Security Architecture and Design Flashcards

2
Q
Which database security risk occurs when data from a higher classification level is mixed with data from a lower classification level?
A) Aggregation
B) Inference
C) Contamination
D) Polyinstantiation
A

Contamination

Contamination is the mixing of data from a higher classification level and/or need-to-know requirement with data from a lower classification level and/or need-to-know requirement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a security perimeter? (Choose all that apply.)
A) The boundary of the physically secure area surrounding your system
B) The imaginary boundary that separates the TCB from the rest of the system
C) The network where your firewall resides
D) Any connections to your computer system

A

The boundary of the physically secure area surrounding your system
The imaginary boundary that separates the TCB from the rest of the system

Although the most correct answer in the context of this chapter is option B, option A is also a correct answer in the context of physical security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
How many major categories do the TCSEC criteria define?
A) Two
B) Three
C) Four
D) Five
A

Four

TCSEC defines four major categories: category A is verified protection, category B is mandatory protection, category C is discretionary protection, and category D is minimal protection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
Which Bell-LaPadula property keeps lower-level subjects from accessing objects with a higher security level?
A)  (star) Security Property
B) No write up property
C) No read up property
D) No read down property
A

No read up property

The no read up property, also called the Simple Security Policy, prohibits subjects from reading a higher security level object.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
What is the most commonly used technique to protect against virus attacks?
A) Signature detection
B) Heuristic detection
C) Data integrity assurance
D) Automated reconstruction
A

Signature detection

Signature detection mechanisms use known descriptions of viruses to identify malicious code resident on a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
In which of the following security modes can you be assured that all users have access permissions for all information processed by the system but will not necessarily need to know of all that information?
A) Dedicated
B) System high
C) Compartmented
D) Multilevel
A

System high

In system high mode, all users have appropriate clearances and access permissions for all information processed by the system but need to know only some of the information processed by that system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a trusted computing base (TCB)?
A) Hosts on your network that support secure transmissions
B) The operating system kernel and device drivers
C) The combination of hardware, software, and controls that work together to enforce a security policy
D) The software and controls that certify a security policy

A

The combination of hardware, software, and controls that work together to enforce a security policy

The TCB is the combination of hardware, software, and controls that work together to enforce a security policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
Which one of the following storage devices is most likely to require encryption technology in order to maintain data security in a networked environment?
A) Hard disk
B) Backup tape
C) Removable drives
D) RAM
A

Removable drives

Removable drives are easily taken out of their authorized physical location, and it is often not possible to apply operating system access controls to them. Therefore, encryption is often the only security measure short of physical security that can be afforded to them. Backup tapes are most often well controlled through physical security measures. Hard disks and RAM chips are often secured through operating system access controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
What advanced virus technique modifies the malicious code of a virus on each system it infects?
A) Polymorphism
B) Stealth
C) Encryption
D) Multipartitism
A

Polymorphism

In an attempt to avoid detection by signature-based antivirus software packages, polymorphic viruses modify their own code each time they infect a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
Which one of the following types of memory might retain information after being removed from a computer and, therefore, represent a security risk?
A) Static RAM
B) Dynamic RAM
C) Secondary memory
D) Real memory
A

Secondary memory

Secondary memory is a term used to describe magnetic and optical media. These devices will retain their contents after being removed from the computer and may later be read by another user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
Many PC operating systems provide functionality that enables them to support the simultaneous execution of multiple applications on single-processor systems. What term is used to describe this capability?
A) Multiprogramming
B) Multithreading
C) Multitasking
D) Multiprocessing
A

Multitasking

Multitasking is processing more than one task at the same time. In most cases, multitasking is actually simulated by the operating system even when not supported by the processor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is system certification?
A) Formal acceptance of a stated system configuration
B) A technical evaluation of each part of a computer system to assess its compliance with security standards
C) A functional evaluation of the manufacturer’s goals for each hardware and software component to meet integration standards
D) A manufacturer’s certificate stating that all components were installed and configured correctly

A

A technical evaluation of each part of a computer system to assess its compliance with security standards

A system certification is a technical evaluation. The other options describe system accreditation and manufacturer standards, not implementation standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
Which one of the following passwords is least likely to be compromised during a dictionary attack?
A) mike
B) elppa
C) dayorange
D) fsasoalg
A

fsasoalg

Except fsasoalg, the choices are forms of common words that might be found during a dictionary attack. Mike is a name and would be easily detected. Elppa is simply apple spelled backwards, and dayorange combines two dictionary words. Crack and other utilities can easily see through these “sneaky” techniques. Fsasoalg is simply a random string of characters that a dictionary attack would not uncover.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
Which one of the following tools provides a solution to the problem of users forgetting complex passwords?
A) LastPass
B) Crack
C) Shadow password files
D) Tripwire
A

LastPass

LastPass is a tool that allows users to create unique, strong passwords for each service they use without the burden of memorizing them all.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
What file is instrumental in preventing dictionary attacks against UNIX systems?
A) /etc/passwd
B) /etc/shadow
C) /etc/security
D) /etc/pwlog
A

/etc/shadow

Shadow password files move encrypted password information from the publicly readable /etc/passwd file to the protected /etc/shadow file.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

When designing firewall rules to prevent IP spoofing, which of the following principles should you follow?
A) Packets with internal source IP addresses don’t enter the network from the outside.
B) Packets with internal source IP addresses don’t exit the network from the inside.
C) Packets with public IP addresses don’t pass through the router in either direction.
D) Packets with external source IP addresses don’t enter the network from the outside.

A

Packets with internal source IP addresses don’t enter the network from the outside.

Packets with internal source IP addresses should not be allowed to enter the network from the outside because they are likely spoofed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is a security control?
A) A security component that stores attributes that describe an object
B) A document that lists all data classification types
C) A list of valid access rules
D) A mechanism that limits access to an object

A

A mechanism that limits access to an object

A control limits access to an object to protect it from misuse by unauthorized users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q
Which one of the following is a layer of the ring protection scheme that is not normally implemented in practice?
A) Layer 0
B) Layer 1
C) Layer 3
D) Layer 4
A

Layer 1

Layers 1 and 2 contain device drivers but are not normally implemented in practice. Layer 0 always contains the security kernel. Layer 3 contains user applications. Layer 4 does not exist.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q
Tom built a database table consisting of the names, telephone numbers, and customer IDs for his business. The table contains information on 30 customers. What is the degree of this table?
A) Two
B) Three
C) Thirty
D) Undefined
A

Three

The cardinality of a table refers to the number of rows in the table while the degree of a table is the number of columns.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q
What database technique can be used to prevent unauthorized users from determining classified information by noticing the absence of information normally available to them?
A) Inference
B) Manipulation
C) Polyinstantiation
D) Aggregation
A

Polyinstantiation

Polyinstantiation allows the insertion of multiple records that appear to have the same primary key values into a database at different classification levels.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q
For what type of information system security accreditation are the applications and systems at a specific, self contained location evaluated?
A) System accreditation
B) Site accreditation
C) Application accreditation
D) Type accreditation
A

Site accreditation

The applications and systems at a specific, self-contained location are evaluated for DITSCAP and NIACAP site accreditation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q
What type of memory chip allows the end user to write information to the memory only one time and then preserves that information indefinitely without the possibility of erasure?
A) ROM
B) PROM
C) EPROM
D) EEPROM
A

PROM

Programmable read-only memory (PROM) chips may be written to once by the end user but may never be erased. The contents of ROM chips are burned in at the factory, and the end user is not allowed to write data. EPROM and EEPROM chips both make provisions for the end user to somehow erase the contents of the memory device and rewrite new data to the chip.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q
Which security principle mandates that only a minimum number of operating system processes should run in supervisory mode?
A) Abstraction
B) Layering
C) Data hiding
D) Least privilege
A

Least privilege

The principle of least privilege states that only processes that absolutely need kernel-level access should run in supervisory mode. The remaining processes should run in user mode to reduce the number of potential security vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q
What term describes the processor mode used to run the system tools used by administrators seeking to make configuration changes to a machine?
A) User mode
B) Supervisory mode
C) Kernel mode
D) Privileged mode
A

User mode

All user applications, regardless of the security permissions assigned to the user, execute in user mode. Supervisory mode, kernel mode, and privileged mode are all terms that describe the mode used by the processor to execute instructions that originate from the operating system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is system accreditation?
A) Formal acceptance of a stated system configuration
B) A functional evaluation of the manufacturer’s goals for each hardware and software component to meet integration standards
C) Acceptance of test results that prove the computer system enforces the security policy
D) The process to specify secure communication between machines

A

Formal acceptance of a stated system configuration

Accreditation is the formal acceptance process. A functional evaluation of the manufacturer’s goals is not an appropriate answer because it addresses manufacturer standards. The other options are incorrect because there is no way to prove that a configuration enforces a security policy and accreditation does not entail secure communication specification.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q
What type of addressing scheme supplies the CPU with a location that contains the memory address of the actual operand?
A) Direct addressing
B) Immediate addressing
C) Base+offset addressing
D) Indirect addressing
A

Indirect addressing

In indirect addressing, the location provided to the CPU contains a memory address. The CPU retrieves the operand by reading it from the memory address provided (which is why it’s called indirect).

28
Q
Which of the following is not part of the access triple of the Clark-Wilson model?
A) Object
B) Interface
C) Programming language
D) Subject
A

Programming language

The three parts of the Clark-Wilson model access triple are subject, object, and program (or interface).

29
Q
What security model has a feature that in theory has one name or label, but when implemented into a solution, takes on the name or label of the security kernel?
A) Graham-Denning model
B) Deployment modes
C) Trusted computing base
D) Chinese Wall
A

Trusted computing base

The trusted computing base (TCB) has a component known as the reference monitor in theory, which becomes the security kernel in implementation.

30
Q
Which security models are built on a state machine model?
A) Bell-LaPadula and Take-Grant
B) Biba and Clark-Wilson
C) Clark-Wilson and Bell-LaPadula
D) Bell-LaPadula and Biba
A

Bell-LaPadula and Biba

The Bell-LaPadula and Biba models are built on the state machine model.

31
Q
Which of the following is not a composition theory related to security models?
A) Cascading
B) Feedback
C) Iterative
D) Hookup
A

Iterative

Iterative is not one of the composition theories related to security models. Cascading, feedback, and hookup are the three composition theories.

32
Q
Which type of memory chip can be erased only when it is removed from the computer and exposed to a special type of ultraviolet light?
A) ROM
B) PROM
C) EPROM
D) EEPROM
A

EPROM

EPROMs may be erased through exposure to high-intensity ultraviolet light. ROM and PROM chips do not provide erasure functionality. EEPROM chips may be erased through the application of electrical currents to the chip pins and do not require removal from the computer prior to erasure.

33
Q
Which security model addresses data confidentiality?
A) Bell-LaPadula
B) Biba
C) Clark-Wilson
D) Brewer and Nash
A

Bell-LaPadula

Only the Bell-LaPadula model addresses data confidentiality. The Biba and Clark-Wilson models address data integrity. The Brewer and Nash model prevents conflicts of interest.

34
Q
What type of electrical component serves as the primary building block for dynamic RAM chips?
A) Capacitor
B) Resistor
C) Flip-flop
D) Transistor
A

Capacitor

Dynamic RAM chips are built from a large number of capacitors, each of which holds a single electrical charge. These capacitors must be continually refreshed by the CPU in order to retain their contents. The data stored in the chip is lost when power is removed.

35
Q

What is the best definition of a security model?
A) A security model states policies an organization must follow.
B) A security model provides a framework to implement a security policy.
C) A security model is a technical evaluation of each part of a computer system to assess its concordance with security standards.
D) A security model is the process of formal acceptance of a certified configuration.

A

A security model provides a framework to implement a security policy.

A security model provides a framework to implement a security policy is the only option that correctly defines a security model. The other options define part of a security policy and the certification and accreditation process.

36
Q
What database technology, if implemented for web forms, can limit the potential for SQL injection attacks?
A) Triggers
B) Stored procedures
C) Column encryption
D) Concurrency control
A

Stored procedures

Developers of web applications should leverage database stored procedures to limit the application’s ability to execute arbitrary code. With stored procedures, the SQL statement resides on the database server and may only be modified by database administrators.

37
Q
You have three applications running on a single-core single-processor system that supports multitasking. One of those applications is a word processing program that is managing two threads simultaneously. The other two applications are using only one thread of execution. How many application threads are running on the processor at any given time?
A) One
B) Two
C) Three
D) Four
A

One

A single-processor system can operate on only one thread at a time. There would be a total of four application threads (ignoring any threads created by the operating system), but the operating system would be responsible for deciding which single thread is running on the processor at any given time.

38
Q
What type of memory device is usually used to contain a computer's motherboard BIOS?
A) PROM
B) EEPROM
C) ROM
D) EPROM
A

EEPROM

BIOS and device firmware are often stored on EEPROM chips to facilitate future firmware updates.

39
Q
What is the last phase of the TCP/IP three-way handshake sequence?
A) SYN packet
B) ACK packet
C) NAK packet
D) SYN/ACK packet
A

ACK packet

The SYN packet is first sent from the initiating host to the destination host. The destination host then responds with a SYN/ACK packet. The initiating host sends an ACK packet, and the connection is then established.

40
Q
Which security principle takes the concept of process isolation and implements it using physical controls?
A) Hardware segmentation
B) Data hiding
C) Layering
D) Abstraction
A

Hardware segmentation

Hardware segmentation achieves the same objectives as process isolation but takes them to a higher level by implementing them with physical controls in hardware.

41
Q
If Renee receives a digitally signed message from Mike, what key does she use to verify that the message truly came from Mike?
A) Renee's public key
B) Renee's private key
C) Mike's public key
D) Mike's private key
A

Mike’s public key

Any recipient can use Mike’s public key to verify the authenticity of the digital signature.

42
Q
Which of the following techniques requires that administrators identify appropriate applications for an environment?
A) Sandboxing
B) Control signing
C) Integrity monitoring
D) Whitelisting
A

Whitelisting

Application whitelisting requires that administrators specify approved applications and then the operating system uses this list to allow only known good applications to run.

43
Q
In what type of addressing scheme is the data actually supplied to the CPU as an argument to the instruction?
A) Direct addressing
B) Immediate addressing
C) Base+offset addressing
D) Indirect addressing
A

Immediate addressing

In immediate addressing, the CPU does not need to actually retrieve any data from memory. The data is contained in the instruction itself and can be immediately processed.

44
Q

What is an access object?
A) A resource a user or process wants to access
B) A user or process that wants to access a resource
C) A list of valid access rules
D) The sequence of valid access types

A

A resource a user or process wants to access

An object is a resource a user or process want to access.

45
Q
What type of federal government computing system requires that all individuals accessing the system have a need to know all of the information processed by that system?
A) Dedicated
B) System high
C) Compartmented
D) Multilevel
A

Dedicated

In a dedicated system, all users must have a valid security clearance for the highest level of information processed by the system, they must have access approval for all information processed by the system, and they must have a valid need to know of all information processed by the system.

46
Q
You are the security administrator for an e-commerce company and are placing a new web server into production. What network zone should you use?
A) Internet
B) DMZ
C) Intranet
D) Sandbox
A

DMZ

The DMZ (demilitarized zone) is designed to house systems like web servers that must be accessible from both the internal and external networks.

47
Q
What is the implied meaning of the simple property of Biba?
A) Write down
B) Read up
C) No write up
D) No read down
A

Read up

The simple property of Biba is no read down, but it implies that it is acceptable to read up.

48
Q
What type of memory is directly available to the CPU and is often part of the CPU?
A) RAM
B) ROM
C) Register memory
D) Virtual memory
A

Register memory

Registers are small memory locations that are located directly on the CPU chip itself. The data stored within them is directly available to the CPU and can be accessed extremely quickly.

49
Q

Which of the following characteristics can be used to differentiate worms from viruses?
A) Worms infect a system by overwriting data on storage devices.
B) Worms always spread from system to system without user intervention.
C) Worms always carry a malicious payload that impacts infected systems.
D) All of these are correct.

A

Worms always spread from system to system without user intervention.

The major difference between viruses and worms is that worms are self-replicating, whereas viruses require user intervention to spread from system to system. Both viruses and worms are capable of carrying malicious payloads.

50
Q

What is a closed system?
A) A system designed around final, or closed, standards
B) A system that includes industry standards
C) A proprietary system that uses unpublished protocols
D) Any machine that does not run Windows

A

A proprietary system that uses unpublished protocols

A closed system is one that uses largely proprietary or unpublished protocols and standards. A system that includes industry standards describes an open system. The other options do not describe any particular systems, and A system that includes industry standards describes an open system.

51
Q
What security principle helps prevent users from accessing memory spaces assigned to applications being run by other users?
A) Separation of privilege
B) Layering
C) Process isolation
D) Least privilege
A

Process isolation

Process isolation provides separate memory spaces to each process running on a system. This prevents processes from overwriting each other’s data and ensures that a process can’t read data from another process.

52
Q
What worm was the first to cause major physical damage to a facility?
A) Stuxnet
B) Code Red
C) Melissa
D) rtm
A

Stuxnet

Stuxnet was a highly sophisticated worm designed to destroy nuclear enrichment centrifuges attached to Siemens controllers.

53
Q
Why do operating systems need security mechanisms?
A) Humans are perfect.
B) Software is not trusted.
C) Technology is always improving.
D) Hardware is faulty.
A

Software is not trusted.

Security mechanisms are needed within an operating system because software is not trusted.

54
Q
Which one of the following devices is most susceptible to TEMPEST monitoring of its emanations?
A) Floppy drive
B) CRT Monitor
C) CD
D) Keyboard
A

CRT Monitor

Although all electronic devices emit some unwanted emanations, CRT monitors are the devices most susceptible to this threat (at least from this list of options).

55
Q

Which of the following statements is true?
A) The less complex a system, the more vulnerabilities it has.
B) The more complex a system, the less assurance it provides.
C) The less complex a system, the less trust it provides.
D) The more complex a system, the less attack surface it generates.

A

The more complex a system, the less assurance it provides.

The more complex a system, the less assurance it provides. More complexity means more areas for vulnerabilities to exist and more areas that must be secured against threats. More vulnerabilities and more threats mean that the subsequent security provided by the system is less trustworthy.

56
Q
What database security technology involves creating two or more rows with seemingly identical primary keys that contain different data for users with different security clearances?
A) Polyinstantiation
B) Cell suppression
C) Aggregation
D) Views
A

Polyinstantiation

Database developers use polyinstantiation, the creation of multiple records that seem to have the same primary key, to protect against inference attacks.

57
Q
Ring 0, from the design architecture security mechanism known as protection rings, can also be referred to as all but which of the following?
A) Privileged mode
B) Supervisory mode
C) System mode
D) User mode
A

User mode

Ring 0 has direct access to the most resources, thus user mode is not an appropriate label because user mode requires restrictions to limit access to resources.

58
Q

Which best describes a confined or constrained process?
A) A process that can run only for a limited time
B) A process that can run only during certain times of the day
C) A process that can access only certain memory locations
D) A process that controls access to an object

A

A process that can access only certain memory locations

A constrained process is one that can access only certain memory locations. The other options do not describe a constrained process.

59
Q
Which one of the following security modes does not require that all users have a security clearance for the highest level of information processed by the system?
A) Dedicated
B) System high
C) Compartmented
D) Multilevel
A

Multilevel

In a multilevel security mode system, there is no requirement that all users have appropriate clearances to access all the information processed by the system.

60
Q
When a trusted subject violates the star property of Bell-LaPadula in order to write an object into a lower level, what valid operation could be taking place?
A) Perturbation
B) Polyinstantiation
C) Aggregation
D) Declassification
A

Declassification

Declassification is the process of moving an object into a lower level of classification once it is determined that it no longer justifies being placed at a higher level. Only a trusted subject can perform declassification because this action is a violation of the verbiage of the star property of Bell-LaPadula, but not the spirit or intent, which is to prevent unauthorized disclosure.

61
Q
What part of the TCB concept validates access to every resource prior to granting the requested access?
A) TCB partition
B) Trusted library
C) Reference monitor
D) Security kernel
A

Reference monitor

The reference monitor validates access to every resource prior to granting the requested access. The security kernel is the collection of TCB components that work together to implement the reference monitor functions. In other words, the security kernel is the implementation of the reference monitor concept. TCB partition and Trusted library are not valid TCB concept components.

62
Q
The collection of components in the TCB that work together to implement reference monitor functions is called the \_\_\_\_\_\_\_\_\_\_\_\_\_\_.
A) Security perimeter
B) Security kernel
C) Access matrix
D) Constrained interface
A

Security kernel

The collection of components in the TCB that work together to implement reference monitor functions is called the security kernel.

63
Q
What security method, mechanism, or model reveals a capabilities list of a subject across multiple objects?
A) Separation of duties
B) Access control matrix
C) Biba
D) Clark-Wilson
A

Access control matrix

An access control matrix assembles ACLs from multiple objects into a single table. The rows of that table are the ACEs of a subject across those objects, thus a capabilities list

64
Q
Which one of the following types of attacks relies upon the difference between the timing of two events?
A) Smurf
B) TOCTTOU
C) Land
D) Fraggle
A

TOCTTOU

The time-of-check-to-time-of-use (TOCTTOU) attack relies upon the timing of the execution of two events.