Security Engineering Domain

Question 1

The design, documentation, and management of the lowest layer of the OSI network model - the physical layer

Answer 1

Cable Plant Management

Question 2

This model focuses on preventing conflict of interest when a given subject has access to objects with sensitive information associated with two competing parties

Answer 2

Brewer-Nash (The Chinese Wall) Model

Question 3

Explores the rules that would have to be in place if a subject is granted a certain level of clearance and a particular mode of access

Answer 3

Bell-La Padula Model

Question 4

A mathematical function that is used in the encryption and decryption processes

Answer 4

Algorithm

Question 5

Involves randomly arranging the positions of key data areas of a program, including the base of the executable and the positions of the stack, heap and libraries in a process’s memory address space

Answer 5

Address Space Layout Randomization (ASLR)

Question 6

One-way functions, that is, a process that is much simpler to go in one direction (forward) than go in the other direction (backward or reverse engineering)

Answer 6

Asymmetric Algorithms

Question 7

A two-dimensional table that allows for individual subjects and objects to be related to each other

Answer 7

Access Control Matrix

Question 8

Involves the removal of characteristics from an entity in order to easily represent its essential properties

Answer 8

Abstraction

Question 9

The process of exchanging one letter or byte for another

Answer 9

Subsitution

Question 10

The science that deals with hidden, disguised, or encrypted communications. It embraces communications security and communications intelligence

Answer 10

Cryptology

Question 11

The study of techniques for attempting to defeat cryptographic techniques and more generally, information security services

Answer 11

Cryptanalysis

Question 12

Communications mechanisms hidden from the access control and standard monitoring systems of an information system

Answer 12

Covert Channels

Question 13

Provides a set of generally accepted processes to assist in maximizing the benefits derived from using information technology (IT) and developing appropriate IT governance

Answer 13

Control Objects for Information and Related Technology (COBIT)

Question 14

Provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns

Answer 14

Community Cloud Infrastructure

Question 15

A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g, networks, servers, sotrage, applications, and services) that can be rapidly provisioned and released with minimal management

Answer 15

Cloud Computing

Question 16

The altered form of a plaintect message so as to be unreadable for anyone except the intended recipient

Answer 16

Ciphertext or Cryptogram

Question 17

An entity trusted by one of more users as an authority in a network that issues, revokes, and manages digital certificates

Answer 17

Certificate Authority (CA)

Question 18

A repository for information collected from a variety of data sources

Answer 18

Data Warehouse

Question 19

Maintains activities at different security levels to separate these levels from each other

Answer 19

Data Hiding

Question 20

The ability to deduce (infer) sensitive or restricted information from observing available information

Answer 20

Inference

Question 21

The storage of programs or instructions in ROM

Answer 21

Firmware

Question 22

Focused on setting the long-term strategy for security services in the enterprise

Answer 22

Enterprise Security Architecture (ESA)

Question 23

Provide authentication of a sender and integrity of a sender’s message

Answer 23

Digital Signatures

Question 24

A broad range of technologies that grant control and protection to content providers over their own digital media

Answer 24

Digital Rights Management (DRM)

Question 25

An electronic document that contains the name of an organization of individual, the business address, the digital signature of the certificate authority issuing the certificate, the certificate holder’s public key, a serial number, and the expiration date

Answer 25

Digital Certificate

Question 26

Provided by mixing up the location of the plaintext throughout the ciphertext

Answer 26

Diffusion

Question 27

The reverse process from encoding - converting the encoded message back into its plaintext format

Answer 27

Decoding

Question 28

Accepts an input message of any length and generates, through a one-way operation, a fixed-length output

Answer 28

Hash Function

Question 29

Used to provide computing services in a small form factor with limited processing power

Answer 29

Embedded Systems

Question 30

Defines the organizational structure and skill requirements of an IT organization as well as the set of operational procedures and practices that direct IT operations and infrastructure, including information security operations

Answer 30

IT Infrastructure Library (ITIL)

Question 31

Used to control industrial processes such as manufacturing, product handling, production and distribution

Answer 31

Industrial Control Systems (ICS)

Question 32

The action of chaning a message into another format through the use of a code

Answer 32

Encoding

Question 33

A connectivity software that enables multiple processes running on one or more machines to interact

Answer 33

Middleware

Question 34

Combining non-sensitive data from separate sources to create sensitive information

Answer 34

Aggregation

Question 35

Smart networked systems with embedded sensors, processors, and actuators that are designed to sense and interact with the physical world and support real-time guaranteed performance in safety-critical applications

Answer 35

Cyber-Physical Systems (CPS)

Question 36

Provided by mixing (changing) the key values used during the repeated rounds of encryption. When the key is modified for each round, it provides added complexity that the attacker would encounter

Answer 36

Confusion

Question 37

Provides a structured methodology for documenting security requirements, documenting and validating security capabilities, and promoting international cooperation in the area of IT security

Answer 37

Common Criteria

Question 38

Provides a foundation upon which organizations can establish and review information technology security programs

Answer 38

“Generally Accepted Principles and Practices fo Securing Information Technology Systems” (NIST SP 800-14)

Question 39

A logical structure for identifying and organizing the descriptive representations (models) that are important in the management of enterprises and to the development of the systems, both automated and manual, that comprise them

Answer 39

Zachman Framework

Question 40

A small block of data that is generated using a secret key and then appended to the message

Answer 40

Message Authentication Code (MAC)

Question 41

When different encryption keys generate the same ciphertext from the same plaintext message

Answer 41

Key Clustering

Question 42

An interoperable authentication protocol based on the OAuth 2.0 family of specifications

Answer 42

OpenID Connect

Question 43

Divides the memory address space into equal-sized blocks called pages

Answer 43

Paging

Question 44

Divides physical memory up into blocks of a particular size, each of which has an associated numerical value called protection key

Answer 44

Protection Keying

Question 45

Holistic life cycle for developing security architecure that begins with assessing business requirements and subsequently creating a “chain of traceability” through the phases of strategy, concept, design, implementation, and metrics

Answer 45

Sherwood Applied Business Security Architecture (SABSA) Framework

Question 46

Dividing a computer’s memory into segments

Answer 46

Segmentation

Question 47

When a cryptosystem performs its enryption on a bit-by-bit basis

Answer 47

Stream-based Ciphers

Question 48

This represents the time and effort required to break a protective measure

Answer 48

Work Factor

Question 49

The process of reordering the plaintext to hide the message

Answer 49

Transposition

Question 50

An architecture content framework (ACF) to describe standard building blocks and components as well as numerous reference models

Answer 50

The Open Group Architecture Framwork (TOGAF)

Question 51

The core of an OS, and one of its main functions is to provide access to system resources, which includes the system’s hardware and processes

Answer 51

System Kernel

Question 52

A small representation of a larger message. Message digests are used to ensure the authentication and integrity of information, not the confidentiality

Answer 52

Message Digest

Question 53

This represents the total number of possible values of keys in a cryptographic algorithm or other security measure, such as a password

Answer 53

Key Space

Question 54

The size of a key, usually measured in bits or bytes, which a cryptographic algorithm used in ciphering or deciphering protected information

Answer 54

Key Length

Question 55

Operate with a single cryptographic key that is used for both enryption and decryption of the message

Answer 55

Symmetric Algorithms

Question 56

An XML-based standard used to exchange authentication and authorization information

Answer 56

Security Assertion Markup Language (SAML)

Question 57

Holds data not currently being used by the CPU and is used when data must be sotred for an extended period of time using high-capacity, nonvolatile storage

Answer 57

Secondary Storage

Question 58

An area or grouping within which a defined set of security policies and measures are applied to achieve a specific level of security

Answer 58

Security Zone of Control

Question 59

Attempt to take advantage of how a system handles multiple requests

Answer 59

State Attacks

Question 60

Describes the behavior of a system as it moves between one state and another, from one moment to another

Answer 60

State Machine Model

Question 61

The message in its natural format

Answer 61

Plaintext

Question 62

Provides the security architect with a framework of specifications to ensure the safe processing, storing, and transmission of cardholder information

Answer 62

Payment Card Industry Data Security Standard (PCI-DSS)

Question 63

Stores data that has a high probability of being requested by the CPU

Answer 63

Primary Storage

Question 64

In this model, the cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers

Answer 64

Private Cloud

Question 65

A security model describes strict layers of subjects and objects and defines clear rules that allow or disallow interactions between them based on the layers they are in

Answer 65

Multilevel Lattice Models

Question 66

A service that ensures the sender cannot deny a message was sent and the integrity of the message is intact

Answer 66

Non-repudiation

Question 67

A non-profit organization focused on improving the security of software

Answer 67

OWASP

Question 68

A composition of two or more distinct cloud infrastructures (private, community or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability

Answer 68

Hybrid Cloud Infrastructure

Question 69

A non-secret binary vector used as the initializing input algorithm for the encryption of a plaintext block sequence to increase security by introducing additional cryptography variance and to synchronize cryptographic equipment

Answer 69

Initialization Vector (IV)

Question 70

Provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic or government organization, or some combination of them. It exists on the premises of the cloud provider

Answer 70

Public Cloud Infrastructure

Question 71

This performs certificate registration services on behalf of a CA

Answer 71

Registration Authority

Question 72

Primarily concerned with how subjects and objects are created, how subjects are assigned rights or privileges, and how ownership of objects is managed

Answer 72

Graham-Denning

Question 73

Describes the essential characteristics of an organization’s security engineering process that must exist to ensure good security engineering

Answer 73

ISO/IEC 21827:2008, The Systems Security Engineering - Capability Maturity Model (SSE-CMM)