Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISSP > Domain 5: Security Architecture and Design > Flashcards

Domain 5: Security Architecture and Design Flashcards

1
Q

What is RAM?

A

RAM (Random Access Memory): Volatile hardware memory that loses integrity after loss of power.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is aReference Monitor?

A

Reference Monitor: Mediates all access between subjects and objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is ROM?

A

ROM (Read Only Memory): Nonvolatile memory that maintains integrity after loss of power.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is TCSEC?

A

TCSEC (Trusted Computer System Evaluation Criteria): Known as the Orange Book.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is TCB?

A

TCB (Trusted Computer Base): The security relevant portions of a computer system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Virtualization?

A

Virtualization: An interface between computer hardware and the operating system that allows multiple guest operating systems to run on one host computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the two things that Security Architecture and Design describes?

A

1: fundamental logical hardware, operating system and software security components
2: How to use those components to design, architect and evaluate secure computer systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the three Domain Parts to Security Architecture and Design describes?

A

1: Hardware and software required to have secure computer system
2: Logical models required to keep the computer secure
3: Evaluation models that quantify how secure a system really is

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does

Secure System Design represent?

A

universal best practices; It transcends specific hardware and software implementations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is layering?

A

Separates hardware and software functionality into modular tiers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What networking protocol isi similar to layering by profiding a similar function?

A

TCP/IP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Explain how layeriing works when in your systej when you change disk drives from IDE to SCSI

A

Example: A disk drive in the hardware layer has changed from IDE to SCSI. The device drivers in the adjoining layer will also change but the other layers in the Operating System and the Application layers will remain unchanged.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the generic names for the four layers?

A

1: Hardware
2: kernel and device drivers
3: Operating System
4: Applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Why is abstraction a good design principal?

A

Complexity is the enemy to security and computers are extremely complex machines.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Why does abstraction provide the user?

A

Abstraction hides unnecessary detail from the user and provides a way to manage that complexity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

In the context of Secure System Design Concepts, Name two definitions for a a Securitiy Domain?

A

1: A list of objects a subject is allowed to access.
2: Groups of subjects and objects with similar security requirements like CONFIDENTIAL, SECRET and TOP Secret or User Mode and kernel Mode.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What does kernel mode provide access to?

A

Allows low-level access to hardware (memory, CPU, disk, etc).

Most trusted and powerful part of the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is another name for does kernel mode ?

A

Supervisor Mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is The Ring Model?

A

A form of CPU layering that separates and protects domains from each other.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are the four generic names to the the Ring Model layers?

A

Ring 0: Kernel

Ring 1: Other OS components that do not fit into Ring 0

Ring 2: Device Drivers

Ring3: User Applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is the name for the process for communicting between layers in the Ring Model?

A

System Calls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is one advantage and one disadvantage to System Calls?

A

System Calls are slow compared to inner ring communication but provide security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Practically, why do most X86 CPUs, including Linux and Windows, only use Ring 0 and Ring 3

A

because of performance issues.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What Ring Layer does a Hypervisor operate in?

A

Hypervisor (Ring 1)

Allows virtual guests to operate in Ring 0.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is the difference beetween an Open and Closed System?

A

An open system uses open hardware and standards from a variety of vendors.

A closed system uses proprietary hardware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is the difference beetween an Open system and Open Source?

A

An open system uses open hardware and standards from a variety of vendors.

Open source makes source code publicly available.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is the difference beetween The System Unit and the Motherboard?

A

System Unit: The case and all the internal electronic computer parts including the motherboard, disk drives, power supply, etc.

Motherboard: hardware components like the CPU, memory slots, firmware, and peripheral slots

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is the purpose of The Computer Bus?

A

Primary communications channel between all components.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Some systems have two buses. What are thier names?

A

Northbridge & Southbridge: Two buses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What does each bus (Northbridge & Southbridge) propvide the communication channels for?

A
  • *Northbridge**
    1: Memory Controller Hub – MCH)

2: Connects CPU to RAM and Video Memory

The Northbridge Bus is directly connected to the CPU and is faster than southbridge

Southbridge

1: I/O Controller Hub – ICH)
2: Connects input/output devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What does the acronym MCH stand for?

A

Memory Controller Hub – MCH

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What does the acronym ICH stand for?

A

I/O Controller Hub – ICH

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What does the acronym CPU stand for?

A

Central Processing Unit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What is the difference between the Arithmetic Logic Unit (ALU) and Control Unit?

A

ALU performs mathematical calculations

Control Unit feeds instructions to the ALU

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What does the acronym ALU stand for?

A

Arithmetic Logic Unit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What is another name for Fetch & Execute?

A

Also called Fetch – Decode – Execute (FDX)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What does the acronym FDX stand for?

A

Fetch – Decode – Execute (FDX)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What are the generic four steps to the Fetch & Execute clock cycle?

A

1: Fetch Instruction 1
2: Decode Instruction 1
3: Execute Instruction 1
4: Write (save) Result

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What is Pipelining?

A

Combines multiple steps into one process allowing simultaneous FDX and increasing throughput.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

What is the pipeline depth?

A

The pipeline depth is the number of simultaneous stages which may be completed at once.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

What is an Interrupt?

A

Indicate that an asynchronous event has occurred that causes the CPU from processing its current task, save the state, and begin processing a new request.

When the new task is complete, the CPU will complete the prior task.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

What is a Process?

A

An executable program and its associated data loaded and running in memory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

What is a Heavy Weight Process called?

A

(HWP) is called a task.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What is a Light Weight Process called?

A

LWP is called a thread

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What does the acronym LWP stand for?

A

Light Weight Process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

What does the acronym HWP stand for?

A

Heavy Weight Process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

What is the differenece between Heavy Weight Processes and Light Weight Processes?

A

HWPs do not share memory while LWPs share memory resulting in low overhead.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

What is a thread?

A

A Parent process may spawn child processes called Threads.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

What is a zombie process?

A

A child process whose parent has terminated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

What are the five process states?

A

1: New: A process being created
2: Ready: Processes waiting to be executed by the CPU
3: Running: Processes being executed by the CPU
4: Blocked: Processes waiting for I/O
5: Terminated: Process that are complete.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

What is Multitasking?

A

Multitasking: Allows multiple HWP (Heavy Weight Processes) to run simultaneously on one computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

What is Multiprogramming?

A

Allows multiple programs to run simultaneously on one computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

What is Multithreading?

A

Multithreading: Allows multiple LWP (Light Weight Processes - threads) to run simultaneously on one computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

What is Multiprocessing?

A

Multiprocessing: Allows multiple processes to run simultaneously on multiple CPUs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

What is Symmetric Multiprocessing (SMP)?

A

Symmetric Multiprocessing (SMP): One operating system manages all CPUs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

What is Asymmetric Multiprocessing (ASMP or AMP)?

A

Asymmetric Multiprocessing (ASMP or AMP): One operating system essentially all independent systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Name the six types of “Multi” processing schemes:

A

1: Multitasking: Allows multiple HWP (Heavy Weight Processes) to run simultaneously on one computer.
2: Multiprogramming: Allows multiple programs to run simultaneously on one computer.
3: Multithreading: Allows multiple LWP (Light Weight Processes - threads) to run simultaneously on one computer.
4: Multiprocessing: Allows multiple processes to run simultaneously on multiple CPUs.
5: Symmetric Multiprocessing (SMP): One operating system manages all CPUs.
6: Asymmetric Multiprocessing (ASMP or AMP): One operating system essentially all independent systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

What is a Watchdog Timer?

A

Watchdog Timer: Design to recover a system by rebooting after critical processes hang.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

What is the difference between CISC and RISC architectures??

A

CISC (Complex Instruction Set Computer): Low-level commands are longer and powerful using less individual instructions to perform a complex task.

RISC (Reduced Instruction Set Computer): Low-level commands are shorter and simpler using more individual instructions to perform a complex task but allowing less cycles per instruction and more efficient code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

What does the acronym CISC stand for?

A

CISC (Complex Instruction Set Computer): Low-level commands are longer and powerful using less individual instructions to perform a complex task.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

What does the acronym RISC stand for?

A

RISC (Reduced Instruction Set Computer): Low-level commands are shorter and simpler using more individual instructions to perform a complex task but allowing less cycles per instruction and more efficient code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

Which architecture is best: RISC or CISC?

A

No correct answer

CISC used in x86 CPUs

RISC used in smart phones, powerPCs, SPARC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

Which architecture is best: RISC or CISC?

A

No correct answer

CISC used in x86 CPUs

RISC used in smart phones, powerPCs, SPARC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

What does the acronym RAM stand for?

A

Random Access memory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

Is RAM volatile?

A

Yes but some RAM has remanence for seconds or minutes after loss.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

What os Sequential memory?

A

Like a tape, must sequentially read memory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

What is memory Volatility?

A

Like RAM, loses integrity after power loss.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

What is memory Nonvolatility?

A

Like ROM, Disk or tape, does not lose integrity after power loss.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

What does the acronym ROM stand for?

A

ROM (Read Only Memory).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

What is the main difference between ROM and RAM?

A

ROM is Nonvolatile while RAM is volatile.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

Can you overwrite ROM?

A

Yes - Some types of ROM may be overwritten in a process called flashing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

What is Real or Primary Memory?

A

Real or Primary: Like RAM, directly accessible by the CPU and is used to hold data and instructions for currently running processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

What is Secondary Memory?

A

Secondary: Like disks, is not directly accessible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

What is Cache?

A

Fastest memory on the system, the data most frequently used by the CPU.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

Name the five types of cache in order of speed.

A

1: Register File: The fastest portion of the cache, small storage locations used to store instructions and data.
2: Level 1: Next Fastest, Located on the CPU.
3: Level 2: Next Fastest, connected to the CPU but Located outside.
4: SRAM (Static Random Access Memory): Expensive and Fast, uses small latches called flip-flops to store bits.
5: DRAM (Dynamic Random Access memory):: Stores bits in small capacitors (like batteries) and is slower and cheaper than SRAM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

In regards to cache, what is a Register File?

A

Register File: The fastest portion of the cache, small storage locations used to store instructions and data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

In regards to cache, what is Level 1 cache?

A

Reallyy fast memory Located on the CPU.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

In regards to cache, what is Level 2 cache?

A

Reallyy fast memory Located outside the CPU but directly connected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

In regards to cache, what is SRAM?

A

SRAM (Static Random Access Memory): Expensive and Fast, uses small latches called flip-flops to store bits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

What does the acronym SRAM stand for?

A

SRAM (Static Random Access Memory):

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

What does the acronym DRAM stand for?

A

Dynamic Random Access memory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

What does the acronym DRAM stand for?

A

Dynamic Random Access memory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

In regards to cache, what is DRAM memory?

A

Stores bits in small capacitors (like batteries) and is slower and cheaper than SRAM.

Leak charge and must be refreshed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

What is the difference between asynchronous and synchronous SRAM?

A

Synchronous SRAM is designed to exactly match the speed of the CPU, while asynchronous is not. That little bit of timing makes a difference in performance. Matching the CPU’s clock speed is a good thing, so always look for synchronized SRAM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

What is the General Rule cache and location to the CPU?

A

General Rule: the closer memory is to the CPU, the faster and more expensive it is. As you move away from the CPU (SRAM, DRAM to Disk, tape, etc) it becomes slower and less expensive.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

In terms of Memory Addressing, what is Direct Addressing?

A

The CPU adds the values stored here (at this memory location).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

In terms of Memory Addressing, what is Indirect Addressing?

A

Indirect Addressing (Pointer):

The CPU adds the value stored in memory location here.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

In terms of Memory Addressing, what is Register Direct Addressing?

A

The same as Direct Addressing except that it references a CPU register.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

In terms of Memory Addressing, what is Register Indirect Addressing?

A

The same as InDirect Addressing except the pointer is stored in the register.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

What is Memory Proteection?

A

Prevents one process from affecting the CIA of other processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

What is Memory design requirement for secure multiuser and multitasking systems.

A

Memory Protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

In terms of Memory Protection,

What is Process Isolation?

A

A logical control that attempts to prevent one process from interfering with another.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

In terms of Memory Protection,

Why is Process Isolation important?

A

A lack of process isolation means that one process crash could crash the entire operating system or that an attacker could affect the CIA of any transaction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

In terms of Memory Protection,

What is an Interference attack?

A

Interference attacks are CIA attacks on process isolation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q

In terms of Memory Protection,

what is one exampleof an interferenceattack for each element of CIA?

A

Confidentiality: read your credit card number during an online purchase.

Integrity: Change your credit card number during an online purchase

Availability: Stopping an online purchase

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

In terms of Memory Protection,

what are the four techniques used to provide process isolation

A

1: Virtual memory
2: Object Encapsulation
3: Time Multiplexing
4: Hardware Segmentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

In terms of Memory Protection,

how does Virtual Memory provide Process Isolation?

A

Provides virtual address mapping between applications and hardware memory.

where process A’s address space is different from process B’s address space - preventing A to write into B.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q

In terms of Memory Protection,

Is the function of Virtual Memory only Process Isolation?

A

No - it has Multiple Functions:

1: Multitasking (multiple tasks on one CPU)
2: Shared library for multiple processes
3: Swapping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

What are the three functions of Virtual Memory?

A

1: Multitasking (multiple tasks on one CPU)
2: Shared library for multiple processes
3: Swapping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q

Is Virtual Memory = Swapping?

A

No - it has three functions:

1: Multitasking (multiple tasks on one CPU)
2: Shared library for multiple processes
3: Swapping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q

In terms of Virtual Memory,

What is paging?

A

Paging: Copies blocks of memory between RAM and secondary memory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
102
Q

In terms of Virtual Memory,

What is swap space?

A

Swap space is often a dedicated partition on the hard drive and is used to extend the amount of available memory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
103
Q

In terms of Virtual Memory,

What is a page fault?

A

If the kernel attempts to access a page (fixed-length block of memory) located in swap space, a page fault occurs telling the computer to swap the page from the Swap Space into RAM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
104
Q

In terms of Virtual Memory,

What is a swapping designed to do?

A

Designed as a protective measure to handle occasional bursts of memory usage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
105
Q

In terms of Virtual Memory,

What is the generic process for swapping?

A

1: Computers keep filling RAM until almost filled.
2: The system will Swap idle processes to Swap Space.
3: As both RAM and Swap Space fills up, the system will start thrashing by swapping active processes to Swap space.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
106
Q

In terms of Virtual Memory,

What is thrashing?

A

As both RAM and Swap Space fills up, the system will start thrashing by swapping active processes to Swap space.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
107
Q

In terms of Virtual Memory,

What is are two mitigations to thrashing?

A

1: Add more memory
2: Remove processes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
108
Q

In terms of Virtual Memory,

What is firmare?

A

Stores small programs that do not change that often in ROM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
109
Q

In terms of Virtual Memory,

What are the three types of firmare?

A

1: PROM (Programmable Read Only Memory): Can be written once typically at the factory.
2: EPROMS (Erasable Programmable Read Only Memory):
3: EEPROMS (Electrically Erasable Programmable Read Only Memory):

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
110
Q

In terms of Virtual Memory and firmware

What is a PROM?

A

PROM (Programmable Read Only Memory): Can be written once typically at the factory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
111
Q

In terms of Virtual Memory and firmware

What is a EPROM?

A

Erasable Programmable Read Only Memory that May be flashed or erased or written many times.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
112
Q

In terms of Virtual Memory and firmware

Where did the term Flashing come from?

A

Flashing derived from EPROMs because they were erased by flashing ultraviolet light onto a small window on the chip.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
113
Q

In terms of Virtual Memory and firmware

What is Flashing?

A

Flashing is the process of erasing and re-writing EPROMs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
114
Q

In terms of Virtual Memory and firmware

What is an EEPROM?

A

EEPROMS (Electrically Erasable Programmable Read Only Memory): May be flashed or erased or written many times

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
115
Q

In terms of Virtual Memory and firmware

What is the difference between a EPROM and an EEPROM?

A

EEPROMS are a Modern type of ROM, electrically erasable via flashing programs.

Any byte of a EEPROM can be overwritten.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
116
Q

In terms of Virtual Memory and firmware

What is the difference between a EPROM and an EEPROM?

A

EPROMs can be flashed but it is all or nothing.

EEPROMS are a Modern type of ROM, electrically erasable via flashing programs. Any byte of a EEPROM can be overwritten.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
117
Q

In terms of Virtual Memory and firmware

What is Programmable Logic Device (PLD):

A

Programmable Logic Device (PLD) are programmed after it leaves the factory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
118
Q

In terms of Virtual Memory and firmware

Name three types of Programmable Logic Devices (PLDs)

A

1: EPROMS
2: EEPROMS
3: Flash memory are all PLDs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
119
Q

In terms of Virtual Memory and firmware

What is the issue with destroying firmware as compared to other electronics?

A

Chip-based media is not like magnetic disks; Degausers may not work.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
120
Q

In terms of Virtual Memory and firmware

What does the acronym BIOS stand for?

A

Basic Input Output System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
121
Q

In terms of Virtual Memory and firmware

What is a BIOS?

A

Code in firmware that is executed when the PC is turned on,

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
122
Q

In terms of Virtual Memory and firmware

What does the acronym WORM stand for?

A

WORM (Write Once Read Many) Storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
123
Q

In terms of Virtual Memory and firmware

What is the advantage WORM memory?

A

Insures Integrity because there is some assurance that the data cannot be modified.

124
Q

In terms of Virtual Memory and firmware

Name three types of WORM memory?

A

1: CD-R: Compact Disc Recordable
2: DVD-R: Digital Versatile Disk Recordable
3: Some Digital Linear Tape (DLT) drives and media

125
Q

In terms of Virtual Memory and firmware

Name two types memory that are often confused as WORM memory but are not?

A

1: CD-RW
2: DVD-RW

126
Q

What is Secure Operating System and Software Architecture

A

Provides a secure interface between the hardware and application layers.

127
Q

What does an operating system do?

A

Operating systems provide memory, resource and process management.

128
Q

What does the kernel do?

A

Provides interface between the Operating System and the hardware.

129
Q

What ring number does the kernel operate at?

A

Usually runs at Ring 0

130
Q

What are two kernel designs?

A

1: Monolithic
2: Microkernel

131
Q

how does a monolithic kernel design work?

A

Monolithic: compiled into one static executable and runs in supervisor mode.

132
Q

How does a Microkernel kernel design work?

A

Microkernel: Modular kernels; smaller, less native functionality compared to Monolithic kernels.

Can add new functionality via loadable kernel modules.

May run modules at User Level – Ring 3

133
Q

What does a Reference Monitor do?

A

Mediates access between subjects and objects.

134
Q

How does a Reference Monitor work?

A

Enforces system security policy like restricting SECRET subjects from accessing TOP SECRET objects

135
Q

What is a key design principla for a Reference Monitor ?

A

Always enabled and cannot be bypasses

136
Q

Can you evaluate the security of the reference monitor?

A

Secure systems can evaluate the security of the reference monitor.

137
Q

What is the difference between UNIX/LINUX and Windows User and File Permisisons?

A

Both LINUX/UNIX and Windows Operating systems usually grant read, write and execute permissions. Windows has more: Modify and full control.

138
Q

What is a Privileged Program?

A

Normal users can’t edit the system files like the password file but they need to be able to change their password.

139
Q

What is the Unix setuid programs for?

A

In Unix, setuid programs let normal users run Privileged Programsas as the file’s owner. Setgid runs with the permission’s of the file’s group.

140
Q

What is virtualization?

A

Adds a software layer between an operating system and the underlying computer hardware.

Allows multiple guest operating systems to run simultaneously on one physical host.

141
Q

What are types of virtualization?

A

1: Transparent
2: Paravirtualization

142
Q

What is Transparent virtualization?

A

runs stock operating systems

143
Q

What is Paravirtualization ?

A

runs specially modified operating systems with modified kernel system calls.

144
Q

Name one advantage and one disadvantage to Paravirtualization ?

A

Advantage:Can be more efficient

Disadvantage: Requires changing the guest operating systems; may not be possible for closed systems like windows.

145
Q

Name four advantages virtualization ?

A

1: Lower hardware costs by consolidation and lower power and cooling requirements
2: Snapshots allows admins to create OS images that can be restore at the click of a mouse.
3: Testing becomes simple
4: Clustering virtual guests is easier than clustering Operating Systems directly on hardware.

146
Q

Name three security issues with virtualization ?

A

1: Technology complex and relatively new.
2: It is not a replacement for a firewall; never combine guests with different security requirements (like a DMZ and an Internal Box)
3: Risk of virtualization escape is of high interest to the research community

147
Q

What is a Thin Client?

A

Runs on a full operating system but uses a web browser as a universal client.

148
Q

Name four advantages to Thin Clients?

A

1: Simplify client server architecture and design
2: Improve Performance
3: Lower costs
4: All data is stored on servers

149
Q

Name two security issues with Thin Clients?

A

1: Client must patch the browser and operating system for security.
2: Applications are patched in the server.

150
Q

In terms of System Vulnerabilities, Threats and Countermeasures

What is an Emanation?

A

Energy that escapes electronic systems.

151
Q

In terms of System Vulnerabilities, Threats and Countermeasures

What is TEMPEST?

A

A codename by the US NSA for a standard for shielding emanations

152
Q

In terms of System Vulnerabilities, Threats and Countermeasures

What is a Covert Channels?

A

Any communications that violates security policy

153
Q

In terms of System Vulnerabilities, Threats and Countermeasures

Name Two Types of Covert Channels?

A

1: Storage Channels: The storage of an item has some secret meeting that has nothing to do with the item itself.
2: Timing Channels: The response times to various scenarios may indicate unintended information.

154
Q

In terms of Covert Channels,

What is a Storage Channel?

A

Storage Channels: The storage of an item has some secret meeting that has nothing to do with the item itself.

155
Q

In terms of Covert Channels,

What is a Timing Channelsl?

A

Timing Channels: The response times to various scenarios may indicate unintended information.

156
Q

In terms of Covert Channels,

What is the opposite of a Covert Channel?

A

The opposite of a Covert Channel is a Overt Channel; authorized communications that complies with policy.

157
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

What is a Buffer Overflow?

A

Occur when a programmer fails to perform boundary checking.

158
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

What is Smashing the Stack?

A

Another name for Buffer Overflow, Smashing the Stack is what an attacker does when he tries to insert information into a variable that is much larger than the programmer intended.

159
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

How do you mitigate Buffer Overflows?

A

Mitigated by secure application development.

160
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

What does the acronym TOCTOU stand for?

A

TOCTOU: Time of Check / Time of Use Race Conditions

161
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

What is a race condition?

A

A race condition is when an attacker attempts to alter a condition after it has been checked by the operating system but before it is used.

162
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

What is a Backdoor?

A

Shortcut in the system that allows a user to bypass security controls.

163
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

How do attackers install Backdoors?

A

Attackers will often install a backdoor once they compromise a system.

164
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

Are there legitimate Backdoors?

A

Yes- Maintenance hooks are a type of backdoor; shortcuts installed by system designers to allow developers to bypass security during development.

165
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

What is Malicious Code?

A

Generic term for any type of software that attacks an application or system.

166
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

What are four types Malicious Code?

A

1: Viruses
2: Worms
3: Trojans
4: Logic bombs

167
Q

In terms of Malicious Code,

What is a virus?

A

Malcode that does not spread automatically; they require a carrier like a USB drive or floppy disk.

168
Q

In terms of Malicious Code,

Name five types of viruses?

A

1: Macro Virus: written in a macro language like MS Office.
2: Boot Sector Virus: Installs itself in the boot sector of the hard drive ensuring that the virus loads every time the system is started.
3: Stealth Virus: Hides itself from the OS and AV systems.
4: Polymorphic Virus: a virus that changes its signature upon infection to evade AV
5: Multipartite Virus (Multipart): spreads via multiple vectors

169
Q

In terms of Malicious Code viruses,

What is Macro Virus?

A

Macro Virus: written in a macro language like MS Office.

170
Q

In terms of Malicious Code viruses,

What is a Boot Sector Virus?

A

Boot Sector Virus: Installs itself in the boot sector of the hard drive ensuring that the virus loads every time the system is started.

171
Q

In terms of Malicious Code viruses,

What is a Stealth Virus?

A

Stealth Virus: Hides itself from the OS and AV systems.

172
Q

In terms of Malicious Code viruses,

What is a Polymorphic Virus?

A

Polymorphic Virus: a virus that changes its signature upon infection to evade AV

173
Q

In terms of Malicious Code viruses,

What is a Multipartite Virus ?

A

Multipartite Virus (Multipart): spreads via multiple vectors

174
Q

In terms of Malicious Code,

What is a Worm?

A

Malware that self-propagates.

Coined by John Brunner in 1975’s “The Shockwave Rider”

175
Q

In terms of Malicious Code,

Name two ways that a Worm casues damage.

A

Cause damage in two ways:

1: with the malicious code they carry and
2: Also with the generated network traffic from aggressive worms self-propagation.

176
Q

In terms of Malicious Code,

What was the first First Widespread Worm?

A

First Widespread Worm: Morris Worm of 1988.

177
Q

In terms of Malicious Code,

What is a Trojan?

A

Also called a Trojan Horse (derived from Virgil’s poem “ The Aeneid”)

Performs two functions; one benign (like a game) and the other, the Malcode.

178
Q

In terms of Malicious Code,

What is a Logic bomb?

A

Malicious code triggered when a logical condition is met.

Malcode often contain logic bombs that behave one way until a specific condition is met and then completely change tactics.

179
Q

In terms of Malicious Code,

What is a Zero day exploit?

A

A Zero day exploit is Malcode for which there is no vendor-supplied patch.?

180
Q

In terms of Malicious Code,

What is a Root Kit?

A

Malware that replaces portions of the kernel and/or operating system.

181
Q

In terms of Malicious Code,

What does a user-mode (Ring 3) Root Kit do?

A

A user-mode (Ring 3) rootkit replaces operating system components like ls or ps.

182
Q

In terms of Malicious Code,

What does kernel mode (Ring 0) Root Kit do?

A

A kernel mode (Ring 0) rootkit replaces kernel modules.

183
Q

In terms of Malicious Code,

What does a Packer do?

A

Provide runtime compression of executable.

184
Q

In terms of Malicious Code,

How does Runtime compression (Packers) work?

A

Runtime compression works by compressing the original executable and appending a small decompresser the now compressed exe. Upon execution, the decompresser unpacks the original exe and executes it.

185
Q

In terms of Malicious Code,

Are Packers malcode?

A

No- Neutral technology; not malicious code per se. but attackers use the technology to avoid AV detection.

186
Q

In terms of Malicious Code,

What is Anti Virus?

A

Software that is designed to prevent and detect Malicious Code

187
Q

In terms of Malicious Code,

Name two types of Anti Virus?

A

1: Signature-based av uses static signatures of known malware
2: Heuristic-based av uses anomaly-based detection

188
Q

In terms of Malicious Code,

What is Signature-based AV ?

A

Signature-based av uses static signatures of known malware

189
Q

In terms of Malicious Code,

What is Heuristic-based AV ?

A

Heuristic-based av uses anomaly-based detection

190
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

What is a Server Side Attacks (Service Side Attacks)?

A

Launched by an attacker at a listening service.

Exploit vulnerabilities in installed services but this is not exclusively a server problem.

191
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

Name three mitigations for Server Side Attacks (Service Side Attacks)?

A

1: Patching
2: Firewalls
3: Other Defense in Depth measures

192
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

What is a Client Side Attack?

A

Launched when a user downloads malicious content; initiated from the victim

The flow of data is reversed compared to server-side.

193
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

What is the main differnece between a Client Side Attack and a server side attack?

A

Client Side Attacks are initiated from the victim. The flow of data is reversed compared to server-side.

Server side attacks are Launched by an attacker at a listening service.

194
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

Name three mitigations for Client Side Attacks?

A

1: Patching but more difficult than server side attacks
2: Firewalls but more difficult; designed to restrict inbound traffic, not outbound.
3: Other Defense in Depth measures

195
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

Why do attackers leverage Web Application Attacks?

A

Web 2.0 technology presents dynamic content and has increased the attack surface.

Dynamic Web languages like PHP (Recursive name that stands for Hypertext Processor) enables web pages to be more dynamic.

196
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

What is one example of a Web Application Attack?

A

Example: remote file inclusion attack

197
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

What is XML (Extensible Markup Language)?

A

Like HTML, a standard to encode documents and data but more universal.

Users can define their own formats.

198
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

What is Security Assertion Markup Language (SAML?

A

Security Assertion Markup Language (SAML) is an XML-based framework for exchanging security information including authentication data. Some forms of Single-Sign-On use SAML to exchange data.

199
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

What is Security Assertion Markup Language (SAML?

A

Security Assertion Markup Language (SAML) is an XML-based framework for exchanging security information including authentication data. Some forms of Single-Sign-On use SAML to exchange data.

200
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

What is an applet?

A

Small pieces of mobile code that are embedded in other software like browsers.

201
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

What is the difference between an applet and XML/HTML?

A

Unlike HTML and XML, applets are executables downloaded from servers and run locally.

202
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

Name two languages that attackers write malicious applets in.

A

Malicious Applets are like Malicious Code

Can be written in a variety of languages: Java and ActiveX

203
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

What is JAVA?

A

An Object Oriented programming langauage used to build Applets and general purpose programming

204
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

What is a unique design feature to the JAVA programming language?

A

Java bytecode is platform independent. It is interpreted by the Java Virtual Machine (JVM) available for a variety of Operating Systems.

205
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

What is a security feature of JAVA?

A

Run in a sandbox that segregates the code from the OS.

Designed to prevent the attacker that compromises an Applet from gaining access to the Operating System.

206
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

What is a security feature of Sandbox technology?

A

Code that runs in a sandbox must be self-sufficient meaning that it cannot rely on the Operating system to function.

207
Q

In terms of sandbox technologhy,

What is a Trusted Shell?

A

Trusted Shell is a statically compiled shell which can be used in sandboxes. It does not rely on the OS shared libraries.

208
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

Why do security people say that JAVA is insecure?

A

Java has two parts: the runtime that runs on your computer (and lets you run Java apps), and the browser plug-in that comes along with it. When people talk about Java being insecure, they’re talking about the browser plug-in. Java apps themselves aren’t inherently insecure, it’s the browser plug-in that causes problems.

209
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

What is Active X?

A

ActiveX is a software component of Microsoft Windows.

ActiveX controls are small programs, sometimes called add-ons that are used on the Internet.

210
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

What is the security design feature of Active X?

A

ActiveX uses digital certificates instead of sandboxes to provide security.

211
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

What is a Mobile Device Attack?

A

Range from USB flash drives to Laptops.

Infected with Malware outside the perimeter and then carried into an organization.

212
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

Name two Admin contorls to mitigate Mobile Device Attack?

A

Admin Controls like

1: Policy preventing or
2: limiting use.

213
Q

In terms of System Vulnerabilities, Threats and Countermeasures,

Name six Technical contorls to mitigate Mobile Device Attack?

A

Technical control like

1: preventing USB devices rom functioning.
2: Authentication via OSI Layer 2 802.1X
3: Patch Verification
4: Up to Date AV signatures
5: Network Access Control (NAC): Device based solution supported by vendors
6: Network Access Protection (NAP): OS solution supported by MS.

214
Q

In terms of Database Security,

What is Polyinstantiation?

A

Allows two different objects to have the same name; means that two rows may have the same primary key but will have different data.

215
Q

In terms of Database Security,

Why is Polyinstantiation needed?

A

Databases normally require rows to contain a unique primary key. The multi-level secure database cannot do that without allowing the manager to infer Top Secret Information.

Means that the database will create a row with a duplicate key: one labeled SECRET and one Labeled TOP SECRET.

216
Q

In terms of Database Security,

What is Inference and Aggregation?

A

Occurs when a user is able to use lower level access to learn restricted information.

217
Q

In terms of Database Security,

What is Inference ?

A

Inference requires deduction; lower level details provide clues

218
Q

In terms of Database Security,

What is Aggregation ?

A

Aggregation is a mathematical process; a user asks every question and receives every answer deriving restricted information

219
Q

In terms of Database Security,

What is the mitgation to Inference and Aggregation ?

A

Mitigation: Polyinstantiation

220
Q

In terms of Database Security,

What is Data Mining?

A

Searching large amounts of data to determine patterns that would otherwise get lost in the noise.

221
Q

In terms of Database Security,

What is a mitigation to Data Mining?

A

Defense in Depth

222
Q

In terms of Security Models,

What is a the difference between writing up and Reading Down?

A

Reading Down occurs when a subject reads an object at a lower security level

Writing Up occurs when a subject passes an object at a higher security level; the subject does not see any of the information in the object.

The difference between Reading Down and Writing Up is the direction flow.

223
Q

In terms of Security Models,

Writing Up protects which elements of CIA at the expense of what others?

A

Protects Confidentiality at the expense of integrity.

The subject passes the object to a higher security level without reading it. The subject does not read it (Confidentiality) but does not know if the information is valid (Integrity).

224
Q

In terms of Security Models,

What is a State Machine Model?

A

A State Machine is a mathematical model that groups all possible occurrences called states.

If every state is proven to be secure, then the system is secure.

225
Q

In terms of Security Models,

What is the Bell-LaPadula Model (State Machine)?

A

It is probably better known as the “no read up, no write down” model.

It uses a set of access control rules which use security labels on objects and clearances for subjects. Security labels range from Unclassified, For Official Use Only, Confidential, Secret, Top Secret, etc.

226
Q

In terms of Security Models,

What is the limitation of the Bell-LaPadula Model (State Machine)?

A

The model, however, has no clear distinction of protection and security.

227
Q

In terms of Security Models,

How does the Bell-LaPadula Model (State Machine) work?

A

The model emphasizes data confidentiality and controlled access to classified information. To control access to this information the clearance of the subject is compared to the classification of the objects in order for the subject to be granted access to the object.

228
Q

In terms of Security Models,

What are the Two mandatory access control rules for the Bell-LaPadula Model (State Machine)?

A

Simple Security Policy – A subject at a given security level may not read an object at a higher security level. The subject may not “read up”. For example, a person with a Secret clearance level may not read a report that is labeled with Top Secret.

The *-property or Confinement property – A subject at a given security level may not write to any object with a lower security level. The subject may not “write down”. Note: Trusted subjects are not restricted by this property.

229
Q

In terms of Security Models,

What is the Simple Security Policy in the Bell-LaPadula Model (State Machine)?

A

Simple Security Policy – A subject at a given security level may not read an object at a higher security level. The subject may not “read up”. For example, a person with a Secret clearance level may not read a report that is labeled with Top Secret.

230
Q

In terms of Security Models,

What is The *-property or Confinement property in the Bell-LaPadula Model (State Machine)?

A

A subject at a given security level may not write to any object with a lower security level. The subject may not “write down”. Note: Trusted subjects are not restricted by this property.

231
Q

In terms of Security Models,

What is Lattice-Based Access Controls (State Machine) model?

A

Allows security controls for complex environments.

Allows subjects to reach higher and lower security classifications.

232
Q

In terms of Security Models,

What is the main design principla for the Lattice-Based Access Controls (State Machine) model?

A

For every relationship between subject ad object, there are defined upper and lower access limits by the system.

233
Q

In terms of Security Models,

What are the three dependencies in the Lattice-Based Access Controls (State Machine) model?

A

Depends on three things:

1: The Subject’s Need
2: The Object’s Label
3: The Subject’s Role

234
Q

In terms of Security Models,

What are the two propertiess in the Lattice-Based Access Controls (State Machine) model?

A

1: Least Upper Bound (LUB)
2: Greatest Lower Bound (GLB)

235
Q

In terms of Security Models,

What is the Biba Model(State Machine)?

A

The Biba Model also carries a clever catch phrase: “no read down, no write up”.

The Biba model addresses integrity which was missing in the confidentiality focused Bell-La Padula model.

Much like the Bell-La Padula model, the Biba model uses objects and subjects. However, objects and subjects are grouped into integrity levels instead of given security labels.

236
Q

In terms of Security Models,

How does the Biba Model(State Machine) preserve integrity?

A

In order to preserve integrity, subjects may create content at or below their own integrity level and view content at or above their own integrity level. This helps to prevent data corruption thus preserving integrity.

237
Q

In terms of Security Models,

What are the two security rules associated with the Biba Model(State Machine)?

A

1: Simple Integrity Axiom: A subject at a given level of integrity must not read an object at a lower integrity level (no read down).
2: (star) Integrity Axiom: A subject at a given level of integrity must not write to any object at a higher level of integrity (no write up).

238
Q

In terms of Security Models,

What is the Simple Integrity Axiom in the Biba Model(State Machine)?

A

Simple Integrity Axiom: A subject at a given level of integrity must not read an object at a lower integrity level (no read down).

239
Q

In terms of Security Models,

What is the * (star) Integrity Axiom in the Biba Model(State Machine)?

A

A subject at a given level of integrity must not write to any object at a higher level of integrity (no write up).

240
Q

In terms of Security Models,

What is the Clark-Wilson (State Machine) model?

A

The Clark-Wilson model is concerned with information integrity using an integrity policy that defines enforcement rules (E) and certification rules (C).

241
Q

In terms of Security Models,

What is the basic principal of the Clark-Wilson (State Machine) model?

A

The basic principle of the model revolves around the idea of a transaction which is a series of operations.

The model essentially boils down to data items and processes that operate on these data items

242
Q

In terms of Security Models,

What is a A Constrained Data Item (CDI) in the Clark-Wilson (State Machine) model?

A

A Constrained Data Item (CDI) is considered the key data item in the model.

243
Q

In terms of Security Models,

What is a Integrity Verification Procedure (IVP) in the Clark-Wilson (State Machine) model?

A

An Integrity Verification Procedure (IVP) ensures that all CDIs in the system are valid.

244
Q

In terms of Security Models,

What is a Transformation Procedures (TPs) in the Clark-Wilson (State Machine) model?

A

Transformation Procedures (TPs) are the transactions that enforce the integrity policy.

A Transformation Procedure takes as input a Constrained Data Item or Unconstrained Data Item (UDI) (possible system input from users) and produces a Constrained Data Item.

A Transformation Procedure must transition the system from one valid state to another valid state via certification.

245
Q

In terms of Security Models,

What is a The Clark-Wilson triple in the Clark-Wilson (State Machine) model?

A

The Clark-Wilson triple is

the relationship that exists between the components of an authenticated principal,

a set of programs (Transformation Procedures),

and data items (Constrained Data Items and Unconstrained Data Items).

246
Q

In terms of Security Models,

What two concepts does the Clark-Wilson (State Machine) model enforce?

A

1: Separation of duties
2: Transformation procedures within the system

247
Q

In terms of Security Models,

What is the Chinese Wall Model (Brewer-Nash) (State Model)?

A

Initially designed to address the risks inherent with employing consultants to work on financial systems

Generally designed to avoid conflicts of interest by prohibiting one person from accessing multiple Conflict of Interest Categories (COI).

248
Q

In termsof the Chinese Wall Model (Brewer-Nash) (State Model)

what do COIs pertain to?

A

COIs (Conflict of Interest Categories) pertain to accessing company-sensitive information from different companies that are in direct competition with one another.

249
Q

In terms of Conflict of Interest Categories

what is the main design issue for COIs in the Chinese Wall Model (Brewer-Nash) (State Model)?

A

Requires that COIs be identified so that one consultant gains access to one COI, they cannot access opposing COIs.

250
Q

In terms of Security Models

what is the Noninterference Model (State Model)?

A

Ensures that data from different security domains remain separate.

251
Q

In terms of Security Models

what does the Noninterference Model (State Model) control against?

A

Controls against covert channel communications because the information cannot cross boundaries

252
Q

In terms of Security Models

what is the main design principal to the Noninterference Model (State Model)?

A

Each data access attempt is independent and has no connection to previous data access attempts.

253
Q

In terms of Security Models

what is the Take-Grant Model (State Model)?

A

Refers to rules that govern interactions between subjects and objects

254
Q

In terms of Security Models

what are the four general rules in the Take-Grant Model (State Model)?

A

1: Create Privileges: (Alice Creates Privileges for Docs)
2: Remove Privileges: (Alice Removes Privileges for Docs)
3: Grant Privileges: (Alice Grants Privileges to Carol)
4: Take Privileges: (Bob Takes Privileges from Alice)

255
Q

In terms of Security Models

what is the Access Control Matrix Model (State Model)?

A

A Table that defines what access permissions exist between subjects and objects.

A data structure that acts as a lookup table for the Operating System

256
Q

In terms of Security Models

what are the six frameworks for information security in the Zachman Framework for Enterprise Architecture?

A

Provides six frameworks for providing information security.

1: Who
2: What
3: When
4: Where
5: Why
6: How

257
Q

In terms of Security Models

what are the three parts to the Graham-Denning Model (State Model)?

A

1: Objects
2: Subjects
3: Rules

258
Q

In terms of Security Models

what are the 8 rules to the Graham-Denning Model (State Model)?

A

R1: Transfer Access

R2: Grant Access

R3: Delete Access

R4: read Object

R5: Create Object

R6: destroy Object

R7: Create Subject

R8: Destroy Subject

259
Q

In terms of Security Models

what is the Harrison-Ruzzo Model (State Model)

A

Maps subjects, objects and access rights to an access matrix.

260
Q

In terms of Security Models

what is the difference between the Harrison-Ruzzo Model (State Model) and the Graham-Denning Model?

A

A variation of the Graham-Denning Model; different in that it considers subjects to be objects.

261
Q

In terms of Security Models

what iare the six primitives to the Harrison-Ruzzo Model (State Model)

A

1: Create Object
2: Create Subject
3: Destroy Subject
4: Destroy Object
5: Enter Right into Access Matrix
6: Delete Right from Access matrix

262
Q

In terms of Conflict of Interest Categories

what are the four Modes of Operaiton?

A

1: Dedicated:
2: System high
3: Compartmented
4: Multilevel

263
Q

In terms Conflict of Interest Categories

In the four Modes of Operaiton, what does Dedicated mean?

A

Contains objects of one classification only.

All subjects must have equal clearance or higher:

Appropriate Clearance
Formal access approval
Kneed to Know

264
Q

In terms of Security Models

what are the three parts to the Graham-Denning Model (State Model)?

A

1: Objects
2: Subjects
3: Rules

265
Q

In terms of Security Models

what iare the six primitives to the Harrison-Ruzzo Model (State Model)

A

1: Create Object
2: Create Subject
3: Destroy Subject
4: Destroy Object
5: Enter Right into Access Matrix
6: Delete Right from Access matrix

266
Q

In terms of Security Models

What are the four modes of operation?

A

1: Dedicated:
2: System high
3: Compartmented
4: Multilevel

267
Q

In terms of modes of operation

What is the dedicated mode?

A

Contains objects of one classification only.

All subjects must have equal clearance or higher:

Appropriate Clearance
Formal access approval
Kneed to Know

268
Q

In terms of modes of operation

What is the System high mode?

A

System contains an object-mix of clearance levels

Subjects must have the same level of clearance as the highest object

269
Q

In terms of modes of operation

What is the Compartmented mode?

A

All subjects have the same clearance level of the objects but do not have the formal approval authority nor a need to know.

Objects are places in compartments

Use technical controls to enforce as opposed to policy.

270
Q

In terms of modes of operation

What is the Multilevel mode?

A

Stores objects of different sensitivity labels and allows subject access with differing clearances

The reference Monitor mediates access

271
Q

In terms of modes of operation

Cam you implement both Discretionary AccessControl (DAC) and Mandatory Access Control (MAC)?

A

Yes

May use a Discretionary Access Control (DAC) or Mandatory Access Control (MAC)

272
Q

What are Evaluation Methods, Certification and Accreditation designed to do?

A

Designed to gauge real-world security systems and products.

273
Q

What is the granddaddy of evaluation models developed by DOD in the 1980s.?

A

The Trusted Computer System Evaluation Criteria (TCSEC – the Orange Book) is the granddaddy of evaluation models developed by DOD in the 1980s.

274
Q

In terms of Evaluation Methods, Certification and Accreditation

Name the three main evaluation models?

A

1: The Trusted Computer System Evaluation Criteria (TCSEC – the Orange Book)
2: ITSEC (Information Technology Security Evaluation Criteria)
3: The International Common Criteria

275
Q

In terms of Evaluation Methods, Certification and Accreditation

why is the The Trusted Computer System Evaluation Criteria (TCSEC – the Orange Book) significant?

A

The First significant attempt to define differing levels of security and access control.

276
Q

In terms of Evaluation Methods, Certification and Accreditation

What is the Rainbow series?

A

Beginning with the The Trusted Computer System Evaluation Criteria (TCSEC – the Orange Book), the Rainbow series is a set of 35 different security standards with widely ranging topics.

277
Q

In terms of Evaluation Methods, Certification and Accreditation

How is the The Trusted Computer System Evaluation Criteria (TCSEC – the Orange Book) organizaed?

A

Divisions (Higher Numbers and Letters are more secure)

D: Minimal Protection; systems that do not meet the requirements of higher divisions

C: Discretionary Protection; DAC (Discretionary Access Control)

C1: Discretionary Security Protection

C2: Controlled Access Protection

B: Mandatory Protection; MAC (Mandatory Access Controls)

B1: Labeled Security Protection

B2: Structured Protection

B3: Security Domains

A: Verified Protection

A1: Verified Design (everything in B3 plus more controls)

278
Q

In terms of Evaluation Methods, Certification and Accreditation

Is the Trusted Computer System Evaluation Criteria (TCSEC – the Orange Book) still a valid model?

A

Old and no longer actively used but used as a reference for other models.

279
Q

In terms of Evaluation Methods, Certification and Accreditation

What is one limitation to the Trusted Computer System Evaluation Criteria (TCSEC – the Orange Book) still a valid model?

A

Does not address networked issues.

280
Q

In terms of Evaluation Methods, Certification and Accreditation

What is the significance to the The Red Book (Trusted Network Interpretation)?

A

Brings Orange Book concepts to networked systems

281
Q

In terms of Evaluation Methods, Certification and Accreditation

What is the significance to the ITSEC (Information Technology Security Evaluation Criteria)?

A

The first successful international evaluation model

282
Q

In terms of Evaluation Methods, Certification and Accreditation

Hod does the ITSEC (Information Technology Security Evaluation Criteria) differ from the ?The Trusted Computer System Evaluation Criteria (TCSEC – the Orange Book)

A

Refers to Orange Book but separates functionality from assurance (Effectiveness and Correctness)

283
Q

In terms of Evaluation Methods, Certification and Accreditation

What are the equivalent ratings between the ITSEC (Information Technology Security Evaluation Criteria) and the The Trusted Computer System Evaluation Criteria (TCSEC – the Orange Book)

A

ITSEC TCSEC (Orange)
E0 D
F-C1 E1 C1
F-C2 E2 C2
F-B1 E3 B1
F-B2 E4 B2
F-B3 E5 B3
F-B3 E6 A1

284
Q

In terms of Evaluation Methods, Certification and Accreditation

What are the Additional Functionality Ratings in the ITSEC (Information Technology Security Evaluation Criteria) ?

A

Additional Functionality Ratings

F-IN: High Integrity Requirements
AV: High Availability Requirements
DI: High Integrity Requirements for Networks
DC: High Confidentiality Requirements for Networks
DX: High Integrity and Confidentiality Requirements for networks.

285
Q

In terms of Evaluation Methods, Certification and Accreditation

What is the significance to the The International Common Criteria?

A

The second major international criteria effort behind ITSEC

286
Q

In terms of Evaluation Methods, Certification and Accreditation

What are the three design goals for the International Common Criteria?

A

1: Designed to avoid requirements beyond state of the art
2: Intended to evaluate commercially available as well as government produced
3: Primary Objective is to eliminate known vulnerabilities of the target for testing.

287
Q

In terms of Evaluation Methods, Certification and Accreditation

What are the four International Common Criteria Terms?

A

1: Target of Evaluation (ToE): the system which is being evaluated
2: Security Target (ST): The documentation describing the ToE including the security requirements and operational environment
3: Protection Profile (PP): an independent set of security requirements and objectives for a specific category of products
4: Evaluation Assurance Level (EAL): The score of the tested product.

288
Q

In terms of Evaluation Methods, Certification and Accreditation

What are the seven International Common Criteria Levels of Evaluation ?

A

EAL1: Functionally Tested

EAL2: Structurally Tested

EAL3: Methodically Tested and Checked

EAL4: Methodically designed, tested and reviewed

EAL5: Semi-formally designed and tested

EAL6: Semi-formally verified, designed and tested

EAL7: Formally verified, designed and tested

289
Q

In terms of Evaluation Methods, Certification and Accreditation

What is the PCI-DSS (Payment Card Industry- Data Security Standard)?

A

Created by the Payment Card Industry Security Standards Council (PCI-SCC)

Seeks to protect credit cards by requiring vendors to take specific security precautions.

290
Q

In terms of Evaluation Methods, Certification and Accreditation

What are the five requriements that the PCI-DSS (Payment Card Industry- Data Security Standard) meets?

A

1: Security Management
2: Policies
3: Procedures
4: Network Architecture
5: Software Design

291
Q

In terms of Evaluation Methods, Certification and Accreditation

What are the six core principlas in the PCI-DSS (Payment Card Industry- Data Security Standard) meets?

A

1: Build and Maintain a secure network
2: Protect cardholder data
3: Maintain a vulnerability management program
4: Implement strong access control measures
5: Regularly monitor and test networks
6: Maintain an Information Security Policy

292
Q

In terms of Evaluation Methods, Certification and Accreditation

What is Certification and Accreditation

A

Certification means that a system has been certified to meet the security requirements of the data owner.

Certification considers the system, the security measures taken to protect the system and the residual risk represented by the system.

Accreditation is the data owner’s acceptance of the certification and the residual risk required before the system is put into action,

293
Q

1: What type of memory is used often for CPU registers?
A: DRAM
B: Firmware
C: ROM
D: SRAM

A

D: SRAM

294
Q

2: What type of attack is also known as a race condition?
A: Buffer Overflow
B: Cramming
C: Emanations
D: TOCTOU

A

D: TOCTOU

295
Q

3: What model should you use if you are concerned with Confidentiality of Information?
A: Bella-LaPadulla
B: Biba
C: Clark-Wilson
D: Confidentiality Model

A

A: Bella-LaPadulla

296
Q

4: On Intel x86 systems, the kernel normally runs at which CPU Ring?
A: Ring 0
B: Ring 1
C: Ring 2
D: Ring 3

A

A: Ring 0

297
Q

5: Which mode of operations has objects and subjects with various security labels from least to most secure or trusted?
A: Compartmented
B: Dedicated
C: Multilevel Security
D: System High

A

C: Multilevel Security

298
Q

6: What type of Firmware is erased via ultraviolet light
A: EPROM
B: EEPROM
C: Flash Memory
D: PROM

A

A: EPROM

299
Q

7: You are surfing the web via a wireless network. Your wireless network becomes unreliable, so you plug into a wired network to continue surfing. While you changed physical networks, your browser required no change. What security feature allows this?
A: Abstraction
B: Hardware Segmentation
C: layering
D: Process Isolation

A

C: layering

300
Q

8: What programming language may be used to write applets that use a sandbox to provide security?
A: Active X
B: C++
C: Java
D: Python

A

C: Java

301
Q

9: What Common Criteria term describes the system or software being tested?
A: EAL
B: PP
C: ST
D: TOE

A

D: TOE

302
Q

10:What nonvolatile memory normally stores the operating system kernel on an IBM PC-compatible system
A: Disk
B: Firmware
C: Ram
D: ROM

A

A: Disk

303
Q

11: What type of system runs multiple programs simultaneously on multiple CPUs?
A: Multiprocessing
B: Multiprogramming
C: Multitasking
D: Multithreading

A

A: Multiprocessing

304
Q

12: An attacker deduces that an organization is holding an offsite meeting and has few people in the building based on the low traffic volume to and from the parking lot and uses the opportunity to break into the building. What type of an attack has he launched?
A: Aggregation
B: Emanations
C: inference
D: Maintenance Hook

A

C: inference

305
Q

13: An Open System is what?
A: A Process that has not been terminated
B: A System built from industry-standard parts
C: Allows anyone to read and change the source code
D: Contains free software

A

B: A System built from industry-standard parts

306
Q

14: What security model has 8 rules?
A: Graham-Denning
B: Harrison-Ruzzo-Ullman
C: TCSEC
D: Zachman Framework

A

A: Graham-Denning

307
Q

15: What is the highest TCSEC class applicable to discretionary access control systems which sends data across networks?
A: A
B: B
C: C
D: D

A

D: D

CISSP (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions