Security Architecture and Engineering

Question 1

Which type of public key (Asymmetric) algorithm are “quantum resistant”?

Answer 1

Lattice

Question 2

3 Categories of Fire Detection

Answer 2

• Smoke Sensing
• Flame Sensing
• Heat Sensing

Question 3

Types of Ciphers

Answer 3

Stream cipher
Block cipher
Substitution Cipher

Question 4

API types

Answer 4

• REST
• Web
• SOAP

Question 5

In REST API, What REST stands for…

Answer 5

Representational State Transfer

Question 6

About REST API

Answer 6

• REST Architectural Style
  Web Services for; Web, mobile and desktop applications
• Uses HTTP; GET POST PUT DELETE
• Uses JSON and XML
• Stateless client-server model
• Scalable and Easy to maintain

Question 7

When to use REST API?

Answer 7

• Non complex simple applications uses CRUD ops
• Building web services that require a stateless, scalable, & easy-to-main architecture.
• Apps with CRUD(creating, reading, updating & deleting data)
• e.g. WhatsApp

Question 8

What is Web API?

Answer 8

• Stateless or Stateful
• Primary purpose is to provide a platform-independent interface
• it uses HTTP, HTTPS, and TCP/IP to communicate between the clients and servers
• Doesn’t follow a special architecture or structure
• Flexible interface
• Good for complex applications with integration

Question 9

When to use Web API?

Answer 9

When building complex applications that require integration with different systems and technologies

Question 10

SOAP (API) stands for

Answer 10

Simple Object Access Protocol

Question 11

About SOAP API

Answer 11

• Used for exchanging structured data between different applications
• uses XML
• Wide range of data types; text numbers, dates and binary
• Supports; HTTP, SMTP, and FTP
• Set of rules
• WSDL or UDDI protocol
• Digital Signatures
• Enterprise level apps

Question 12

When to use SOAp?

Answer 12

• Apps require a highly secure and reliable method of exchanging data between applications.
• Complex data structures and logic apps
• Digital Signatures and Encryption

Question 13

CASB stands for

Answer 13

Cloud Access Security Broker.
It is a security policy enforcement solution

Question 14

CASB - 2 Primary deployment methods

Answer 14

• On Premise based solution
• Cloud based solution

Question 15

CASB Roles

Answer 15

• Provide Visibility into cloud use. Shadow IT
• Data Loss Prevention (DLP) Services
• Inject Encryption into the cloud

Question 16

Which type of encryption algorithms hold up to the power of Quantum Computing

Answer 16

• Symmetric
• Shared key, bulk encryption (fast)
• Holds up fairly well to quantum computing

Question 17

Code Vs. Cipher

Answer 17

• Code is sometimes secret and dont always provide confidentiality
• Ciphers are always mean to hide the true meaning of a message

Question 18

Example of Stream Ciphers

Answer 18

Caesar
Vigenere
One-time pad
(Difference is key length)

Question 19

Fast and Strong Crypto keys

Answer 19

• Symmetric —> Fast
• Asymmetric —> Strong

Question 20

HASH function Requirements

Answer 20

1. They must allow input of any length
2. Provide fixed-length output
3. Make relatively easy to compute the hash function for any input
4. Provide one-way functionality
5. Must be Collusion free.

Question 21

DoS Examples

Answer 21

• SYN Flood attack
• Smurf attack
• Ping-of-death attack
• Teardrop attack
• Fraggle attack
• Land Attack

Question 22

An Architecture describes

Answer 22

• The designed structure of something.
• A system architecture, then, is a description of how specific components are deliberate put together to perform some actions.

Question 23

Client-Based Systems are

Answer 23

Embodied in applications that execute entirely on one user device such as workstation or smartphone.

Question 24

Sever-Based Systems ( client/server systems)

Answer 24

Require that two or more separate applications interact with each other across a network connection in order for users to benefit from them.

Question 25

A Database Management System (DBMS) is a

Answer 25

Software system that allows you to efficiently create, read, update and delete (CRUD) any given set of data.

Question 26

DBMS transactions

Answer 26

Which a term describes the sequence of actions required to change the state of the database.

Question 27

A foundational principle in database transactions is referred to as their ACID Properties, which stands for:

Answer 27

• A - atomicity: Entire transaction succeed or roll backs
• C - consistency: strictly follows all applicable rules
• I - isolation: parallel transactions happen in isolation to avoid corruption
• D - durability: completed transactions stored.

Question 28

DBMS: database introduces 2 specific issues:

Answer 28

• Aggregation: is an act of combining information from separate sources.
• Inference: is the ability to derive information not explicitly available

Question 29

DBMS:
- content-dependent access control
- context-dependent access control

Answer 29

• content-dependent access control: is based on the sensitivity of the data
• context-dependent access control: that software understands what actions should be allowed based on the state and sequence of the request

Question 30

High-Performance Computing Systems

Answer 30

HPC is the aggregation of computing power in ways that exceed the capabilities of general-purpose computers for the specific purpose of solving large problems.

Question 31

Industrial Control Systems ( ICS)

Answer 31

Consist of information technology that is specifically designed to control physical devices in industrial processes.

Question 32

Paramount of the Industrial Control Systems (ICS) is

Answer 32

1. Safety of the workers
2. Availability

Question 33

A good resource for ensuring ICS (Industrial Control Systems) safety, security, and availability is NIST….

Answer 33

NIST SP 800-82 Revision 2

Question 34

Industrial Control Systems (ICS) 3 devices

Answer 34

• Programmable Logic Control (PLC)
• Human-Machine Interface (HMI)
• Data Historian

Question 35

Distributed Control System (DCS) is a

Answer 35

Network of control devices within fairly close proximity that are part of one or more industrial processes.

Question 36

Supervisory Control and Data Acquisition (SCADA) systems were…

Answer 36

Developer to control large scale physical processes involving nodes separated by significant distances.

Question 37

Main Conceptual differences between DCS and SCADA are

Answer 37

Size and distances.

Question 38

SCADA systems typically involve three kinds of devices:

Answer 38

• Endpoints (Remote Terminal Unit)
• Backends (Data acquisition server)
• User Stations (Human Machine Interface)

Question 39

The most important principle in defending OT systems is to isolate them from the….

Answer 39

Public Internet, either logically or physically

Question 40

Virtual systems are…

Answer 40

Those that exist in a software-simulated environments

Question 41

Virtual Machines (VMs) are..

Answer 41

Entire computer systems that reside inside a virtual environment.

Question 42

Hypervisor is the…

Answer 42

Central program that controls the execution of the various guest operating systems and provides the abstraction level between the guest and host environments

Question 43

Type 1 Hypervisor…

Answer 43

Runs directly on hardware or bare metal and manages access to it by its VMs.

Question 44

Type 2 Hypervisor…

Answer 44

Runs as applications on OS

Question 45

Hypervisors allow you to have…

Answer 45

One computer running several different operating systems at one time

Question 46

Containerization

Answer 46

• As Virtualization matured, a new branch called containerization emerged. A container is an application that runs in its own isolated user space.

Question 47

Example of Container
(Big names)

Answer 47

• Dockers on the commercial side
• Kubernetes as the open-source alternative

Question 48

NIST on Container…Application Container Security Guide

Answer 48

NIST SP 800-190

Question 49

Microservices…

Answer 49

A common use of containers is to host microservices, which is a way of developing software where, rather than building one large enterprise application.

Question 50

Microservices….log aggregation

Answer 50

Where as Microservices are decentralized, we want to log them in a centralized fashion so we can look for patterns that spans multiple services and can point to malicious intent.

Question 51

Serverless

Answer 51

In a server-less architecture, the services offered to end users, such as compute, storage, or messaging, along with their required configuration and management, can be performed without requirement from the user to set up any server infrastructure.

Question 52

Cloud Computing is the

Answer 52

Use of shared, remote computing devices for the purpose of providing improved efficiencies, performance, reliability, scalability, and security.

Question 53

Generally three models for cloud computing services, they are

Answer 53

• Software as a Service (SaaS)
• Platform as a Service (PaaS)
• Infrastructure as a SeService (IaaS)

Question 54

Cloud Deployment Models

Answer 54

• A Public Cloud
• A Private Cloud
• A Community Cloud
• A Hybrid cloud

Question 55

Pervasive Systems

Answer 55

Pervasive Computing ( ubiquitous computing or Unicomp) is the concept that small (even tiny) amounts of computing power are spread out everywhere computing is embedded into everyday objects that communicate with each other, often with little or no user interaction, to do very specific things for particular customers.

Question 56

Embedded systems
(aka Cyber-Physical Systems)

Answer 56

Is a self-contained computer system ( that is, it has its own processor, memory, and IO devices) designed for very specific purpose.

Question 57

IoT (Internet of Things)

Answer 57

IoT is the global network of connected embedded systems.

Each node is connected to the internet and is uniquely addressable

Question 58

Issues with IoT

Answer 58

• Authentication
• Encryption
• Updates

Question 59

Distributed Systems

Answer 59

• Is one in which multiple computers work together to do something.
• we could then say that a distributed system is any system in which multiple computing nodes, interconnected by a network, exchange information for the accomplishment of collective tasks.
• Another approach to distributed computing is found in peer-to-peer systems, which are systems in which each node is considered an equal to all other.

Question 60

Popular examples of peer-to-peer systems

Answer 60

• BitTorrent
• Onion Router (TOR)
• Cryptocurrency like bitcoin

Question 61

Edge Computing Systems

Answer 61

Is a distributed system in which some computational and data storage assets are deployed close to where they are needed in order to reduce latency and network traffic.

Question 62

Edge Computing architecture has 3 layers

Answer 62

1. End devices
2. Edge Devices
3. Cloud Infrastructure

Question 63

Cryptography is the

Answer 63

Practice of storing and transmitting information in a form that only authorized parties can understand

Question 64

Cryptanalysis is the

Answer 64

Name collectively give to techniques that aim to weaken or defeat cryptography

Question 65

Together Cryptography and Cryptanalysis comprise….

Answer 65

Cryptology

Question 66

Around 600 B.C. Hebrew invented cryptographic method called….

Answer 66

atbash

Question 67

atbash is an example of ________ cipher

Answer 67

Substitution

Question 68

Mono alphabetic substitution uses

Answer 68

Only one alphabet

Question 69

Polyalphabetic substitution cipher uses

Answer 69

Multiple alphabets

Question 70

Around 400 B.C. the Spartans used a system of encrypting information in which

Answer 70

They would write a message on a sheet of papyrus (a type of paper) that was wrapped around a staff which was then delivered and wrapped around a different staff by recipient. Scytale cipher is and example transposition cipher

Question 71

In Rome, Julius Caesar (100-44 B.C.) developed a simple method of shifting letters of alphabet…

Answer 71

Simply shifted the alphabet by three positions

Question 72

DES (Data Encryption Standard) was used worldwide for financial and other transactions, and was embedded into numerous commercial applications. Adopted from…

Answer 72

IBM developed Lucifer

Question 73

DES was cracked in ______, and after few years replaced by ______

Answer 73

1990s, Advanced Encryption Standard (AES)