Security engineering

Question 1

Tow modes of Operation of Operating system

Answer 1

supervisor state (Privileged mode)
problem state(User mode)

Question 2

system call ?

Answer 2

The mechanism whereby mediated access occurs—that is, the driver or handler
request mentioned previously—is usually known as a system call and usually involves
invocation of a specific system or programming interface designed to pass the request to
an inner ring for service.

Question 3

Ready State

Answer 3

In the ready state, a process is ready to resume or begin processing as soon as it
is scheduled for execution.
This means the process has all the memory and other resources it needs
to begin executing immediately.

Question 4

Waiting

Answer 4

Waiting can also be understood as “waiting for a resource”—that is, the process
is ready for continued execution but is waiting for a device or access request

Question 5

Running

Answer 5

The running process executes on the CPU and keeps going until it finishes, its
time slice expires, or it is blocked for some reason
The running state is also often called the problem state
it is
called the problem state because it is possible for problems or errors to occur

Question 6

process scheduler

Answer 6

A special part of the kernel, called the program executive or the
process scheduler, is always around (waiting in memory) so that when a process state
transition must occur, it can step in and handle the mechanics involved.

Question 7

The US government has designated four approved security modes for
systems that process classified information.

Answer 7

Dedicated Mode
System High Mode
Compartmented mode
Multilevel Mode

Question 8

Dedicated Mode

Answer 8

Each user must have a security clearance (access to all information processed by the system.)
Each user must have access approval (all information processed by the system)
Each user must have a valid need to know (all information processed by the
system.)

Question 9

System High Mode

Answer 9

Each user must have a valid security clearance (access to all information processed by the system.)
Each user must have access approval (all information processed by the system)
*Each user must have a valid need to know for some information but not necessarily all information processed by the system

Question 10

Compartmented mode

Answer 10

Each user must have a valid security clearance (access to all informationprocessed by the system.)
*Each user must have access approval for any information they will have access to on the system.
Each user must have a valid need to know (all information they will have access to
on the system.)

Question 11

difference between compartmented mode systems and system high
mode systems

Answer 11

users of a compartmented mode system do not necessarily have
access approval for all the information on the system. However, as with system high and
dedicated systems, all users of the system must still have appropriate security clearances

Question 12

Multilevel Mode

Answer 12

*Some users do not have a valid security clearance for all information processed by
the system. Thus, access is controlled by whether the subject’s clearance level
dominates the object’s sensitivity label.
Each user must have access approval for all information they will have access to on
the system.
Each user must have a valid need to know for all information they will have access to
on the system.

Question 13

Note

Mode Clearance Need to know PDMCL
Dedicated Same None None
System high Same Yes None
Compartmented Same Yes Yes
Multilevel Different Yes Yes

Clearance is Same if all users must have the same security clearances, Different if otherwise.
Need to Know is None if it does not apply and is not used or if it is used but all users have the need to know all data
present on the system, Yes if access is limited by need-to-know restrictions.
PDMCL applies if and when CMW implementations are used (Yes); otherwise, PDMCL is None.

Answer 13

notice that the administrative requirements for controlling the
types of users that access a system decrease as you move from dedicated systems down to
multilevel systems.

2)
When comparing all four security modes, it is generally
understood that the multilevel mode is exposed to the highest level of risk.

Question 14

ROM’s primary advantage ?

Answer 14

ROM’s primary advantage is that it can’t be modified

Question 15

Programmable Read-Only Memory (PROM)

Answer 15

PROM chip’s contents aren’t “burned in” at the
factory as with standard ROM chips. Instead, a PROM incorporates special functionality
that allows an end user to burn in the chip’s contents later. However, the burning process
has a similar outcome—once data is written to a PROM chip, no further changes are
possible. After it’s burned in, a PROM chip essentially functions like a ROM chip.

Question 16

PROM Commonly used ?

Answer 16

PROMs are commonly used for
hardware applications where some custom functionality is necessary but seldom changes
once programmed.

Question 17

EPROM

Answer 17

when illuminated with a special
ultraviolet light, causes the contents of the chip to be erased. After this process is
complete, end users can burn new information into the EPROM as if it had never been
programmed before.

Question 18

EEPROM

Answer 18

uses electric voltages delivered to the
pins of the chip to force erasure. EEPROM chips can be erased without removing them
from the computer, which makes them much more attractive than standard PROM or
EPROM chips.

Question 19

Flash Memory

Answer 19

Flash memory is a derivative concept from EEPROM.
It is a nonvolatile
form of storage media that can be electronically erased and rewritten. The primary
difference between EEPROM and flash memory is that EEPROM must be fully erased to
be rewritten whereas flash memory can be erased and written in blocks or pages.
most common type of flash memory is NAND flash
It is widely used in memory cards,
thumb drives, mobile devices, and SSD (solid-state drives).

Question 20

Real memory

known as main memory or primary memory

Answer 20

is
typically the largest RAM storage resource available to a computer. It is normally
composed of a number of dynamic RAM chips and, therefore, must be refreshed by the
CPU on a periodic basis

Question 21

Cache RAM

Answer 21

caches that improve performance
by taking data from slower devices and temporarily storing it in faster devices when
repeated use is likely; this is cache RAM.

Question 22

dynamic RAM

Answer 22

uses a series of capacitors, tiny electrical devices that
hold a charge
However, because capacitors naturally
lose their charges over time, the CPU must spend time refreshing the contents of
dynamic RAM to ensure that 1 bits don’t unintentionally change to 0 bits, thereby
altering memory contents.

Question 23

Static RAM uses more sophisticated technology

Answer 23

a logical device known as a flip-flop,
which to all intents and purposes is simply an on/off switch that must be moved
from one position to another to change a 0 to 1 or vice versa. More important, static
memory maintains its contents unaltered as long as power is supplied and imposes
no CPU overhead for periodic refresh operations.

Question 24

registers

Answer 24

(ALU), uses when performing calculations or processing
instructions
operates in lockstep with the
CPU at typical CPU speeds.

Question 25

Register Addressing

Answer 25

When the CPU needs information from one of its
registers to complete an operation, it uses a register address (for example, “register 1”) to
access its contents.

Question 26

Immediate Addressing

Answer 26

CPU might process the command “Add 2 to the value in
register 1.” This command uses two addressing schemes. The first is immediate
addressing—the CPU is being told to add the value 2 and does not need to retrieve that
value from a memory location—it’s supplied as part of the command. The second is
register addressing; it’s instructed to retrieve the value from register 1.

Question 27

Direct Addressing

Answer 27

CPU is provided with an actual address of

the memory location to access.

Question 28

Indirect Addressing

Answer 28

CPU as part of the instruction doesn’t
contain the actual value that the CPU is to use as an operand. Instead,the memory
address contains another memory address (perhaps located on a different page).

Question 29

Base+Offset Addressing

Answer 29

Base+offset addressing uses a value stored in one of the

CPU’s registers as the base location from which to begin counting.

Question 30

Secondary Memory

Answer 30

Secondary memory is a term commonly used to refer to magnetic, optical, or flash-based
media or other storage devices that contain data not immediately available to the CPU
hard disks, floppy drives, and optical media such as CDs and
DVDs can all function as secondary memory.

Question 31

virtual memory

Answer 31

is an inexpensive way to make a computer operate as if it had more
real memory than is physically installed
Drawback
overhead, slowing down the entire system

Question 32

Random access storage

Answer 32

operating system to read (and sometimes write) immediately from any point

Question 33

Random access storage

Answer 33

operating system to read (and sometimes write) immediately from any point
Almost all primary storage
devices are random access devices.
Most secondary storage devices are also random access

Question 34

sequential storage

Answer 34

magnetic tape
To provide
access to data stored in the middle of a tape, the tape drive must physically scan through
the entire tape (even if it’s not necessarily processing the data that it passes in fastforward
mode) until it reaches the desired point.

Question 35

data remanence.

Answer 35

Data may remain on secondary storage devices even after it has been erased. This
condition is known as data remanence.

Question 36

sanitizing

Answer 36

If you truly want to remove data from a secondary storage device, you
must use a specialized utility designed to destroy all traces of data on the device or
damage or destroy it beyond possible repair (commonly called sanitizing).

Question 37

unique problem in SSDs

Answer 37

SSD wear leveling means
that there are often blocks of data that are not marked as “live” but that hold a copy
of the data when it was copied off to lower wear leveled blocks

Question 38

unique problem in SSDs

Answer 38

SSD wear leveling means
that there are often blocks of data that are not marked as “live” but that hold a copy
of the data when it was copied off to lower wear leveled blocks
This means that a
traditional zero wipe is ineffective as a data security measure for SSDs.

Question 39

Secondary storage devices are also prone to theft.

Answer 39

For this reason, it is important to use full disk

encryption to reduce the risk of an unauthorized entity gaining access to your data

Question 40

Note

Answer 40

Fortunately, many HDD and SSD devices offer on-device
native encryption.
It
is good security practice to encrypt SSDs prior to storing any data on them due to
their wear leveling technology.

Question 41

Issues with Monitors

Answer 41

program known as TEMPEST can compromise
the security of data displayed on a monitor.
TEMPEST is a technology that allows the electronic emanations that every monitor
produces (known as Van Eck radiation) to be read from a distance (this process is known
as Van Eck phreaking) and even from another location.

Question 42

CRT monitors are more prone to radiate significantly, whereas LCD monitors
leak much less (some claim not enough to reveal critical data). It is arguable that the
biggest risk with any monitor is still shoulder surfing or telephoto lenses on cameras.

Answer 42

Unfortunately, the protective controls required to prevent Van Eck
radiation (lots and lots of copper!) are expensive to implement and cumbersome to use

Question 43

Issue with Printer

Answer 43

it may be much easier to walk out
with sensitive information in printed form than to walk out with a floppy disk or other
magnetic media.
Printers are
usually exposed on the network for convenient access and are often not designed to be
secure systems. These are all issues that are best addressed by an organization’s security
policy.

Question 44

Keyboards/Mice

Answer 44

vulnerable to TEMPEST monitoring
vulnerable to less sophisticated bugging
A simple device can be placed inside a keyboard
Additionally, if your keyboard
and mouse are wireless, including Bluetooth, their radio signals can be intercepted.

Question 45

From a security standpoint, access to mapped memory
locations should be mediated by the operating system and subject to proper authorization
and access controls.

Answer 45

Memory-Mapped I/O

Question 46

Interrupt (IRQ)

Answer 46

Interrupt (IRQ) is an abbreviation for interrupt request, a technique
for assigning specific signal lines to specific devices through a special interrupt controller.

Question 47

Interrupt (IRQ)

Answer 47

Interrupt (IRQ) is an abbreviation for interrupt request, a technique
for assigning specific signal lines to specific devices through a special interrupt controller.
From a security standpoint, only
the operating system should be able to mediate access to IRQs at a sufficiently high level
of privilege to prevent tampering or accidental misconfiguration.

Question 48

Direct Memory Access

Answer 48

Direct Memory Access (DMA) works as a channel
with two signal lines, where one line is a DMA request (DMQ) line and the other is a
DMA acknowledgment (DACK) line. Devices that can exchange data directly with real
memory (RAM) without requiring assistance from the CPU use DMA to manage such
access. Using its DRQ line, a device signals the CPU that it wants to make direct access
(which may be read or write or some combination of the two) to another device, usually
real memory. The CPU authorizes access and then allows the access to proceed
independently while blocking other access to the memory locations involved

From a security standpoint, only the operating system should be able
to mediate DMA assignment and the use of DMA to access I/O devices.

Question 49

Firmware

Answer 49

Firmware is a term used to describe software
that is stored in a ROM chip. This type of software is changed infrequently (actually,
never, if it’s stored on a true ROM chip as opposed to an EPROM/EEPROM) and often
drives the basic operation of a computing device. There are two types of firmware: BIOS
on a motherboard and general internal and external device firmware.

Question 50

BIOS

Answer 50

The BIOS is contained in a firmware device that is accessed immediately by the
computer at boot time. In most computers, the BIOS is stored on an EEPROM chip to
facilitate version updates. The process of updating the BIOS is known as “flashing the
BIOS.”

Question 51

phlashing

Answer 51

There have been a few examples of malicious code embedding itself into BIOS/firmware.
There is also an attack known as phlashing, in which a malicious variation of official
BIOS or firmware is installed that introduces remote control or other malicious features
into a device.

Question 52

Device Firmware

Answer 52

Many hardware devices, such as printers and modems, also need some limited processing
power to complete their tasks while minimizing the burden placed on the operating
system itself. In many cases, these “mini” operating systems are entirely contained in
firmware chips onboard the devices they serve. As with a computer’s BIOS, device
firmware is frequently stored on an EEPROM device so it can be updated as necessary.

Question 53

Applets

Answer 53

applets are actually selfcontained

miniature programs that execute independently of the server that sent them.

Question 54

Applets

Answer 54

applets are actually selfcontained

miniature programs that execute independently of the server that sent them.

Question 55

benefits of Applets

Answer 55

The processing burden is shifted to the client, freeing up resources on the web server
to process requests from more users.

The client is able to produce data using local resources rather than waiting for a
response from the remote server. In many cases, this results in a quicker response to
changes in the input data.

In a properly programmed applet, the web server does not receive any data provided
to the applet as input, therefore maintaining the security and privacy of the user’s
financial data.

Question 56

Security concern with Applets

Answer 56

They allow
a remote system to send code to the local system for execution
Security administrators
must take steps to ensure that code sent to systems on their network is safe and properly
screened for malicious activity.

Question 57

Java applets

Answer 57

Java applets
are simply short Java programs transmitted over the Internet to perform operations on a
remote system.

Question 58

How security was address in Java Applets?

Answer 58

Sun’s
development team created the “sandbox” concept to place privilege restrictions on Java
code. The sandbox isolates Java code objects from the rest of the operating system and
enforces strict rules about the resources those objects can access.

For example, the
sandbox would prohibit a Java applet from retrieving information from areas of memory
not specifically allocated to it, preventing the applet from stealing that information.

Question 59

ActiveX Controls

Answer 59

ActiveX controls are Microsoft’s answer to Sun’s Java applets. They
operate in a similar fashion, but they are implemented using a variety of languages,
including Visual Basic, C, C++, and Java.

Question 60

Key Difference between Java Applets and ActiveX Controls

Answer 60

There are two key distinctions between Java
applets and ActiveX controls. First, ActiveX controls use proprietary Microsoft technology
and, therefore, can execute only on systems running Microsoft browsers. Second, ActiveX
controls are not subject to the sandbox restrictions placed on Java applets.

Question 61

Security issue with ActiveX Controls

Answer 61

They have full
access to the Windows operating environment and can perform a number of privileged
actions. Therefore, you must take special precautions when deciding which ActiveX
controls to download and execute. Some security administrators have taken the
somewhat harsh position of prohibiting the download of any ActiveX content from all but
a select handful of trusted sites.

Question 62

A second form of ARP cache poisoning is to create static ARP entries. This is done via the
ARP command and must be done locally. But this is easily accomplished through a script
that gets executed on the client either through a Trojan horse, buffer overflow, or social
engineering attack.

Answer 62

Once
ARP poisoning has occurred, whether against a permanent entry or a dynamic one, the
traffic transmitted from the client will be sent to a different system than intended. This is
due to have the wrong or a different hardware address (that is, the MAC address)
associated with an IP address. ARP cache poisoning or just ARP poisoning is one means
of setting up a man-in-the-middle attack.

Question 63

Another popular means of performing a man-in-the-middle attack is through DNS cache
poisoning.

Answer 63

Similar to ARP cache, once a client receives a response from DNS, that
response will be cached for future use. If false information can be fed into the cache, then
misdirecting communications is trivially easy. There are many means of performing DNS
cache poisoning, including HOSTS poisoning, authorized DNS server attacks, caching
DNS server attacks, DNS lookup address changing, and DNS query spoofing.

Question 64

HOSTS poisoning

Answer 64

The HOSTS file is the static file found on TCP/IP supporting system that contains hardcoded
references for domain names and their associated IP addresses.

Administrators or hackers can add
content to the HOSTS file that sets up a relationship between a FQDN (fully qualified
domain name) and the IP address of choice. If an attacker is able to plant false
information into the HOSTS file, then when the system boots the contents of the HOSTS
file will be read into memory where they will take precedence. Unlike dynamic queries,
which eventually time out and expire from cache, entries from the HOSTS file are
permanent.

Question 65

Authorized DNS server attacks

Answer 65

Authorized DNS server attacks aim at altering the primary record of a FQDN on its
original host system.A caching DNS server is any DNS system
deployed to cache DNS information from other DNS servers.
The content hosted on a caching DNS server
is not being watched by the worldwide security community, just the local operators. Thus,
an attack against a caching DNS server can potentially occur without notice for a
significant period of time.

Question 66

A fourth example of DNS poisoning focuses on sending an alternate IP address to the
client to be used as the DNS server the client uses for resolving queries.

Answer 66

A fifth example of DNS poisoning is that of DNS query spoofing

This attack occurs when
the hacker is able to eavesdrop on a client’s query to a DNS server. The attacker then
sends back a reply with false information. If the client accepts the false reply, they will
put that information in their local DNS cache. When the real reply arrives, it will be
discarded since the original query will have already been answered.

Question 67

Aggregation

Answer 67

Aggregation attacks are used to collect numerous
low-level security items or low-value items and combine them to create something of a
higher security level or value.

it’s especially important for database security administrators to strictly
control access to aggregate functions and adequately assess the potential information
they may reveal to unauthorized individuals.

Question 68

Inference

Answer 68

Inference attacks involve combining several pieces of
nonsensitive information to gain access to information that should be classified at a
higher level. However, inference makes use of the human mind’s deductive capacity
rather than the raw mathematical ability of modern database platforms.

As with aggregation, the best defense against inference attacks is to maintain constant
vigilance over the permissions granted to individual users

Question 69

data dictionary

Answer 69

A data dictionary is commonly used for storing critical information about data, including
usage, type, sources, relationships, and formats. DBMS software reads the data dictionary
to determine access rights for users attempting to access data.

Question 70

data mart

Answer 70

One common security example of metadata is that of a security incident report. An
incident report is the metadata extracted from a data warehouse of audit logs through the
use of a security auditing data mining tool. In most cases, metadata is of a greater value
or sensitivity (due to disclosure) than the bulk of data in the warehouse. Thus, metadata
is stored in a more secure container known as the data mart.

Question 71

Note

Answer 71

Data warehouses and data mining are significant to security professionals for two
reasons. First, as previously mentioned, data warehouses contain large amounts of
potentially sensitive information vulnerable to aggregation and inference attacks, and
security practitioners must ensure that adequate access controls and other security
measures are in place to safeguard this data. Second, data mining can actually be used as
a security tool when it’s used to develop baselines for statistical anomaly–based intrusion
detection systems.

Question 72

Data analytics

Answer 72

Data analytics is the science of raw data examination with the focus of extracting useful
information out of the bulk information set.

Question 73

Big data

Answer 73

Big data refers to collections of data that have become so large that traditional means of
analysis or processing are ineffective, inefficient, and insufficient.

Big data involves
numerous difficult challenges, including collection, storage, analysis, mining, transfer,
distribution, and results presentation.

The
potential to learn from big data is tremendous, but the burdens of dealing with big data
are equally great.

Big data analysis requires high-performance analytics running on
massively parallel or distributed processing systems. With regard to security,
organizations are endeavoring to collect an ever more detailed and exhaustive range of
event data and access data. This data is collected with the goal of assessing compliance,
improving efficiencies, improving productivity, and detecting violations.

Question 74

Note

Answer 74

From a
security standpoint, this means that because processing and storage are distributed on
multiple clients and servers, all those computers must be properly secured and protected.
It also means that the network links between clients and servers (and in some cases,
these links may not be purely local) must also be secured and protected. When evaluating
security architecture, be sure to include an assessment of the needs and risks related to
distributed architectures.
–
For example, modems attached to a desktop machine that’s also attached to
an organization’s network can make that network vulnerable to dial-in attacks. There is
also a risk that wireless adapters on client systems can be used to create open networks.
Likewise, users who download data from the Internet increase the risk of infecting their
own and other systems with malicious code, Trojan horses, and so forth.

Question 75

Device Security

Answer 75

Full Device Encryption
However, encryption isn’t a guarantee of
protection for data, especially if the device is stolen while unlocked or if the system itself
has a known backdoor attack vulnerability.
Remote Wiping
remote wipe lets you delete all data and possibly even configuration
settings from a device remotely.
The use of an undelete or data recovery utility can often
recover data on a wiped device.

Question 76

Remote Wiping

Answer 76

remote wipe lets you delete all data and possibly even configuration
settings from a device remotely.
The use of an undelete or data recovery utility can often
recover data on a wiped device.

To ensure that a remote wipe destroys data beyond
recovery, the device should be encrypted.

Question 77

Lockout

Answer 77

Lockout on a mobile device is similar to account lockout on a company workstation.
When a user fails to provide their credentials after repeated attempts, the account or
device is disabled (locked out) for a period of time or until an administrator clears the
lockout flag.
Mobile devices may offer a lockout feature, but it’s in use only if a screen lock has been
configured.

Question 78

Screen Locks

Answer 78

A screen lock is designed to prevent someone from casually picking up and being able to
use your phone or mobile device.
However, most screen locks can be unlocked by swiping
a pattern or typing a number on a keypad display. Neither of these is truly a secure
operation.

To unlock the device, you must enter a password, code, or PIN; draw a
pattern; offer your eyeball or face for recognition; scan your fingerprint; or use a
proximity device such as a near-field communication (NFC) or radio-frequency
identification (RFID) ring or tile.

Question 79

Near field communication (NFC)

Answer 79

Near field communication (NFC) is a standard to establish radio communications
between devices in close proximity. It lets you perform a type of automatic
synchronization and association between devices by touching them together or
bringing them within inches of each other.

It’s often used to perform device-to-device data
exchanges, set up direct communications, or access more complex services such as
WPA-2 encrypted wireless networks by linking with the wireless access point via
NFC.

NFC is a radio-based technology, it isn’t without its vulnerabilities.
NFC attacks can include man-in-the-middle, eavesdropping, data manipulation, and
replay attacks.

Question 80

GPS

Answer 80

Many mobile devices include a GPS chip to support and benefit from localized services,
such as navigation, so it’s possible to track those devices. The GPS chip itself is usually
just a receiver of signals from orbiting GPS satellites.
However, applications on the
mobile device can record the GPS location of the device and then report it to an online
service.

Question 81

Application Control

Answer 81

Application control is a device-management solution that limits which applications can be
installed onto a device.
enforce the settings of certain applications, in order to
support a security baseline or
maintain other forms of compliance.

Question 82

Storage Segmentation

Answer 82

Storage segmentation is used to artificially compartmentalize various types or values of
data on a storage medium.
On a mobile device, the device manufacturer and/or the
service provider may use storage segmentation to isolate the device’s OS and preinstalled
apps from user-installed apps and user data.

Question 83

Asset Tracking

Answer 83

You can use asset tracking to verify that a device is still in the possession of the assigned
authorized user. Some asset-tracking solutions can locate missing or stolen devices.

Some asset-tracking solutions expand beyond hardware inventory management and can
oversee the installed apps, app usage, stored data, and data access on a device.

Question 84

Inventory Control

Answer 84

Using a mobile device camera, apps that can take photos or scan bar codes can
be used to track physical goods

Question 85

Mobile Device Management

Answer 85

Mobile device management (MDM) is a software solution to the challenging task of
managing the myriad mobile devices that employees use to access company resources.

The goals of MDM are to improve security, provide monitoring, enable remote
management, and support troubleshooting

You can use MDM to push or
remove apps, manage data, and enforce configuration settings both over the air (across a
carrier network) and over Wi-Fi connections.

Question 86

Key Management

Answer 86

The
best option for key storage is usually removable hardware or the use of a Trusted
Platform Module (TPM), but these are rarely available on mobile phones and tablets.

Question 87

Authentication

Answer 87

Whenever possible, use a password, provide a PIN, offer your eyeball or
face for recognition, scan your fingerprint, or use a proximity device such as an NFC or
RFID ring or tile.

As mentioned previously, it’s also prudent to
combine device authentication with device encryption to block access to stored
information via a connection cable.

Question 88

Geotagging

Answer 88

This allows a would-be attacker (or angry ex) to view photos from social
networking or similar sites and determine exactly when and where a photo was taken.
This geotagging can be used for nefarious purposes, such as determining when a person
normally performs routine activities.

Question 89

Application Whitelisting

Answer 89

Application whitelisting is a security option that prohibits unauthorized software from
being able to execute. Whitelisting is also known as deny by default or implicit deny.

Due to the growth of malware, an application whitelisting approach is one of the few
options remaining that shows real promise in protecting devices and data.

Question 90

BYOD

Answer 90

BYOD is a policy that allows employees to bring their own personal mobile devices into
work and use those devices to connect to (or through) the company network to business
resources and/or the Internet.

Question 91

BYOD is a policy that allows employees to bring their own personal mobile devices into
work and use those devices to connect to (or through) the company network to business
resources and/or the Internet.

Answer 91

Although BYOD may improve employee morale and job

satisfaction, it increases security risk to the organization.

Question 92

Data Ownership

Answer 92

Establishing data ownership can be
complicated. For example, if a device is lost or stolen, the company may wish to trigger a
remote wipe, clearing the device of all valuable information. However, the employee will
often be resistant to this, especially if there is any hope that the device will be found or
returned.

Some MDM solutions can provide data isolation/segmentation and support
business data sanitization without affecting personal data.

Question 93

Support Ownership

Answer 93

When an employee’s mobile device experiences a failure, a fault, or damage, who is
responsible for the device’s repair, replacement, or technical support? The BYOD policy
should define what support will be provided by the company and what support is left to
the individual and, if relevant, their service provider.

Question 94

Patch Management

Answer 94

The BYOD policy should define the means and mechanisms of patch management for a
personally owned mobile device. Is the user responsible for installing updates? Should
the user install all available updates? Should the organization test updates prior to ondevice
installation? Are updates to be handled over the air (via service provider) or over
Wi-Fi? Are there versions of the mobile OS that cannot be used? What patch or update
level is required?

Question 95

Antivirus Management

Answer 95

The BYOD policy should dictate whether antivirus, anti-malware, and anti-spyware
scanners are to be installed on mobile devices. The policy should indicate which
products/apps are recommended for use, as well as the settings for those solutions.

Question 96

static environment

Answer 96

A static environment is a set of conditions, events, and surroundings that
don’t change.

Question 97

robotic, sensors

Answer 97

Basically, any
computational device that can cause a movement to occur in the real world is considered
a robotic element, whereas any such device that can detect physical conditions (such as
temperature, light, movement, and humidity) are sensors.

Question 98

IOT

Answer 98

The IoT is the collection of devices that can
communicate over the Internet with one another or with a control console in order to
affect and monitor the real world.

Question 99

Technical mechanisms are the controls that system designers can build right into their
systems.

Answer 99

layering, abstraction, data hiding, process isolation, and

hardware segmentation.

Question 100

layering

Answer 100

It puts the most sensitive functions of a process at the core, surrounded
by a series of increasingly larger concentric circles with correspondingly lower sensitivity
levels (using a slightly different approach, this is also sometimes explained in terms of
upper and lower layers, where security and privilege decrease when climbing up from
lower to upper layers).