Domain 6 - Security Architecture And Design Flashcards

1
Q

Is a volatile hardware memory that loses integrity after loss of power

A

Random Access Memory or RAM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

It mediates all access between objects and subjects. It enforces the system’s security policy, such as preventing normal user from writing to a restricted file such as e system password file.

A

Reference Monitor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Is a non volatile memory that maintains integrity after loss of power

A

Read Only Memory or ROM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Trusted Computer System Evaluation Criteria is also known as ——

A

The Orange book

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The security relevant portions of computer system

A

Trusted Computing Base - TCB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An interface between computer hardware and the operating system, allowing multiple guest operating systems to run on one host computer

A

Virtualisation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

This separates hardware and software functionality into modular tiers

A

Layering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Complexity is the enemy of security; the more complex the process is, the less secure it is. Computers are tremendously complex machine, ——- provides a way to manage that complexity and hides unnecessary details from the user.

A

Abstraction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Is the list of objects a subject is allowed to access.

A

Security Domain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the two domains of a Kernel?

A
  1. Kernel mode

2. User mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

It is where the Kernel lives allowing low level access to memory, CPU, disk etc. It is the most trusted and powerful part of the system.

A

Kernel mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

It is where user accounts and their processes lives.

A

User mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Is a form of CPU hardware layering that separates and protects domains (such as Kernel and user mode) from each other

A

Ring model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the four theoretical rings of the ring model?

A

Ring 0 - Kernel
Ring 1 - other OS components that do not fit ring 0
Ring 2 - Device drivers
Ring 3 - User applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Processes communicates between the rings via —-, which allow processes to communicate with the kernel and provide a window between the rings

A

System calls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Is a system that uses open hardware standards, using standard components from variety of vendors

A

Open system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Is a system that uses proprietary hardware or software

A

Closed system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Is the primary communicant channel on a computer system

A

Computer bus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Also called the Memory Controller Hub (MCH) which connects. He CPU to RAM and video memory

A

Northbridge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Also called the IO Controller Hub (ICH) which connects input/output devices such as disk, keyboard, mouse etc…

A

Southbridge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Is a part of CPU that performs mathematical calculations

A

Arithmetic Logic Unit (ALU)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Part of the CPU that sends instructions to the ALU

A

Control Unit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Combines multiple steps into one combined process, allowing simultaneous fetch, decode, a d write steps for different instructions

A

Pipelining

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

This indicates that an asynchronous event has occurred. It is a form of hardware interrupt that cause the CPU to stop processing its current task, save the state, and began processing a new request

A

CPU interrupts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

—- is an executable program and its associated data loaded and running in memory

A

Process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

This allow multiple tasks (heavy weight processes) to run simultaneously on one CPU

A

Multitasking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

This runs multiple processes on multiple CPU

A

Multiprocessing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Is designed to recover a system by rebooting after critical processes hangs or crash

A

Watchdog timer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What are the two forms of CPU designs?

A
  1. Complex Instruction Set Computer - CISC

2. Reduced Instruction Set Computer - RISC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Is a form of CPU design that uses a large set of complex machine language instructions

A

CISC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Is a form of CPU design that uses reduced set of simpler intructions.

A

RISC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Is the fastest memory on the system required to keep up with the CPU as it fetches and executes intructions.

A

Cache memory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Is a logical control that attempts to prevent one process from interfering with another

A

Process Isolation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Techniques used to provide process isolation

A
  1. Virtual Memory
  2. Object encapsulation
  3. Time multiplexing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

This takes process isolation one step further by mapping processes to specific memory locations.

A

Hardware Segmentation

36
Q

This provides virtual mapping between applications and hardware memory

A

Virtual Memory

37
Q

This uses virtual memory to copy contents in primary memory (RAM) to or from secondary memory ( not directly addressable by the CPU, on disk)

A

Swapping

38
Q

T or F. Flash memory drives are disk drives.

A

False

39
Q

T or F. Secure destruction method used for magnetic drives, such as degaussing may not work with flash drives.

A

True

40
Q

—- are energy that escape an electronic system, and which may be remotely monitored under certain circumstances.

A

Emanations

41
Q

Is any communication that violates security policy.

A

Covert channel

42
Q

Is an authorised communication that complies with security policy.

A

Overt channel

43
Q

Two specific types off covert channel

A
  1. Storage channel

2. Timing channels

44
Q

Is a covert channel that uses shared storage such as temporary directory to allow two subjects to signal each other.

A

Covert storage channel

45
Q

Is a covert channel that relies on the system clock to infer sensitive information.

A

Covert Timing channel

46
Q

—— can occur when a programmer fails to perform bounds checking

A

Buffer Overflow

47
Q

An attack where attackers attempts to alter condition after it has been checked by the Operating System, but before it is used. It is an example of state attack where attacker capitalises on a change in operating system

A

Time of check/Time of use - TOCTOU or race conditions

48
Q

Is a shortcut in a system that allows a user to bypass security checks (such username/password authentication ) to login

A

Backdoor

49
Q

Is a type of backdoor typically shortcuts installed by system designers/programmers to allow developers to bypass normal system checks during development, such as requiring users to authenticate.

A

Maintenance Hook

50
Q

Is the generic term for any type of software that attacks an application of system

A

Malicious code or Malware

51
Q

—– are malware that does not spread automatically and require a carrier such as human

A

Computer Viruses

52
Q

—– is a virus written in macro language such as MS office macros

A

Macro virus

53
Q

Is a virus that infects the boot sector of a PC, which ensures the virus loads upon system startup

A

Boot Sector virus

54
Q

Is a virus that hides itself from the OS and other protective software, such AV software

A

Stealth virus

55
Q

Is a virus that change its signature upon infection of new system, attempting to evade signature based anti virus software

A

Polymorphic virus

56
Q

Is a virus that spreads via multiple vectors

A

Multipartite virus

57
Q

—— -are malware that self propagates

A

Worm

58
Q

Is a malware that performs two functions: one benign (such as a game), and one malicious

A

Trojans

59
Q

Is a malware which replaces portions of the kernel and/or operating system

A

Rootkits

60
Q

This provides run time executables . The original exe is compressed and a small decompresser is prepended to the EXE.

A

Packers

61
Q

Is a malicious program that is triggered when a logical condition is met, such as after a number of transactions have been processed, or on a specific date

A

Logic bombs

62
Q

An attack that is launched directly from an attacker (the client) to a listening service

A

Server (service) side attacks

63
Q

This occurs when a user downloads malicious content. Attacks initiate from the victim who downloads contents from the attacker

A

Client side attack

64
Q

Is a small piece of mobile code that are imbedded in other software such as web browser. Primary security concern is this are downloaded from servers and run locally.

A

Applets

65
Q

Is an object oriented language used not only to write applets, but also as a general purpose programming language. Applets written run in a sandbox which segregates the code for the OS thus preventing malicious applet to access file system

A

Java

66
Q

Is a Microsoft functional equivalent of java applets but use digital certificate instead of a sandbox to provide security .

A

ActiveX

67
Q

—– allows two difference objects have the same name. In databases, it means two rows may have the same primary key but different data

A

Polyinstantiation (multiple instances)

68
Q

This occur when a user is able to use lower level access to learn restricted information. It requires deduction; there is a mystery to be solved and lower level clues are available. One example is when there are plenty of cars and pizza delivery in the White House in the middle of the night

A

Inference

69
Q

This searches large amounts of data to determine patterns that would otherwise get ‘lost in the noise’.

A

Data Mining

70
Q

This occurs when a subject reads an object at lower sensitivity level such as top secret subject reading a secret object

A

Reading down

71
Q

This occurs when a subject has information and passes that information up to an object which has higher sensitivity than the subject has permission to access

A

Writing up

72
Q

Is a mathematical model that groups all possible system occurrences, called states. Every possible state of the system is evaluated, showing all possible interactions between subjects and objects. The system is proven to be secure if all the state is proven to be secure.

A

State Machine Model

73
Q

——– is a security model developed by US Dept of Defense focusing on maintaining the confidentiality of objects. It means not allowing users at lower security levels to access objects at higher security level. No Read-up and no write down

A

Bell-LaPadula

74
Q

What are the two properties/rule that operates Bell LaPadula?

A
  1. Simple Security property

2. Star Property

75
Q

A security property that states “no read up”. A subject at a specific classification level cannot read an object at a higher classification level.

A

Simple Security Property

76
Q

Is a security property that is “no write down”. A subject at a higher classification level cannot write to a lower classification level.

A
  • Security Property
77
Q

Within the Bell-LaPadula access control model, what are the two properties which dictates how the system will issue security labels for objects.

A
  1. The Strong Tranquility property

2. The Weak Tranquility property

78
Q

In Bell-LaPadula access control model, this states that security models will not change while the system is is operating

A

Strong Tranquility Property

79
Q

In Bell-LaPadula access control model, this states that security models will not change in a way that conflicts with defined security properties

A

Weak Tranquility Model

80
Q

—— is a security access control model that defines upper (least Upper Bound - LUB) and lower access limits ( Greatest Lower Bound - GLB) . This allows reaching higher and lower data classification based on the need of the subject, label of the object, and the role of the subject.

A

Lattice Based Access Control

81
Q

Is a security model focusing on integrity that protects integrity by requiring subjects to access objects via programs.

A

Clark-Wilson

82
Q

This security model focuses on integrity of information at the highest level by using two primary rules :

No read down
No write up

A

Biba model.

83
Q

What are the two primary rules of BIBA model?

A
  1. Simple Integrity Axiom

2. * Integrity Axiom

84
Q

In BIBA security model, this specifies that a subject at specific classification level cannot read data at a lower classification - thus “no read down”. This prevents subject from accessing information at a lower integrity level. This protects integrity by preventing bad information from moving up from lower integrity levels.

A

Simple Integrity Axiom

85
Q

In BIBA model, at subject at a specific classification level cannot write to data at a higher classification. “No write up”. This protects integrity by preventing bad information from moving up to a higher integrity level

A
  • Integrity Axiom