and
2: Also with the generated network traffic from aggressive worms self-propagation.
In terms of Malicious Code,
What was the first First Widespread Worm?
First Widespread Worm: Morris Worm of 1988.
In terms of Malicious Code,
What is a Trojan?
Also called a Trojan Horse (derived from Virgil’s poem “ The Aeneid”)
Performs two functions; one benign (like a game) and the other, the Malcode.
In terms of Malicious Code,
What is a Logic bomb?
Malicious code triggered when a logical condition is met.
Malcode often contain logic bombs that behave one way until a specific condition is met and then completely change tactics.
In terms of Malicious Code,
What is a Zero day exploit?
A Zero day exploit is Malcode for which there is no vendor-supplied patch.?
In terms of Malicious Code,
What is a Root Kit?
Malware that replaces portions of the kernel and/or operating system.
In terms of Malicious Code,
What does a user-mode (Ring 3) Root Kit do?
A user-mode (Ring 3) rootkit replaces operating system components like ls or ps.
In terms of Malicious Code,
What does kernel mode (Ring 0) Root Kit do?
A kernel mode (Ring 0) rootkit replaces kernel modules.
In terms of Malicious Code,
What does a Packer do?
Provide runtime compression of executable.
In terms of Malicious Code,
How does Runtime compression (Packers) work?
Runtime compression works by compressing the original executable and appending a small decompresser the now compressed exe. Upon execution, the decompresser unpacks the original exe and executes it.
In terms of Malicious Code,
Are Packers malcode?
No- Neutral technology; not malicious code per se. but attackers use the technology to avoid AV detection.
In terms of Malicious Code,
What is Anti Virus?
Software that is designed to prevent and detect Malicious Code
In terms of Malicious Code,
Name two types of Anti Virus?
1: Signature-based av uses static signatures of known malware
2: Heuristic-based av uses anomaly-based detection
In terms of Malicious Code,
What is Signature-based AV ?
Signature-based av uses static signatures of known malware
In terms of Malicious Code,
What is Heuristic-based AV ?
Heuristic-based av uses anomaly-based detection
In terms of System Vulnerabilities, Threats and Countermeasures,
What is a Server Side Attacks (Service Side Attacks)?
Launched by an attacker at a listening service.
Exploit vulnerabilities in installed services but this is not exclusively a server problem.
In terms of System Vulnerabilities, Threats and Countermeasures,
Name three mitigations for Server Side Attacks (Service Side Attacks)?
1: Patching
2: Firewalls
3: Other Defense in Depth measures
In terms of System Vulnerabilities, Threats and Countermeasures,
What is a Client Side Attack?
Launched when a user downloads malicious content; initiated from the victim
The flow of data is reversed compared to server-side.
In terms of System Vulnerabilities, Threats and Countermeasures,
What is the main differnece between a Client Side Attack and a server side attack?
Client Side Attacks are initiated from the victim. The flow of data is reversed compared to server-side.
Server side attacks are Launched by an attacker at a listening service.
In terms of System Vulnerabilities, Threats and Countermeasures,
Name three mitigations for Client Side Attacks?
1: Patching but more difficult than server side attacks
2: Firewalls but more difficult; designed to restrict inbound traffic, not outbound.
3: Other Defense in Depth measures
In terms of System Vulnerabilities, Threats and Countermeasures,
Why do attackers leverage Web Application Attacks?
Web 2.0 technology presents dynamic content and has increased the attack surface.
Dynamic Web languages like PHP (Recursive name that stands for Hypertext Processor) enables web pages to be more dynamic.
In terms of System Vulnerabilities, Threats and Countermeasures,
What is one example of a Web Application Attack?
Example: remote file inclusion attack
In terms of System Vulnerabilities, Threats and Countermeasures,
What is XML (Extensible Markup Language)?
Like HTML, a standard to encode documents and data but more universal.
Users can define their own formats.
In terms of System Vulnerabilities, Threats and Countermeasures,
What is Security Assertion Markup Language (SAML?
Security Assertion Markup Language (SAML) is an XML-based framework for exchanging security information including authentication data. Some forms of Single-Sign-On use SAML to exchange data.
In terms of System Vulnerabilities, Threats and Countermeasures,
What is Security Assertion Markup Language (SAML?
Security Assertion Markup Language (SAML) is an XML-based framework for exchanging security information including authentication data. Some forms of Single-Sign-On use SAML to exchange data.
In terms of System Vulnerabilities, Threats and Countermeasures,
What is an applet?
Small pieces of mobile code that are embedded in other software like browsers.
In terms of System Vulnerabilities, Threats and Countermeasures,
What is the difference between an applet and XML/HTML?
Unlike HTML and XML, applets are executables downloaded from servers and run locally.
In terms of System Vulnerabilities, Threats and Countermeasures,
Name two languages that attackers write malicious applets in.
Malicious Applets are like Malicious Code
Can be written in a variety of languages: Java and ActiveX
In terms of System Vulnerabilities, Threats and Countermeasures,
What is JAVA?
An Object Oriented programming langauage used to build Applets and general purpose programming
In terms of System Vulnerabilities, Threats and Countermeasures,
What is a unique design feature to the JAVA programming language?
Java bytecode is platform independent. It is interpreted by the Java Virtual Machine (JVM) available for a variety of Operating Systems.
In terms of System Vulnerabilities, Threats and Countermeasures,
What is a security feature of JAVA?
Run in a sandbox that segregates the code from the OS.
Designed to prevent the attacker that compromises an Applet from gaining access to the Operating System.
In terms of System Vulnerabilities, Threats and Countermeasures,
What is a security feature of Sandbox technology?
Code that runs in a sandbox must be self-sufficient meaning that it cannot rely on the Operating system to function.
In terms of sandbox technologhy,
What is a Trusted Shell?
Trusted Shell is a statically compiled shell which can be used in sandboxes. It does not rely on the OS shared libraries.
In terms of System Vulnerabilities, Threats and Countermeasures,
Why do security people say that JAVA is insecure?
Java has two parts: the runtime that runs on your computer (and lets you run Java apps), and the browser plug-in that comes along with it. When people talk about Java being insecure, they’re talking about the browser plug-in. Java apps themselves aren’t inherently insecure, it’s the browser plug-in that causes problems.
In terms of System Vulnerabilities, Threats and Countermeasures,
What is Active X?
ActiveX is a software component of Microsoft Windows.
ActiveX controls are small programs, sometimes called add-ons that are used on the Internet.
In terms of System Vulnerabilities, Threats and Countermeasures,
What is the security design feature of Active X?
ActiveX uses digital certificates instead of sandboxes to provide security.
In terms of System Vulnerabilities, Threats and Countermeasures,
What is a Mobile Device Attack?
Range from USB flash drives to Laptops.
Infected with Malware outside the perimeter and then carried into an organization.
In terms of System Vulnerabilities, Threats and Countermeasures,
Name two Admin contorls to mitigate Mobile Device Attack?
Admin Controls like
1: Policy preventing or
2: limiting use.
In terms of System Vulnerabilities, Threats and Countermeasures,
Name six Technical contorls to mitigate Mobile Device Attack?
Technical control like
1: preventing USB devices rom functioning.
2: Authentication via OSI Layer 2 802.1X
3: Patch Verification
4: Up to Date AV signatures
5: Network Access Control (NAC): Device based solution supported by vendors
6: Network Access Protection (NAP): OS solution supported by MS.
In terms of Database Security,
What is Polyinstantiation?
Allows two different objects to have the same name; means that two rows may have the same primary key but will have different data.
In terms of Database Security,
Why is Polyinstantiation needed?
Databases normally require rows to contain a unique primary key. The multi-level secure database cannot do that without allowing the manager to infer Top Secret Information.
Means that the database will create a row with a duplicate key: one labeled SECRET and one Labeled TOP SECRET.
In terms of Database Security,
What is Inference and Aggregation?
Occurs when a user is able to use lower level access to learn restricted information.
In terms of Database Security,
What is Inference ?
Inference requires deduction; lower level details provide clues
In terms of Database Security,
What is Aggregation ?
Aggregation is a mathematical process; a user asks every question and receives every answer deriving restricted information
In terms of Database Security,
What is the mitgation to Inference and Aggregation ?
Mitigation: Polyinstantiation
In terms of Database Security,
What is Data Mining?
Searching large amounts of data to determine patterns that would otherwise get lost in the noise.
In terms of Database Security,
What is a mitigation to Data Mining?
Defense in Depth
In terms of Security Models,
What is a the difference between writing up and Reading Down?
Reading Down occurs when a subject reads an object at a lower security level
Writing Up occurs when a subject passes an object at a higher security level; the subject does not see any of the information in the object.
The difference between Reading Down and Writing Up is the direction flow.
In terms of Security Models,
Writing Up protects which elements of CIA at the expense of what others?
Protects Confidentiality at the expense of integrity.
The subject passes the object to a higher security level without reading it. The subject does not read it (Confidentiality) but does not know if the information is valid (Integrity).
In terms of Security Models,
What is a State Machine Model?
A State Machine is a mathematical model that groups all possible occurrences called states.
If every state is proven to be secure, then the system is secure.
In terms of Security Models,
What is the Bell-LaPadula Model (State Machine)?
It is probably better known as the “no read up, no write down” model.
It uses a set of access control rules which use security labels on objects and clearances for subjects. Security labels range from Unclassified, For Official Use Only, Confidential, Secret, Top Secret, etc.
In terms of Security Models,
What is the limitation of the Bell-LaPadula Model (State Machine)?
The model, however, has no clear distinction of protection and security.
In terms of Security Models,
How does the Bell-LaPadula Model (State Machine) work?
The model emphasizes data confidentiality and controlled access to classified information. To control access to this information the clearance of the subject is compared to the classification of the objects in order for the subject to be granted access to the object.
In terms of Security Models,
What are the Two mandatory access control rules for the Bell-LaPadula Model (State Machine)?
Simple Security Policy – A subject at a given security level may not read an object at a higher security level. The subject may not “read up”. For example, a person with a Secret clearance level may not read a report that is labeled with Top Secret.
The *-property or Confinement property – A subject at a given security level may not write to any object with a lower security level. The subject may not “write down”. Note: Trusted subjects are not restricted by this property.
In terms of Security Models,
What is the Simple Security Policy in the Bell-LaPadula Model (State Machine)?
Simple Security Policy – A subject at a given security level may not read an object at a higher security level. The subject may not “read up”. For example, a person with a Secret clearance level may not read a report that is labeled with Top Secret.
In terms of Security Models,
What is The *-property or Confinement property in the Bell-LaPadula Model (State Machine)?
A subject at a given security level may not write to any object with a lower security level. The subject may not “write down”. Note: Trusted subjects are not restricted by this property.
In terms of Security Models,
What is Lattice-Based Access Controls (State Machine) model?
Allows security controls for complex environments.
Allows subjects to reach higher and lower security classifications.
In terms of Security Models,
What is the main design principla for the Lattice-Based Access Controls (State Machine) model?
For every relationship between subject ad object, there are defined upper and lower access limits by the system.
In terms of Security Models,
What are the three dependencies in the Lattice-Based Access Controls (State Machine) model?
Depends on three things:
1: The Subject’s Need
2: The Object’s Label
3: The Subject’s Role
In terms of Security Models,
What are the two propertiess in the Lattice-Based Access Controls (State Machine) model?
1: Least Upper Bound (LUB)
2: Greatest Lower Bound (GLB)
In terms of Security Models,
What is the Biba Model(State Machine)?
The Biba Model also carries a clever catch phrase: “no read down, no write up”.
The Biba model addresses integrity which was missing in the confidentiality focused Bell-La Padula model.
Much like the Bell-La Padula model, the Biba model uses objects and subjects. However, objects and subjects are grouped into integrity levels instead of given security labels.
In terms of Security Models,
How does the Biba Model(State Machine) preserve integrity?
In order to preserve integrity, subjects may create content at or below their own integrity level and view content at or above their own integrity level. This helps to prevent data corruption thus preserving integrity.
In terms of Security Models,
What are the two security rules associated with the Biba Model(State Machine)?
1: Simple Integrity Axiom: A subject at a given level of integrity must not read an object at a lower integrity level (no read down).
2: (star) Integrity Axiom: A subject at a given level of integrity must not write to any object at a higher level of integrity (no write up).
In terms of Security Models,
What is the Simple Integrity Axiom in the Biba Model(State Machine)?
Simple Integrity Axiom: A subject at a given level of integrity must not read an object at a lower integrity level (no read down).
In terms of Security Models,
What is the * (star) Integrity Axiom in the Biba Model(State Machine)?
A subject at a given level of integrity must not write to any object at a higher level of integrity (no write up).
In terms of Security Models,
What is the Clark-Wilson (State Machine) model?
The Clark-Wilson model is concerned with information integrity using an integrity policy that defines enforcement rules (E) and certification rules (C).
In terms of Security Models,
What is the basic principal of the Clark-Wilson (State Machine) model?
The basic principle of the model revolves around the idea of a transaction which is a series of operations.
The model essentially boils down to data items and processes that operate on these data items
In terms of Security Models,
What is a A Constrained Data Item (CDI) in the Clark-Wilson (State Machine) model?
A Constrained Data Item (CDI) is considered the key data item in the model.
In terms of Security Models,
What is a Integrity Verification Procedure (IVP) in the Clark-Wilson (State Machine) model?
An Integrity Verification Procedure (IVP) ensures that all CDIs in the system are valid.
In terms of Security Models,
What is a Transformation Procedures (TPs) in the Clark-Wilson (State Machine) model?
Transformation Procedures (TPs) are the transactions that enforce the integrity policy.
A Transformation Procedure takes as input a Constrained Data Item or Unconstrained Data Item (UDI) (possible system input from users) and produces a Constrained Data Item.
A Transformation Procedure must transition the system from one valid state to another valid state via certification.
In terms of Security Models,
What is a The Clark-Wilson triple in the Clark-Wilson (State Machine) model?
The Clark-Wilson triple is
the relationship that exists between the components of an authenticated principal,
a set of programs (Transformation Procedures),
and data items (Constrained Data Items and Unconstrained Data Items).
In terms of Security Models,
What two concepts does the Clark-Wilson (State Machine) model enforce?
1: Separation of duties
2: Transformation procedures within the system
In terms of Security Models,
What is the Chinese Wall Model (Brewer-Nash) (State Model)?
Initially designed to address the risks inherent with employing consultants to work on financial systems
Generally designed to avoid conflicts of interest by prohibiting one person from accessing multiple Conflict of Interest Categories (COI).
In termsof the Chinese Wall Model (Brewer-Nash) (State Model)
what do COIs pertain to?
COIs (Conflict of Interest Categories) pertain to accessing company-sensitive information from different companies that are in direct competition with one another.
In terms of Conflict of Interest Categories
what is the main design issue for COIs in the Chinese Wall Model (Brewer-Nash) (State Model)?
Requires that COIs be identified so that one consultant gains access to one COI, they cannot access opposing COIs.
In terms of Security Models
what is the Noninterference Model (State Model)?
Ensures that data from different security domains remain separate.
In terms of Security Models
what does the Noninterference Model (State Model) control against?
Controls against covert channel communications because the information cannot cross boundaries
In terms of Security Models
what is the main design principal to the Noninterference Model (State Model)?
Each data access attempt is independent and has no connection to previous data access attempts.
In terms of Security Models
what is the Take-Grant Model (State Model)?
Refers to rules that govern interactions between subjects and objects
In terms of Security Models
what are the four general rules in the Take-Grant Model (State Model)?
1: Create Privileges: (Alice Creates Privileges for Docs)
2: Remove Privileges: (Alice Removes Privileges for Docs)
3: Grant Privileges: (Alice Grants Privileges to Carol)
4: Take Privileges: (Bob Takes Privileges from Alice)
In terms of Security Models
what is the Access Control Matrix Model (State Model)?
A Table that defines what access permissions exist between subjects and objects.
A data structure that acts as a lookup table for the Operating System
In terms of Security Models
what are the six frameworks for information security in the Zachman Framework for Enterprise Architecture?
Provides six frameworks for providing information security.
1: Who
2: What
3: When
4: Where
5: Why
6: How
In terms of Security Models
what are the three parts to the Graham-Denning Model (State Model)?
1: Objects
2: Subjects
3: Rules
In terms of Security Models
what are the 8 rules to the Graham-Denning Model (State Model)?
R1: Transfer Access
R2: Grant Access
R3: Delete Access
R4: read Object
R5: Create Object
R6: destroy Object
R7: Create Subject
R8: Destroy Subject
In terms of Security Models
what is the Harrison-Ruzzo Model (State Model)
Maps subjects, objects and access rights to an access matrix.
In terms of Security Models
what is the difference between the Harrison-Ruzzo Model (State Model) and the Graham-Denning Model?
A variation of the Graham-Denning Model; different in that it considers subjects to be objects.
In terms of Security Models
what iare the six primitives to the Harrison-Ruzzo Model (State Model)
1: Create Object
2: Create Subject
3: Destroy Subject
4: Destroy Object
5: Enter Right into Access Matrix
6: Delete Right from Access matrix
In terms of Conflict of Interest Categories
what are the four Modes of Operaiton?
1: Dedicated:
2: System high
3: Compartmented
4: Multilevel
In terms Conflict of Interest Categories
In the four Modes of Operaiton, what does Dedicated mean?
Contains objects of one classification only.
All subjects must have equal clearance or higher:
Appropriate Clearance
Formal access approval
Kneed to Know
In terms of Security Models
what are the three parts to the Graham-Denning Model (State Model)?
1: Objects
2: Subjects
3: Rules
In terms of Security Models
what iare the six primitives to the Harrison-Ruzzo Model (State Model)
1: Create Object
2: Create Subject
3: Destroy Subject
4: Destroy Object
5: Enter Right into Access Matrix
6: Delete Right from Access matrix
In terms of Security Models
What are the four modes of operation?
1: Dedicated:
2: System high
3: Compartmented
4: Multilevel
In terms of modes of operation
What is the dedicated mode?
Contains objects of one classification only.
All subjects must have equal clearance or higher:
Appropriate Clearance
Formal access approval
Kneed to Know
In terms of modes of operation
What is the System high mode?
System contains an object-mix of clearance levels
Subjects must have the same level of clearance as the highest object
In terms of modes of operation
What is the Compartmented mode?
All subjects have the same clearance level of the objects but do not have the formal approval authority nor a need to know.
Objects are places in compartments
Use technical controls to enforce as opposed to policy.
In terms of modes of operation
What is the Multilevel mode?
Stores objects of different sensitivity labels and allows subject access with differing clearances
The reference Monitor mediates access
In terms of modes of operation
Cam you implement both Discretionary AccessControl (DAC) and Mandatory Access Control (MAC)?
Yes
May use a Discretionary Access Control (DAC) or Mandatory Access Control (MAC)
What are Evaluation Methods, Certification and Accreditation designed to do?
Designed to gauge real-world security systems and products.
What is the granddaddy of evaluation models developed by DOD in the 1980s.?
The Trusted Computer System Evaluation Criteria (TCSEC – the Orange Book) is the granddaddy of evaluation models developed by DOD in the 1980s.
In terms of Evaluation Methods, Certification and Accreditation
Name the three main evaluation models?
1: The Trusted Computer System Evaluation Criteria (TCSEC – the Orange Book)
2: ITSEC (Information Technology Security Evaluation Criteria)
3: The International Common Criteria
In terms of Evaluation Methods, Certification and Accreditation
why is the The Trusted Computer System Evaluation Criteria (TCSEC – the Orange Book) significant?
The First significant attempt to define differing levels of security and access control.
In terms of Evaluation Methods, Certification and Accreditation
What is the Rainbow series?
Beginning with the The Trusted Computer System Evaluation Criteria (TCSEC – the Orange Book), the Rainbow series is a set of 35 different security standards with widely ranging topics.
In terms of Evaluation Methods, Certification and Accreditation
How is the The Trusted Computer System Evaluation Criteria (TCSEC – the Orange Book) organizaed?
Divisions (Higher Numbers and Letters are more secure)
D: Minimal Protection; systems that do not meet the requirements of higher divisions
C: Discretionary Protection; DAC (Discretionary Access Control)
C1: Discretionary Security Protection
C2: Controlled Access Protection
B: Mandatory Protection; MAC (Mandatory Access Controls)
B1: Labeled Security Protection
B2: Structured Protection
B3: Security Domains
A: Verified Protection
A1: Verified Design (everything in B3 plus more controls)
In terms of Evaluation Methods, Certification and Accreditation
Is the Trusted Computer System Evaluation Criteria (TCSEC – the Orange Book) still a valid model?
Old and no longer actively used but used as a reference for other models.
In terms of Evaluation Methods, Certification and Accreditation
What is one limitation to the Trusted Computer System Evaluation Criteria (TCSEC – the Orange Book) still a valid model?
Does not address networked issues.
In terms of Evaluation Methods, Certification and Accreditation
What is the significance to the The Red Book (Trusted Network Interpretation)?
Brings Orange Book concepts to networked systems
In terms of Evaluation Methods, Certification and Accreditation
What is the significance to the ITSEC (Information Technology Security Evaluation Criteria)?
The first successful international evaluation model
In terms of Evaluation Methods, Certification and Accreditation
Hod does the ITSEC (Information Technology Security Evaluation Criteria) differ from the ?The Trusted Computer System Evaluation Criteria (TCSEC – the Orange Book)
Refers to Orange Book but separates functionality from assurance (Effectiveness and Correctness)
In terms of Evaluation Methods, Certification and Accreditation
What are the equivalent ratings between the ITSEC (Information Technology Security Evaluation Criteria) and the The Trusted Computer System Evaluation Criteria (TCSEC – the Orange Book)
ITSEC TCSEC (Orange)
E0 D
F-C1 E1 C1
F-C2 E2 C2
F-B1 E3 B1
F-B2 E4 B2
F-B3 E5 B3
F-B3 E6 A1
In terms of Evaluation Methods, Certification and Accreditation
What are the Additional Functionality Ratings in the ITSEC (Information Technology Security Evaluation Criteria) ?
Additional Functionality Ratings
F-IN: High Integrity Requirements
AV: High Availability Requirements
DI: High Integrity Requirements for Networks
DC: High Confidentiality Requirements for Networks
DX: High Integrity and Confidentiality Requirements for networks.
In terms of Evaluation Methods, Certification and Accreditation
What is the significance to the The International Common Criteria?
The second major international criteria effort behind ITSEC
In terms of Evaluation Methods, Certification and Accreditation
What are the three design goals for the International Common Criteria?
1: Designed to avoid requirements beyond state of the art
2: Intended to evaluate commercially available as well as government produced
3: Primary Objective is to eliminate known vulnerabilities of the target for testing.
In terms of Evaluation Methods, Certification and Accreditation
What are the four International Common Criteria Terms?
1: Target of Evaluation (ToE): the system which is being evaluated
2: Security Target (ST): The documentation describing the ToE including the security requirements and operational environment
3: Protection Profile (PP): an independent set of security requirements and objectives for a specific category of products
4: Evaluation Assurance Level (EAL): The score of the tested product.
In terms of Evaluation Methods, Certification and Accreditation
What are the seven International Common Criteria Levels of Evaluation ?
EAL1: Functionally Tested
EAL2: Structurally Tested
EAL3: Methodically Tested and Checked
EAL4: Methodically designed, tested and reviewed
EAL5: Semi-formally designed and tested
EAL6: Semi-formally verified, designed and tested
EAL7: Formally verified, designed and tested
In terms of Evaluation Methods, Certification and Accreditation
What is the PCI-DSS (Payment Card Industry- Data Security Standard)?
Created by the Payment Card Industry Security Standards Council (PCI-SCC)
Seeks to protect credit cards by requiring vendors to take specific security precautions.
In terms of Evaluation Methods, Certification and Accreditation
What are the five requriements that the PCI-DSS (Payment Card Industry- Data Security Standard) meets?
1: Security Management
2: Policies
3: Procedures
4: Network Architecture
5: Software Design
In terms of Evaluation Methods, Certification and Accreditation
What are the six core principlas in the PCI-DSS (Payment Card Industry- Data Security Standard) meets?
1: Build and Maintain a secure network
2: Protect cardholder data
3: Maintain a vulnerability management program
4: Implement strong access control measures
5: Regularly monitor and test networks
6: Maintain an Information Security Policy
In terms of Evaluation Methods, Certification and Accreditation
What is Certification and Accreditation
Certification means that a system has been certified to meet the security requirements of the data owner.
Certification considers the system, the security measures taken to protect the system and the residual risk represented by the system.
Accreditation is the data owner’s acceptance of the certification and the residual risk required before the system is put into action,
1: What type of memory is used often for CPU registers?
A: DRAM
B: Firmware
C: ROM
D: SRAM
D: SRAM
2: What type of attack is also known as a race condition?
A: Buffer Overflow
B: Cramming
C: Emanations
D: TOCTOU
D: TOCTOU
3: What model should you use if you are concerned with Confidentiality of Information?
A: Bella-LaPadulla
B: Biba
C: Clark-Wilson
D: Confidentiality Model
A: Bella-LaPadulla
4: On Intel x86 systems, the kernel normally runs at which CPU Ring?
A: Ring 0
B: Ring 1
C: Ring 2
D: Ring 3
A: Ring 0
5: Which mode of operations has objects and subjects with various security labels from least to most secure or trusted?
A: Compartmented
B: Dedicated
C: Multilevel Security
D: System High
C: Multilevel Security
6: What type of Firmware is erased via ultraviolet light
A: EPROM
B: EEPROM
C: Flash Memory
D: PROM
A: EPROM
7: You are surfing the web via a wireless network. Your wireless network becomes unreliable, so you plug into a wired network to continue surfing. While you changed physical networks, your browser required no change. What security feature allows this?
A: Abstraction
B: Hardware Segmentation
C: layering
D: Process Isolation
C: layering
8: What programming language may be used to write applets that use a sandbox to provide security?
A: Active X
B: C++
C: Java
D: Python
C: Java
9: What Common Criteria term describes the system or software being tested?
A: EAL
B: PP
C: ST
D: TOE
D: TOE
10:What nonvolatile memory normally stores the operating system kernel on an IBM PC-compatible system
A: Disk
B: Firmware
C: Ram
D: ROM
A: Disk
11: What type of system runs multiple programs simultaneously on multiple CPUs?
A: Multiprocessing
B: Multiprogramming
C: Multitasking
D: Multithreading
A: Multiprocessing
12: An attacker deduces that an organization is holding an offsite meeting and has few people in the building based on the low traffic volume to and from the parking lot and uses the opportunity to break into the building. What type of an attack has he launched?
A: Aggregation
B: Emanations
C: inference
D: Maintenance Hook
C: inference
13: An Open System is what?
A: A Process that has not been terminated
B: A System built from industry-standard parts
C: Allows anyone to read and change the source code
D: Contains free software
B: A System built from industry-standard parts
14: What security model has 8 rules?
A: Graham-Denning
B: Harrison-Ruzzo-Ullman
C: TCSEC
D: Zachman Framework
A: Graham-Denning
15: What is the highest TCSEC class applicable to discretionary access control systems which sends data across networks?
A: A
B: B
C: C
D: D
D: D
