Security Architecture Engineering (SAE) Flashcards

1
Q

Accreditation

A

the managerial approval to operate a system based upon knowledge of risk to operate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Alarm Station

A

A manually actuated device installed at a fixed location to transmit an alarm signal in response to an alarm condition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Annunciator

A

A device that signals a change of protection zone status in a security system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Architecture

A

high level design or model with a goal of consistency, integrity, and balance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Bell-LaPadula

A

Security policy model with simple security property and *-property. The simple security property is no process may read data at a higher level. This is also known as no read up (NRU). The *-property: no process may write data to a lower level. This is also known as no write down (NWD).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Biba

A

Security policy model that deals with integrity alone and ignores confidentiality. First rule integrity - preventing unauthorized users from making modifications. Simple integrity - No read down. Star integrity - No write up. Service commands - Tranquility.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Blackout

A

prolonged loss of commercial power

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Bollard

A

vehicle stopping object

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Bolt

A

The part of a lock which, when actuated, is projected (or “thrown”) from the lock into a retaining member, such as a strike plate, to prevent a door or window from moving or opening.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Bounds

A

a process consist of limits set on the memory addresses and resources it can access. The bounds state the area within which a process is confined or contained.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Brewer-Nash

A

Created Chinese-Wall model to handle conflicts of interest. Law firm 1 works for Company A. Law firm 2 works for Company B. Law firm 1 and Law firm2 merges. Ensures paralegals on Law firm 1 only works on Company A and paralegals on Law firm 2 only works on Company B.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Brownout

A

reduction of voltage by the utility company for a prolonged period of time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Bumping

A

hitting a filed down key in a lock with a hammer to open without real key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Capacitance

A

The property of two or more objects, which enables them to store electrical energy in an electric field between them. The basic measurement unit is the Farad.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Card Access

A

A type of access control system that uses a card with a coded area or strip, on or inside the card, to actuate a lock or other access control device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Card Key

A

A card usually plastic, that contains encoded information to open a locking device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Central Processing Unit

A

the core of a computer that calculates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Central Station

A

An organization or business established for the purpose of monitoring subscribers’ alarm systems from a centralized monitoring location rather than at the individual sites.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Certification

A

the technical and risk assesment of a system within the context of the operating environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

CICS

A

complex instructions. Many operations per instruction. Less number of fetches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Clark and Wilson

A

Integrity security model. Three integrity goals: Preventing unauthorized users from making modifications, Preventing authorized users from making improper modifications, maintaining internal and external consistency. Defines well formed transactions, Separation of duties, Access Triple - subject-application-object.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Classified Information

A

Official information that has been identified and marked as Top Secret, Secret, or Confidential in the interests of national security.~

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Closed Circuit Television (CCTV)

A

A television system, hard-wired, used for proprietary purposes and not for public or general broadcast.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Combination Lock

A

A keyless lock which requires the turning of a numbered dial to a preset sequence of numbers for the lock to open.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Common Criteria

A

the current internationally accepted set of standards and processes for information security products evaluation and assurance, which joins function and assurance requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Confinement

A

to restrict the actions of a program. Simply put, process confinement allows a process to read from and write to only certain memory locations and resources. This is also known as sandboxing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Conflict of interest

A

one entity with two competing allegiances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Covert Channel

A

an unintended communication path

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

CPU Cache

A

dedicated fast memory located on the same board as the CPU

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Custodian

A

An individual who is designated the responsibility for maintaining, safeguarding and accounting for classified information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Data Execution Prevention

A

a system-level memory protection feature that is built into the OS, it prevents code from being run from data pages such as the default heap, stacks, and memory pools.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Data hiding

A

a software design technique for abstraction of a process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Data Mining

A

technique allow analysts to comb through data warehouses and look for potential correlated information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Data Warehousing

A

large databases, store large amounts of information from a variety of databases for use with specialized analysis techniques.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Deadbolt Lock

A

A lock that uses strong metal components that cannot be easily forced.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Dedicated Line

A

A power or transmission line with a single function, such as data transmission, or to a single source such as an outlet for a computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Deterrent

A

Any physical or psychological device or method that discourages action.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Doppler Effect

A

The change in the frequency of a light wave or sound wave, resulting from relative motion of the source and the receiver.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Electromagnetic Interference (EMI)

A

high frequency noise

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Electromagnetic Lock

A

A door lock that uses an electrically actuated magnetic attraction to secure the door. Magnetic locks use no moving parts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Electrostatic Discharge

A

power surge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Embedded

A

hardware or software that is part of a larger system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Fault

A

momentary loss of power

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Fire Detection

A

Alerts personnel to the presence of a fire

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Fire Prevention

A

Reduces causes of fire

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Fire Suppression

A

to reduce fire

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Firmware

A

reprogrammable basic startup instructions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Foil

A

An electrically conductive ribbon used for a sensing circuit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Framework

A

third party processes used to organize the implementation of an architecture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Generator

A

fault tolerance for power

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Gong

A

Not model implementation, not answer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Graham Denning

A

focused on relationship between subjects and objects. Need update, delete, modify. Integrity security model.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Harrison-Russo-Ullman

A

More granular than Graham Denning. Access control with list and matrix. Integrity security model.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Information Flow model

A

mediation of covert channels must be addressed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Infrared Motion Detector

A

A passive, low power, area protection device that detects a change in ambient temperature within the coverage pattern caused by the movement of a body.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Infrastructure

A

specific format of technical and physical controls that support the chosen framework and the architecture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Inrush Current

A

initial surge of current

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Interference (noise)

A

natural occurrence in circuits that are in close proximity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

Intrusion Detection System

A

An alarm system comprised of intrusion sensors and alarm annunciation devices for the purpose of detecting intruders.

60
Q

ISO 27001

A

focused on the standardization and certification of an organization’s information security management system (ISMS), security governance, a standard; ISMS. Info security minimum systems

61
Q

ISO 27002

A

inspired from ISO 17799; a guideline which lists security control objectives and recommends a range of specific security controls; more granular than 27001. 14 areas

62
Q

ITSEC

A

the past internationally accepted set of standards and processes for information security products evaluation and assurance, which separates function and assurance requirements

63
Q

Jeuneman

A

Not model implementation, not answer

64
Q

Karger

A

Not model implementation, not answer

65
Q

Kernel

A

the core logic engine of an operating system which almost never changes

66
Q

Lattice

A

a one way, directed graph which indicates confidentiality or integrity flow

67
Q

Layering

A

a programming design concept which abstracts one set of functions from another in a serialized fashion

68
Q

Lee & Shockley

A

Not model implementation, not answer

69
Q

Lipner

A

Confidentiality and Integrity - use for VAX VMS and Windows

70
Q

MAC

A

Subjects are labelled as to their level of clearance. Objects are labelled as to their level of classification or sensitivity.

71
Q

Mantrap

A

a physical enclosure for verifying identity before entry to a facility SYN- double door system

72
Q

Masked/Interruptible

A

cooperative hardware and operating system notification process for prioritizing execution due to the change in state of components

73
Q

Memory Addressing

A

When using memory resources, the processor must have some means of referring to various locations in memory. The solution to this problem is known as addressing

74
Q

Memory management

A

a program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives

75
Q

Microwave Sensor

A

An active intrusion sensor that detects the movement of a person or object through a pattern of microwave energy.

76
Q

Monolithic Operating System Architecture

A

All of the code working in kernel mode/system mode in an ad hoc and non-modularized OS

77
Q

Multi Threading

A

execute different parts of a program simultaneously

78
Q

Multi-Core

A

more than one CPU on a single board

79
Q

Multi-processing

A

to execute more than one instruction at an instant in time

80
Q

Multi-processor

A

more than one processor sharing same memory, also know as parallel systems

81
Q

Multi-programming

A

rapid switching back and forth between programs from the computer’s perspective and appearing to do more that one thing at a time from the user’s perspective

82
Q

Multi-state machine

A

can offer several security levels without risk of compromising the system’s integrity.

83
Q

Multi-tasking

A

more than one process in the middle of executing at a time

84
Q

Multiprocessing

A

more than one CPU is involved.

85
Q

Multitasking

A

execute more than one task at the same time

86
Q

Non-interference

A

subjects will not interact with each other’s objects

87
Q

Operating

A

state of computer, to be running a process

88
Q

Paging

A

divides memory address space into even size blocks called pages. To emulate that we have more RAM than we have.
SYSTEM KERNAL KNOWS THE LOCATION OF THE PAGE FILE

89
Q

Photoelectric Alarm

A

A kind of motion detector that uses a focused beam of light to detect an intruder.

90
Q

Picking

A

using small special tools all tumblers of the lock are aligned for opening a door

91
Q

Preemptive

A

a type of multitasking that allows for more even distribution of computing time among competing request

92
Q

Primary storage

A

memory - RAM

93
Q

Process isolation

A

a form of data hiding which protects running threads of execution from using each other’s memory

94
Q

Protection

A

memory management technique that allows two processes to run concurrently without interaction

95
Q

Protection Keying

A

Numerical values, Divides physical memory up into particular sized blocks, each of which has an associated numerical value called a protection key

96
Q

Race Condition

A

two or more processes require access to the same resource and must complete their tasks in the proper order for normal functions

97
Q

Radio Frequency Interference (RFI)

A

lower frequency noise

98
Q

Rainbow series

A

Red = trusted network, Orange = TCSEC evaluation
Brown = trusted facilities management dcsmmmTan = audit, Aqua = glossary.
Green = password management

99
Q

Reference Monitor

A

the hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.

100
Q

Relocation

A

memory management technique which allows data to be moved from one memory address to another

101
Q

Ring protection

A

implementation of operating system protection mechanism, where more sensitive built upon the layering concept

102
Q

RISC

A

reduced instructions. Simpler operations per instruction. More fetches.

103
Q

Running

A

a process state, to be executing a process on the CPU

104
Q

SaaS

A

Software-as-a-Service, is a derivative of PaaS. Provides on-demand online access to specific software applications or suites without the need for local installation. In many cases, there are few local hardware and OS limitations.

105
Q

SABSA

A

Sherwood Applied Business Security Architecture (SABSA) is an enterprise security architecture framework that is similar to the Zachman framework. It uses the six communication questions (What, Where, When, Why, Who, and How) that intersect with six layers (operational, component, physical, logical, conceptual, and contextual).

106
Q

Sag/Dip

A

short period of low voltage.

107
Q

Secondary storage

A

the hard drive

108
Q

Security Blueprint

A

a template for the designing the architecture

109
Q

Security domain

A

an administrative unit or a group of objects and subjects controlled by one reference monitor

110
Q

Security kernel

A

subset of operating systems components dedicated to protection mechanisms

111
Q

Segmentation

A

dividing a computer’s memory into segments.

112
Q

Sharing

A

memory management technique which allows subjects to use the same resource

113
Q

Single state machine

A

operates in the security environment at the highest level of classification of the information within the computer. In other words, all users on that system must have clearance to access the info on that system.

114
Q

Site accreditation

A

the applications and systems at a specific, self-contained location are evaluated.

115
Q

Stack Memory Segment

A

used by processors to communicate instructions and data to each other

116
Q

State machine model

A

abstract and mathematical in nature, defining all possible states, transitions and operations

117
Q

Stopped

A

a process state, to be either be unable to run waiting for an external event or terminated

118
Q

Supervisor mode

A

(monitor, system, privileged) a state for operating system tasks only

119
Q

Surge

A

sudden rise in voltage in the power supply.

120
Q

Surge Suppressor

A

to reduce sudden rises in current

121
Q

Surreptitious Entry

A

The unauthorized entry into a facility or security container in a manner in which evidence of such entry is not discernable under normal circumstances.

122
Q

Surveillance

A

high degree of visual control

123
Q

Sutherland

A

Not model implementation, not answer

124
Q

System accreditation

A

a major application or general support system is evaluated.

125
Q

TCSEC (Orange Book)

A

the past U.S. military accepted set of standards and processes for computer systems evaluation and assurance, which combines function and assurance requirements

126
Q

Territoriality

A

people protect their domain

127
Q

Threads

A

a unit of execution

128
Q

TNI (Red Book)

A

the past U.S. military accepted set of standards and processes for network evaluation and assurance, which combines function and assurance requirements

129
Q

TOCTTOU attack

A

race condition exploits, and communication disconnects are known as state attacks because they attack timing, data flow control, and transition between one system state to another.

130
Q

Top Guard

A

Anti-personnel device, usually of barbed or concertina wire, installed at the tops of fences and along roof edges.

131
Q

Transients

A

line noise that is superimposed on the supply circuit.

132
Q

Trusted Computing Base

A

all of the protection mechanism in a computer system

133
Q

Type accreditation

A

an application or system that is distributed to a number of different locations is evaluated.

134
Q

Ultrasonic Detector

A

A device that senses motion in a protected area by a Doppler shift in the transmitted ultrasonic energy.

135
Q

Uninterruptible Power Source UPS

A

to smooth out reductions or increases in power

136
Q

User mode

A

(problem or program state) the problems solving state, the opposite of supervisor mode

137
Q

Virtual Memory

A

memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive

138
Q

Virtual SAN

A

software-defined shared storage system is a virtual re-creation of a SAN on top of a virtualized network or an SDN.

139
Q

Wait

A

a process state, (blocked) needing input before continuing

140
Q

Zachman framework

A

Enterprise Architecture Framework
A two-dimensional model that intersects communication interrogatives (What, Why, Where, and so on) with various viewpoints (Planner, Owner, Designer, and so on). It is designed to help optimize communication between the various viewpoints during the creation of the security architecture.

141
Q

Zone

A

Large protected premises are divided into areas or zones, each having it own identification and/or annunciation.

142
Q

IPv6 features

A

Mobile
Quality of Service
Jumbograms
Next Header
IPsec as next header

143
Q

IPv6 Control
Limit unsanctioned paths

A

Threat
Vulnerable to eavesdropping and injection attacks -> v6 globally unique addresses ->
If VPN dropped, possible communication

144
Q

IPv6 Control
Limit addresses to a small range of a subnet and controlling assignment rate

A

NDP DoS attacks when a router is overwhelmed by address resolution requests

145
Q

IPv6 Control
Router advisement guard

A

Eavesdropping via spoofed router advertisements

146
Q

IPv6 Control
DHCPv6 - Shield filtering rules

A

Unauthorized ports and malicious packets for DHCP services

147
Q

IPv6 Control
PEPs configured to enforce recommended header order

A

Malformed packets: do not conform to the recommended header extension order or maximum number of extension header repetitions