Sybex Book Review 2 Flashcards

1
Q

Ryan is responsible for managing the cryptographic keys used by his organization. Which of the following statements are correct about how he should select and manage those keys? (Choose all that apply.)

A. Keys should be sufficiently long to protect against future attacks if the data is expected to remain sensitive.
B. Keys should be chosen using an approach that generates them from a predictable pattern.
C. Keys should be maintained indefinitely.
D. Longer keys provide greater levels of security.

A

A, D. Keys must be long enough to withstand attack for as long as the data is expected to remain sensitive. They should not be generated in a predictable way but, rather, should be randomly generated. Keys should be securely destroyed when they are no longer needed and not indefinitely retained. Longer keys do indeed provide greater security against brute-force attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

John recently received an email message from Bill. What cryptographic goal would need to be met to convince John that Bill was actually the sender of the message?

A. Nonrepudiation
B. Confidentiality
C. Availability
D. Integrity

A

A. Nonrepudiation prevents the sender of a message from later denying that they sent it. Confidentiality protects the contents of encrypted data from unauthorized disclosure. Integrity protects data from unauthorized modification. Availability is not a goal of cryptography.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You are implementing AES encryption for files that your organization plans to store in a cloud storage service and wish to have the strongest encryption possible. What key length should you choose?

A. 192 bits
B. 256 bits
C. 512 bits
D. 1,024 bits

A

B. The strongest keys supported by the Advanced Encryption Standard are 256 bits. The valid AES key lengths are 128, 192, and 256 bits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You are creating a security product that must facilitate the exchange of symmetric encryption keys between two parties that have no way to securely exchange keys in person. What algorithm might you use to facilitate the exchange?

A. Rijndael
B. Blowfish
C. Vernam
D. Diffie–Hellman

A

D. The Diffie–Hellman algorithm allows the exchange of symmetric encryption keys between two parties over an insecure channel.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What occurs when the relationship between the plaintext and the key is complicated enough that an attacker can’t merely continue altering the plaintext and analyzing the resulting ciphertext to determine the key? (Choose all that apply.)

A. Confusion
B. Transposition
C. Polymorphism
D. Diffusion

A

A, D. Confusion and diffusion are two principles underlying most cryptosystems. Confusion occurs when the relationship between the plaintext and the key is so complicated that an attacker can’t merely continue altering the plaintext and analyzing the resulting ciphertext to determine the key. Diffusion occurs when a change in the plaintext results in multiple changes spread throughout the ciphertext.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Randy is implementing an AES-based cryptosystem for use within his organization. He would like to better understand how he might use this cryptosystem to achieve his goals. Which of the following goals are achievable with AES? (Choose all that apply.)

A. Nonrepudiation
B. Confidentiality
C. Authentication
D. Integrity

A

B, C, D. AES provides confidentiality, integrity, and authentication when implemented properly. Nonrepudiation requires the use of a public key cryptosystem to prevent users from falsely denying that they originated a message and cannot be achieved with a symmetric cryptosystem, such as AES.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Brian encountered encrypted data left on one of his systems by attackers who were communicating with one another. He has tried many cryptanalytic techniques and was unable to decrypt the data. He believes that the data may be protected with an unbreakable system. When correctly implemented, what is the only cryptosystem known to be unbreakable?

A. Transposition cipher
B. Substitution cipher
C. Advanced Encryption Standard
D. One-time pad

A

D. Assuming that it is used properly, the one-time pad is the only known cryptosystem that is not vulnerable to attacks. All other cryptosystems, including transposition ciphers, substitution ciphers, and even AES, are vulnerable to attack, even if no attack has yet been discovered.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Helen is planning to use a one-time pad to meet a unique cryptographic requirement in her organization. She is trying to identify the requirements for using this cryptosystem. Which of the following are requirements for the use of a one-time pad? (Choose all that apply.)

A. The encryption key must be at least one-half the length of the message to be encrypted.
B. The encryption key must be randomly generated.
C. Each one-time pad must be used only once.
D. The one-time pad must be physically protected against disclosure.

A

B, C, D. The encryption key must be at least as long as the message to be encrypted. This is because each key element is used to encode only one character of the message. The three other facts listed are all characteristics of one-time pad systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Brian administers a symmetric cryptosystem used by 20 users, each of whom has the ability to communicate privately with any other user. One of those users lost control of their account and Brian believes that user’s keys were compromised. How many keys must he change?

A. 1
B. 2
C. 19
D. 190

A

C. In a symmetric cryptosystem, a unique key exists for each pair of users. In this case, every key involving the compromised user must be changed, meaning that the key that the user shared with each of the other 19 users must be changed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which one of the following cipher types operates on large pieces of a message rather than individual characters or bits of a message?

A. Stream cipher
B. Caesar cipher
C. Block cipher
D. ROT3 cipher

A

C. Block ciphers operate on message “chunks” rather than on individual characters or bits. The other ciphers mentioned are all types of stream ciphers that operate on individual bits or characters of a message.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

James is the administrator for his organization’s symmetric key cryptographic system. He issues keys to users when the need arises. Mary and Beth recently approached him and presented a need to be able to exchange encrypted files securely. How many keys must James generate?

A. One
B. Two
C. Three
D. Four

A

A. Symmetric key cryptography uses a shared secret key. All communicating parties utilize the same key for communication in any direction. Therefore, James only needs to create a single symmetric key to facilitate this communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Dave is developing a key escrow system that requires multiple people to retrieve a key but does not depend on every participant being present. What type of technique is he using?

A. Split knowledge
B. M of N Control
C. Work function
D. Zero-knowledge proof

A

B. M of N Control requires that a minimum number of agents (M) out of the total number of agents (N) work together to perform high-security tasks. M of N Control is an example of a split knowledge technique, but not all split knowledge techniques are used for key escrow.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is used to increase the strength of cryptography by creating a unique ciphertext every time the same message is encrypted with the same key?

A. Initialization vector
B. Vigenère cipher
C. Steganography
D. Stream cipher

A

A. An initialization vector (IV) is a random bit string (a nonce) that is the same length as the block size that is XORed with the message. IVs are used to create a unique ciphertext every time the same message is encrypted with the same key. Vigenère ciphers are an example of a substitution cipher technique. Steganography is a technique used to embed hidden messages within a binary file. Stream ciphers are used to encrypt continuous streams of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Tammy is choosing a mode of operation for a symmetric cryptosystem that she will be using in her organization. She wants to choose a mode that is capable of providing both confidentiality and data authenticity. What mode would best meet her needs?

A. ECB
B. GCM
C. OFB
D. CTR

A

B. Galois/Counter Mode (GCM) and Counter with Cipher Block Chaining Message Authentication Code mode (CCM) are the only two modes that provide both confidentiality and data authenticity. Other modes, including Electronic Code Book (ECB), Output Feedback (OFB), and Counter (CTR) modes, only provide confidentiality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Julie is designing a highly secure system and is concerned about the storage of unencrypted data in RAM. What use case is she considering?

A. Data in motion
B. Data at rest
C. Data in destruction
D. Data in use

A

D. Data that is stored in memory is being actively used by a system and is considered data in use. Data at rest is data that is stored on nonvolatile media, such as a disk. Data in motion is being actively transferred over a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Renee conducted an inventory of encryption algorithms used in her organization and found that they are using all of the algorithms below. Which of these algorithms should be discontinued? (Choose all that apply.)

A. AES
B. DES
C. 3DES
D. RC5

A

B, C. The Advanced Encryption Standard (AES) and Rivest Cipher 6 (RC6) are modern, secure algorithms. The Data Encryption Standard (DES) and Triple DES (3DES) are outdated and no longer considered secure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which one of the following encryption algorithm modes suffers from the undesirable characteristic of errors propagating between blocks?

A. Electronic Code Book
B. Cipher Block Chaining
C. Output Feedback
D. Counter

A

B. One important consideration when using CBC mode is that errors propagate—if one block is corrupted during transmission, it becomes impossible to decrypt that block and the next block as well. The other modes listed here do not suffer from this flaw.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which one of the following key distribution methods is most cumbersome when users are located in different geographic locations?

A. Diffie–Hellman
B. Public key encryption
C. Offline
D. Escrow

A

C. Offline key distribution requires a side channel of trusted communication, such as in-person contact. This can be difficult to arrange when users are geographically separated. Alternatively, the individuals could use the Diffie–Hellman algorithm or other asymmetric/public key encryption technique to exchange a secret key. Key escrow is a method for managing the recovery of lost keys and is not used for key distribution.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Victoria is choosing an encryption algorithm for use within her organization and would like to choose the most secure symmetric algorithm from a list of those supported by the software package she intends to use. If the package supports the following algorithms, which would be the best option?

A. AES-256
B. 3DES
C. RC4
D. Skipjack

A

A. The AES-256 algorithm is a modern, secure cryptographic algorithm. 3DES, RC4, and Skipjack are all outdated algorithms that suffer from significant security issues.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

The Jones Institute has six employees and uses a symmetric key encryption system to ensure confidentiality of communications. If each employee needs to communicate privately with every other employee, how many keys are necessary?

A. 1
B. 6
C. 15
D. 30

A

C. A separate key is required for each pair of users who want to communicate privately. In a group of six users, this would require a total of 15 secret keys. You can calculate this value by using the formula (n * (n – 1) / 2). In this case, n = 6, resulting in (6 * 5) / 2 = 15 keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Brian computes the digest of a single sentence of text using a SHA-2 hash function. He then changes a single character of the sentence and computes the hash value again. Which one of the following statements is true about the new hash value?

A. The new hash value will be one character different from the old hash value.
B. The new hash value will share at least 50 percent of the characters of the old hash value.
C. The new hash value will be unchanged.
D. The new hash value will be completely different from the old hash value.

A

D. Any change, no matter how minor, to a message will result in a completely different hash value. There is no relationship between the significance of the change in the message and the significance of the change in the hash value.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Alan believes that an attacker is collecting information about the electricity consumption of a sensitive cryptographic device and using that information to compromise encrypted data. What type of attack does he suspect is taking place?

A. Brute force
B. Side channel
C. Known plaintext
D. Frequency analysis

A

B. Side-channel attacks use information gathered about a system’s use of resources, timing, or other characteristics to contribute to breaking the security of encryption. Brute-force attacks seek to exhaust all possible encryption keys. Known plaintext attacks require access to both plaintext and its corresponding ciphertext. Frequency analysis attacks require access to ciphertext.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

If Richard wants to send a confidential encrypted message to Sue using a public key cryptosystem, which key does he use to encrypt the message?

A. Richard’s public key
B. Richard’s private key
C. Sue’s public key
D. Sue’s private key

A

C. Richard must encrypt the message using Sue’s public key so that Sue can decrypt it using her private key. If he encrypted the message with his own public key, the recipient would need to know Richard’s private key to decrypt the message. If he encrypted it with his own private key, any user could decrypt the message using Richard’s freely available public key. Richard could not encrypt the message using Sue’s private key because he does not have access to it. If he did, any user could decrypt it using Sue’s freely available public key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

If a 2,048-bit plaintext message were encrypted with the ElGamal public key cryptosystem, how long would the resulting ciphertext message be?

A. 1,024 bits
B. 2,048 bits
C. 4,096 bits
D. 8,192 bits

A

C. The major disadvantage of the ElGamal cryptosystem is that it doubles the length of any message it encrypts. Therefore, a 2,048-bit plaintext message would yield a 4,096-bit ciphertext message when ElGamal is used for the encryption process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Acme Widgets currently uses a 3,072-bit RSA encryption standard companywide. The company plans to convert from RSA to an elliptic curve cryptosystem. If the company wants to maintain the same cryptographic strength, what ECC key length should it use?

A. 256 bits
B. 512 bits
C. 1,024 bits
D. 2,048 bits

A

A. The elliptic curve cryptosystem requires significantly shorter keys to achieve encryption that would be the same strength as encryption achieved with the RSA encryption algorithm. A 3,072-bit RSA key is cryptographically equivalent to a 256-bit elliptic curve cryptosystem key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

John wants to produce a message digest of a 2,048-byte message he plans to send to Mary. If he uses the SHA-2 hashing algorithm, what is a possible size for the message digest generated?

A. 160 bits
B. 512 bits
C. 1,024 bits
D. 2,048 bits

A

B. The SHA-2 hashing algorithm comes in four variants. SHA-224 produces 224-bit digests. SHA-256 produces 256-bit digests. SHA-384 produces 384-bit digests, and SHA-512 produces 512-bit digests. Of the options presented here, only 512 bits is a valid SHA-2 hash length.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

After conducting a survey of encryption technologies used in her organization, Melissa suspects that some may be out of date and pose security risks. Which one of the following technologies is considered flawed and should no longer be used?

A. SHA-3
B. TLS 1.2
C. IPsec
D. SSL 3.0

A

D. The Secure Sockets Layer (SSL) protocol is deprecated and no longer considered secure. It should never be used. The Secure Hash Algorithm 3 (SHA-3), Transport Layer Security (TLS) 1.2, and IPsec are all modern, secure protocols and standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

You are developing an application that compares passwords to those stored in a Unix password file. The hash values you compute are not correctly matching those in the file. What might have been added to the stored password hashes?

A. Salt
B. Double hash
C. Added encryption
D. One-time pad

A

A. Cryptographic salt values are added to the passwords in password files before hashing to defeat rainbow table and dictionary attacks. Double hashing does not provide any added security. Adding encryption to the passwords is challenging, because then the operating system must possess the decryption key. A one-time pad is only appropriate for use in human-to-human communications and would not be practical here.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Richard received an encrypted message sent to him from Sue. Sue encrypted the message using the RSA encryption algorithm. Which key should Richard use to decrypt the message?

A. Richard’s public key
B. Richard’s private key
C. Sue’s public key
D. Sue’s private key

A

B. Sue would have encrypted the message using Richard’s public key. Therefore, Richard needs to use the complementary key in the key pair, his private key, to decrypt the message.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Richard wants to digitally sign a message he’s sending to Sue so that Sue can be sure the message came from him without modification while in transit. Which key should he use to encrypt the message digest?

A. Richard’s public key
B. Richard’s private key
C. Sue’s public key
D. Sue’s private key

A

B. Richard should encrypt the message digest with his own private key. When Sue receives the message, she will decrypt the digest with Richard’s public key and then compute the digest herself. If the two digests match, she can be assured that the message truly originated from Richard.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Which one of the following algorithms is not supported by the Digital Signature Standard under FIPS 186-4?

A. Digital Signature Algorithm
B. RSA
C. ElGamal DSA
D. Elliptic Curve DSA

A

C. The Digital Signature Standard allows federal government use of the Digital Signature Algorithm, RSA, or the Elliptic Curve DSA in conjunction with the SHA-1 hashing function to produce secure digital signatures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Which International Telecommunications Union (ITU) standard governs the creation and endorsement of digital certificates for secure electronic communication?

A. X.500
B. X.509
C. X.900
D. X.905

A

B. X.509 governs digital certificates and the public key infrastructure (PKI). It defines the appropriate content for a digital certificate and the processes used by certificate authorities to generate and revoke certificates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Ron believes that an attacker accessed a highly secure system in his data center and applied high-voltage electricity to it in an effort to compromise the cryptographic keys that it uses. What type of attack does he suspect?

A. Implementation attack
B. Fault injection
C. Timing
D. Chosen ciphertext

A

B. Fault injection attacks compromise the integrity of a cryptographic device by causing some type of external fault, such as the application of high-voltage electricity. Implementation attacks rely on flaws in the cryptographic algorithm. Timing attacks measure the length of time consumed by encryption operations. Chosen ciphertext attacks require access to the algorithm and work by having the attacker perform encryption that results in an expected ciphertext.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Brandon is analyzing network traffic and is searching for user attempts to access websites over secure TLS connections. What TCP port should Brandon add to his search filter because it would normally be used by this traffic?

A. 22
B. 80
C. 443
D. 1443

A

C. HTTPS uses TCP port 443 for encrypted client/server communications over TLS. Port 22 is used by the secure shell (SSH) protocol. Port 80 is used by the unencrypted HTTP protocol. Port 1433 is used for Microsoft SQL Server database connections.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Beth is assessing the vulnerability of a cryptographic system to attack. She believes that the cryptographic keys are properly secured and that the system is using a modern, secure algorithm. Which one of the following attacks would most likely still be possible against the system by an external attacker who did not participate in the system and did not have physical access to the facility?

A. Ciphertext only
B. Known plaintext
C. Chosen plaintext
D. Fault injection

A

A. An attacker without any special access to the system would only be able to perform ciphertext-only attacks. Known plaintext and chosen plaintext attacks require the ability to encrypt data. Fault injection attacks require physical access to the facility.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Which of the following tools can be used to improve the effectiveness of a brute-force password cracking attack?

A. Rainbow tables
B. Hierarchical screening
C. TKIP
D. Random enhancement

A

A. Rainbow tables contain precomputed hash values for commonly used passwords and may be used to increase the efficiency of password-cracking attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Chris is searching a Windows system for binary key files and wishes to narrow his search using file extensions. Which one of the following certificate formats is closely associated with Windows binary certificate files?

A. CCM
B. PEM
C. PFX
D. P7B

A

C. The PFX format is most closely associated with Windows systems that store certificates in binary format, whereas the P7B format is used for Windows systems storing files in text format. The PEM format is another text format, and the CCM format does not exist.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What is the major disadvantage of using certificate revocation lists?

A. Key management
B. Latency
C. Record keeping
D. Vulnerability to brute-force attacks

A

B. Certificate revocation lists (CRLs) introduce an inherent latency to the certificate expiration process due to the time lag between CRL distributions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Which one of the following encryption algorithms is now considered insecure?

A. ElGamal
B. RSA
C. Elliptic Curve Cryptography
D. Merkle–Hellman Knapsack

A

D. The Merkle–Hellman Knapsack algorithm, which relies on the difficulty of factoring super-increasing sets, has been broken by cryptanalysts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Brian is upgrading a system to support SSH2 rather than SSH1. Which one of the following advantages will he achieve?

A. Support for multifactor authentication
B. Support for simultaneous sessions
C. Support for 3DES encryption
D. Support for IDEA encryption

A

B. SSH2 adds support for simultaneous shell sessions over a single SSH connection. Both SSH1 and SSH2 are capable of supporting multifactor authentication. SSH2 actually drops support for the IDEA algorithm, whereas both SSH1 and SSH2 support 3DES.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

You have been working on crafting a new expansion service to link to the existing computing hardware of a core business function. However, after weeks of research and experimentation, you are unable to get the systems to communicate. The CTO informs you that the computing hardware you are focusing on is a closed system. What is a closed system?

A. A system designed around final, or closed, standards
B. A system that includes industry standards
C. A proprietary system that uses unpublished protocols
D. Any machine that does not run Windows

A

C. A closed system is one that uses largely proprietary or unpublished protocols and standards. Options A and D do not describe any particular systems, and option B describes an open system.

42
Q

A compromise of a newly installed Wi-Fi connected baby monitor enabled a hacker to virtually invade a home and play scary sounds to a startled toddler. How was the attacker able to gain access to the baby monitor in this situation?

A. Outdated malware scanners
B. A WAP supporting 5 GHz channels
C. Performing a social engineering attack against the parents
D. Exploiting default configuration

A

D. The most likely reason the attacker was able to gain access to the baby monitor was through exploitation of default configuration. Since there is no mention of the exact means used by the attacker in the question, and there is no discussion of any actions of installation, configuration, or security implementation, the only remaining option is to consider the defaults of the device. This is an unfortunately common issue with any device, but especially with IoT equipment connected to Wi-Fi networks. Unless malware was used in the attack, a malware scanner would not be relevant to this situation. This scenario did not mention malware. This type of attack is possible over any network type and all Wi-Fi frequency options. This scenario did not discuss frequencies or network types. There was no mention of any interaction with the parents, which was not required with a device using its default configuration.

43
Q

While working against a deadline, you are frantically trying to finish a report on the current state of security of the organization. You are pulling records and data items from over a dozen sources, including a locally hosted database, several documents, a few spreadsheets, and numerous web pages from an internal server. However, as you start to open another file from your hard drive, the system crashes and displays the Windows Blue Screen of Death. This event is formally known as a stop error and is an example of a(n) _______ approach to software failure.

A. Fail-open
B. Fail-secure
C. Limit check
D. Object-oriented

A

B. The Blue Screen of Death (BSoD) stops all processing when a critical failure occurs in Windows. This is an example of a fail-secure approach. The BSoD is not an example of a fail-open approach; a fail-open event would have required the system to continue to operate in spite of the error. A fail-open result would have protected availability, but typically by sacrificing confidentiality and integrity protections. This is not an example of a limit check, which is the verification that input is within a preset range or domain. Object-oriented is a type of programming approach, not a means of handling software failure.

44
Q

As a software designer, you want to limit the actions of the program you are developing. You have considered using bounds and isolation but are not sure they perform the functions you need. Then you realize that the limitation you want can be achieved using confinement. Which best describes a confined or constrained process?

A. A process that can run only for a limited time
B. A process that can run only during certain times of the day
C. A process that can access only certain memory locations
D. A process that controls access to an object

A

C. A constrained process is one that can access only certain memory locations. Allowing a process to run for a limited time is a time limit or timeout restriction, not a confinement. Allowing a process to run only during certain times of the day is a scheduling limit, not a confinement. A process that controls access to an object is authorization, not confinement.

45
Q

When a trusted subject violates the star property of Bell–LaPadula in order to write an object into a lower level, what valid operation could be taking place?

A. Perturbation
B. Noninterference
C. Aggregation
D. Declassification

A

D. Declassification is the process of moving an object into a lower level of classification once it is determined that it no longer justifies being placed at a higher level. Only a trusted subject can perform declassification because this action is a violation of the verbiage of the star property of Bell–LaPadula, but not the spirit or intent, which is to prevent unauthorized disclosure. Perturbation is the use of false or misleading data in a database management system in order to redirect or thwart information confidentiality attacks. Noninterference is the concept of limiting the actions of a subject at a higher security level so that they do not affect the system state or the actions of a subject at a lower security level. If noninterference was being enforced, the writing of a file to a lower level would be prohibited, not allowed and supported. Aggregation is the act of collecting multiple pieces of nonsensitive or low-value information and combining it or aggregating it to learn sensitive or high-value information.

46
Q

What security method, mechanism, or model reveals a capabilities list of a subject across multiple objects?

A. Separation of duties
B. Access control matrix
C. Biba
D. Clark–Wilson

A

B. An access control matrix assembles ACLs from multiple objects into a single table. The rows of that table are the ACEs of a subject across those objects, thus a capabilities list. Separation of duties is the division of administrative tasks into compartments or silos; it is effectively the application of the principle of least privilege to administrators. Biba is a security model that focuses on integrity protection across security levels. Clark–Wilson is a security model that protects integrity using an access control triplet.

47
Q

What security model has a feature that in theory has one name or label but, when implemented into a solution, takes on the name or label of the security kernel?

A. Graham–Denning model
B. Harrison–Ruzzo–Ullman (HRU) model
C. Trusted computing base
D. Brewer and Nash model

A

C. The trusted computing base (TCB) has a component known as the reference monitor in theory, which becomes the security kernel in implementation. The other options do not have this feature. The Graham–Denning model is focused on the secure creation and deletion of both subjects and objects. The Harrison–Ruzzo–Ullman (HRU) model focuses on the assignment of object access rights to subjects as well as the integrity (or resilience) of those assigned rights. The Brewer and Nash model was created to permit access controls to change dynamically based on a user’s previous activity.

48
Q

The Clark–Wilson model uses a multifaceted approach to enforcing data integrity. Instead of defining a formal state machine, the Clark–Wilson model defines each data item and allowable data transformations. Which of the following is not part of the access control relationship of the Clark–Wilson model?

A. Object
B. Interface
C. Input sanitization
D. Subject

A

C. The three parts of the Clark–Wilson model’s access control relationship (aka access triple) are subject, object, and program (or interface). Input sanitization is not an element of the Clark–Wilson model.

49
Q

While researching security models to base your new computer design around, you discover the concept of the TCB. What is a trusted computing base (TCB)?

A. Hosts on your network that support secure transmissions
B. The operating system kernel, other OS components, and device drivers
C. The combination of hardware, software, and controls that work together to enforce a security policy
D. The predetermined set or domain (i.e., a list) of objects that a subject can access

A

C. The TCB is the combination of hardware, software, and controls that work together to enforce a security policy. The other options are incorrect. Hosts on a network that support secure transmissions may be able to support VPN connections, use TLS encryption, or implement some other form of data-in-transit protection mechanism. The operating system kernel, other OS components, and device drivers are located in Rings 0–2 of the protection rings concept, or in the Kernel Mode ring in the variation used by Microsoft Windows (see Chapter 9). The predetermined set or domain (i.e., a list) of objects that a subject can access is the Goguen–Meseguer model.

50
Q

What is a security perimeter? (Choose all that apply.)

A. The boundary of the physically secure area surrounding your system
B. The imaginary boundary that separates the TCB from the rest of the system
C. The network where your firewall resides
D. Any connections to your computer system

A

A, B. Although the most correct answer in the context of this chapter is option B, the imaginary boundary that separates the TCB from the rest of the system, option A, the boundary of the physically secure area surrounding your system, is also a correct answer in the context of physical security. The network where your firewall resides is not a unique concept or term, since a firewall can exist in any network as either a hardware device or a software service. A border firewall could be considered a security perimeter protection device, but that was not a provided option. Any connections to your computer system are just pathways of communication to a system’s interface—they are not labeled as a security perimeter.

51
Q

The trusted computing base (TCB) is a combination of hardware, software, and controls that work together to form a trusted base to enforce your security policy. What part of the TCB concept validates access to every resource prior to granting the requested access?

A. TCB partition
B. Trusted library
C. Reference monitor
D. Security kernel

A

C. The reference monitor validates access to every resource prior to granting the requested access. The other options are incorrect. Option D, the security kernel, is the collection of TCB components that work together to implement the reference monitor functions. In other words, the security kernel is the implementation of the reference monitor concept. Option A, a TCB partition, and option B, a trusted library, are not valid TCB concept components.

52
Q

A security model provides a way for designers to map abstract statements into a solution that prescribes the algorithms and data structures necessary to build hardware and software. Thus, a security model gives software designers something against which to measure their design and implementation. Which of the following is the best definition of a security model?

A. A security model states policies an organization must follow.
B. A security model provides a framework to implement a security policy.
C. A security model is a technical evaluation of each part of a computer system to assess its concordance with security standards.
D. A security model is used to host one or more operating systems within the memory of a single host computer or to run applications that are not compatible with the host OS.

A

B. Option B is the only option that correctly defines a security model. The other options are incorrect. Option A is a definition of a security policy. Option C is a formal evaluation of the security of a system. Option D is the definition of virtualization.

53
Q

The state machine model describes a system that is always secure no matter what state it is in. A secure state machine model system always boots into a secure state, maintains a secure state across all transitions, and allows subjects to access resources only in a secure manner compliant with the security policy. Which security models are built on a state machine model?

A. Bell–LaPadula and take-grant
B. Biba and Clark–Wilson
C. Clark–Wilson and Bell–LaPadula
D. Bell–LaPadula and Biba

A

D. The Bell–LaPadula and Biba models are built on the state machine model. Take-Grant and Clark–Wilson are not directly based or built on the state machine model.

54
Q

You are tasked with designing the core security concept for a new government computing system. The details of its use are classified, but it will need to protect confidentiality across multiple classification levels. Which security model addresses data confidentiality in this context?

A. Bell–LaPadula
B. Biba
C. Clark–Wilson
D. Brewer and Nash

A

A. Only the Bell–LaPadula model addresses data confidentiality. The Biba and Clark–Wilson models address data integrity. The Brewer and Nash model prevents conflicts of interest.

55
Q

The Bell–LaPadula multilevel security model was derived from the DoD’s multilevel security policies. The multilevel security policy states that a subject with any level of clearance can access resources at or below its clearance level. Which Bell–LaPadula property keeps lower-level subjects from accessing objects with a higher security level?

A. (Star) security property
B. No write-up property
C. No read-up property
D. No read-down property

A

C. The no read-up property, also called the simple security property, prohibits subjects from reading a higher security level object. The other options are incorrect. Option A, the (star) security property of Bell–LaPadula, is no write-down. Option B, no write-up, is the (star) property of Biba. Option D, no read-down, is the simple property of Biba.

56
Q

The Biba model was designed after the Bell–LaPadula model. Whereas the Bell–LaPadula model addresses confidentiality, the Biba model addresses integrity. The Biba model is also built on a state machine concept, is based on information flow, and is a multilevel model. What is the implied meaning of the simple property of Biba?

A. Write-down
B. Read-up
C. No write-up
D. No read-down

A

B. The simple property of Biba is no read-down, but the implied allowed opposite is read-up. The other options are incorrect. Option A, write-down, is the implied opposite allow of the (star) property of Biba, which is no write-up. Option C, no write-up, is the (star) property of Biba. Option D, no read-down, is the simple property of Biba.

57
Q

The Common Criteria defines various levels of testing and confirmation of systems’ security capabilities, and the number of the level indicates what kind of testing and confirmation has been performed. What part of the Common Criteria specifies the claims of security from the vendor that are built into a target of evaluation?

A. Protection profiles
B. Evaluation Assurance Levels
C. Authorizing Official
D. Security target

A

D. Security targets (STs) specify the claims of security from the vendor that are built into a target of evaluation (TOE). STs are considered the implemented security measures or the “I will provide” from the vendor. The other options are incorrect. Option A, protection profiles (PPs), specify for a product that is to be evaluated (the TOE) the security requirements and protections, which are considered the security desires or the “I want” from a customer. Option B, Evaluation Assurance Levels (EALs), are the various levels of testing and confirmation of systems’ security capabilities, and the number of the level indicates what kind of testing and confirmation has been performed. Option C, an Authorizing Official (AO), is the entity with the authority to issue an Authorization to Operate (ATO).

58
Q

The Authorizing Official (AO) has the discretion to determine which breaches or security changes result in a loss of Authorization to Operate (ATO). The AO can also issue four types of authorization decisions. Which of the following are examples of these ATOs? (Choose all that apply.)

A. Common control authorization
B. Mutual authorization
C. Denial of authorization
D. Authorization to transfer
E. Authorization to use
F. Verified authorization

A

A, C, E. The four types of ATOs are authorization to operate (not listed as an option), common control authorization, authorization to use, and denial of authorization. The other options are incorrect.

59
Q

A new operating system update has made significant changes to the prior system. While testing, you discover that the system is highly unstable, allows for integrity violations between applications, can be affected easily by local denial-of-service attacks, and allows for information disclosure between processes. You suspect that a key security mechanism has been disabled or broken by the update. What is a likely cause of these problems?

A. Use of virtualization
B. Lack of memory protections
C. Not following the Goguen–Meseguer model
D. Support for storage and transmission encryption

A

B. Memory protection is a core security component that must be designed and implemented into an operating system. It must be enforced regardless of the programs executing in the system. Otherwise, instability, violation of integrity, denial of service, and disclosure are likely results. The other options are incorrect. Option A, the use of virtualization, would not cause all of those security issues. Option C, the Goguen–Meseguer model, is based on predetermining the set or domain (i.e., a list) of objects that a subject can access. Option D, the use of encryption, is a protection, not a cause of these security issues.

60
Q

As an application designer, you need to implement various security mechanisms to protect the data that will be accessed and processed by your software. What would be the purpose of implementing a constrained or restricted interface?

A. To limit the actions of authorized and unauthorized users
B. To enforce identity verification
C. To track user events and check for violations
D. To swap datasets between primary and secondary memory

A

A. A constrained or restricted interface is implemented within an application to restrict what users can do or see based on their privileges. The purpose of a constrained interface is to limit or restrict the actions of both authorized and unauthorized users. The other options are incorrect. Option B describes authentication. Option C describes auditing and accounting. Option D describes virtual memory.

61
Q

While designing the security for the organization, you realize the importance of not only balancing the objectives of the organization against security goals but also focusing on the shared responsibility of security. Which of the following is considered an element of shared responsibility? (Choose all that apply.)

A. Everyone in an organization has some level of security responsibility.
B. Always consider the threat to both tangible and intangible assets.
C. Organizations are responsible to their stakeholders for making good security decisions in order to sustain the organization.
D. When working with third parties, especially with cloud providers, each entity needs to understand their portion of the shared responsibility of performing work operations and maintaining security.
E. Multiple layers of security are required to protect against adversary attempts to gain access to internal sensitive resources.
F. As we become aware of new vulnerabilities and threats, we should consider it our responsibility (if not our duty) to responsibly disclose that information to the proper vendor or to an information sharing center.

A

A, C, D, F. The statements in options A, C, D, and F are all valid elements or considerations of shared responsibility. The other options are incorrect. Always consider the threat to both tangible and intangible assets as a tenet of risk management and BIA. Multiple layers of security are required to protect against adversary attempts to gain access to internal sensitive resources and is a general principle of security known as defense in depth.

62
Q

Many PC OSs provide functionality that enables them to support the simultaneous execution of multiple applications on single-processor systems. What term is used to describe this capability?

A. Multistate
B. Multithreading
C. Multitasking
D. Multiprocessing

A

C. Multitasking is processing more than one task at the same time. In most cases, multitasking is simulated by the OS (using multiprogramming or pseudo-simultaneous execution) even when not supported by the processor. Multicore (not listed as an option) is also able to perform simultaneous execution but does so with multiple execution cores on one or more CPUs. Multistate is a type of system that can operate at various security levels (or classifications, risk levels, etc.). Multithreading permits multiple concurrent tasks (i.e., threads) to be performed within a single process. In a multiprocessing environment, a multiprocessor computing system (that is, one with more than one CPU) harnesses the power of more than one processor to complete the execution of a multithreaded application.

63
Q

Based on recent articles about the risk of mobile code and web apps, you want to adjust the security configurations of organizational endpoint devices to minimize the exposure. On a modern Windows system with the latest version of Microsoft’s browser and all others disabled or blocked, which of the following is of the highest concern?

A. Java
B. Flash
C. JavaScript
D. ActiveX

A

C. JavaScript remains the one mobile code technology that may affect the security of modern browsers and their host OSs. Java is deprecated for general internet use and browsers do not have native support for Java. A Java add-on is still available to install, but it is not preinstalled, and general security guidance recommends avoiding it on any internet-facing browser. Flash is deprecated; no modern browser supports it natively. Adobe has abandoned it, and most browsers actively block the add-on. ActiveX is also deprecated, and though it was always only a Microsoft Windows technology, it was only supported by Internet Explorer, not Edge (either in its original form or the more recent Chromium-based version). Although Internet Explorer is still present on modern Windows 10, this scenario stated that all other browsers were disabled or blocked. Thus, this scenario is limited to the latest Edge browser.

64
Q

Your organization is considering deploying a publicly available screen saver to use spare system resources to process sensitive company data. What is a common security risk when using grid computing solutions that consume available resources from computers over the internet?

A. Loss of data privacy
B. Latency of communication
C. Duplicate work
D. Capacity fluctuation

A

A. In many grid computing implementations, grid members can access the contents of the distributed work segments or divisions. This grid computing over the internet is not usually the best platform for sensitive operations. Grid computing is able to handle and compensate for latency of communications, duplicate work, and capacity fluctuation.

65
Q

Your company is evaluating several cloud providers to determine which is the best fit to host your custom services as a custom application solution. There are many aspects of security controls you need to evaluate, but the primary issues include being able to process significant amounts of data in short periods of time, controlling which applications can access which assets, and being able to prohibit VM sprawl or repetition of operations. Which of the following is not relevant to this selection process?

A. Collections of entities, typically users, but can also be applications and devices, which can be granted or denied access to perform specific tasks or access certain resources or assets
B. A VDI or VMI instance that serves as a virtual endpoint for accessing cloud assets and services
C. The ability of a cloud process to use or consume more resources (such as compute, memory, storage, or networking) when needed
D. A management or security mechanism able to monitor and differentiate between numerous instances of the same VM, service, app, or resource

A

B. Option B references a VDI or VMI instance that serves as a virtual endpoint for accessing cloud assets and services, but this concept is not specifically relevant to or a requirement of this scenario. The remaining items are relevant to the selection process in this scenario. These are all compute security–related concepts. Option A, security groups, are collections of entities, typically users, but can also be applications and devices, which can be granted or denied access to perform specific tasks or access certain resources or assets. This supports the requirement of controlling which applications can access which assets. Option C, dynamic resource allocation (aka elasticity), is the ability of a cloud process to use or consume more resources (such as compute, memory, storage, or networking) when needed. This supports the requirement of processing significant amounts of data in short periods of time. Option D is a management or security mechanism, which is able to monitor and differentiate between numerous instances of the same VM, service, app, or resource. This supports the requirement of prohibiting VM sprawl or repetition of operations.

66
Q

A large city’s central utility company has seen a dramatic increase in the number of distribution nodes failing or going offline. An APT group was attempting to take over control of the utility company and was responsible for the system failures. Which of the following systems has the attacker compromised?

A. MFP
B. RTOS
C. SoC
D. SCADA

A

D. A large utility company is very likely to be using supervisory control and data acquisition (SCADA) to manage and operate their equipment; therefore, that is the system that the APT group would have compromised. A multifunction printer (MFP) is not likely to be the attack point that granted the APT group access to the utility distribution nodes. A real-time OS (RTOS) may have been present on some of the utility company’s systems, but that is not the obvious target for an attack to take over control of an entire utility service. There may be system on chip (SoC) equipment present at the utility, but that would still be controlled and accessed through the SCADA system at a utility company.

67
Q

Your organization is concerned about information leaks due to workers taking home retired equipment. Which one of the following types of memory might retain information after being removed from a computer and therefore represents a security risk?

A. Static RAM
B. Dynamic RAM
C. Secondary memory
D. Real memory

A

C. Secondary memory is a term used to describe magnetic, optical, or flash media (i.e., typical storage devices like HDD, SSD, CD, DVD, and thumb drives). These devices will retain their contents after being removed from the computer and may later be read by another user. Static RAM and dynamic RAM are types of real memory and thus are all the same concept in relation to being volatile—meaning they lose any data they were holding when power is lost or cycled. Static RAM is faster and more costly, and dynamic RAM requires regular refreshing of the stored contents. Take notice in this question that three of the options were effectively synonyms (at least from the perspective of volatile versus nonvolatile storage). If you notice synonyms among answer options, realize that none of the synonyms can be a correct answer for single-answer multiple-choice questions.

68
Q

Your organization is considering the deployment of a DCE to support a massively multiplayer online role-playing game (MMORPG) based on the characters of a popular movie franchise. What is the primary concern of a DCE that could allow for propagation of malware or making adversarial pivoting and lateral movement easy?

A. Unauthorized user access
B. Identity spoofing
C. Interconnectedness of the components
D. Poor authentication

A

C. The primary security concern of a distributed computing environment (DCE) is the interconnectedness of the components. This configuration could allow for error or malware propagation as well. If an adversary compromises one component, it may grant them the ability to compromise other components in the collective through pivoting and lateral movement. The other options are incorrect. Unauthorized user access, identity spoofing, and poor authentication are potential weaknesses of most systems; they are not unique to DCE solutions. However, these issues can be directly addressed through proper design, coding, and testing. However, the interconnectedness of components is a native characteristic of DCE that cannot be removed without discarding the DCE design concept itself.

69
Q

Your boss wants to automate the control of the building’s HVAC system and lighting in order to reduce costs. He instructs you to keep costs low and use off-the-shelf IoT equipment. When you are using IoT equipment in a private environment, what is the best way to reduce risk?

A. Use public IP addresses
B. Power off devices when not in use
C. Keep devices current on updates
D. Block access from the IoT devices to the internet

A

C. The best means to reduce IoT risk from these options is to keep devices current on updates. Using public IP addresses will expose the IoT devices to attack from the internet. Powering off devices is not a useful defense—the benefit of IoT is that they are always running and ready to be used or take action when triggered or scheduled. Blocking access to the internet will prevent the IoT devices from obtaining updates themselves, may prevent them from being controlled through a mobile device app, and will prevent communication with any associated cloud service.

70
Q

Service-oriented architecture (SOA) constructs new applications or functions out of existing but separate and distinct software services. The resulting application is often new; thus, its security issues are unknown, untested, and unprotected. Which of the following is a direct extension of SOA that creates single-use functions that can be employed via an API by other software?

A. Cyber-physical systems
B. Fog computing
C. DCS
D. Microservices

A

D. Microservices are an emerging feature of web-based solutions and are derivative of service-oriented architecture (SOA). A microservice is simply one element, feature, capability, business logic, or function of a web application that can be called upon or used by other web applications. It is the conversion or transformation of a capability of one web application into a microservice that can be called upon by numerous other web applications. The relationship to an application programming interface (API) is that each microservice must have a clearly defined (and secured!) API to allow for I/O between multi-microservices as well as to and from other applications. The other options are incorrect since they are not derivatives of SOA. Cyber-physical systems are devices that offer a computational means to control something in the physical world. Fog computing relies on sensors, IoT devices, or even edge computing devices to collect data and then transfer it back to a central location for processing. Distributed control systems (DCSs) are typically found in industrial process plants where the need to gather data and implement control over a large-scale environment from a single location is essential.

71
Q

A new local VDI has been deployed in the organization. There have been numerous breaches of security due to issues on typical desktop workstations and laptop computers used as endpoints. Many of these issues stemmed from users installing unapproved software or altering the configuration of essential security tools. In an effort to avoid security compromises originating from endpoints in the future, all endpoint devices are now used exclusively as dumb terminals. Thus, no local data storage or application execution is performed on endpoints. Within the VDI, each worker has been assigned a VM containing all of their business necessary software and datasets. These VMs are configured to block the installation and execution of new software code, data files cannot be exported to the actual endpoints, and each time a worker logs out, the used VM is discarded and a clean version copied from a static snapshot replaces it. What type of system has now been deployed for the workers to use?

A. Cloud services
B. Nonpersistent
C. Thin clients
D. Fog computing

A

B. This scenario describes the systems as being nonpersistent. A nonpersistent system or static system is a computer system that does not allow, support, or retain changes. Thus, between uses and/or reboots, the operating environment and installed software are exactly the same. Changes may be blocked or simply discarded after each system use. A nonpersistent system is able to maintain its configuration and security in spite of user attempts to implement change. This scenario is not describing a cloud solution, although a virtual desktop interface (VDI) could be implemented on premises or in the cloud. This scenario is not describing thin clients, since the existing “standard” PC endpoints are still in use but a VDI is being used instead of the local system capabilities. A VDI deployment simulates a thin client. This scenario is not describing fog computing. Fog computing relies on sensors, IoT devices, or even edge computing devices to collect data and then transfer it back to a central location for processing.

72
Q

A review of your company’s virtualization of operations determines that the hardware resources supporting the VMs are nearly fully consumed. The auditor asks for the plan and layout of VM systems but is told that no such plan exists. This reveals that the company is suffering from what issue?

A. Use of EOSL systems
B. VM sprawl
C. Poor cryptography
D. VM escaping

A

B. The issue in this situation is VM sprawl. Sprawl occurs when organizations fail to plan their IT/IS needs and just deploy new systems, software, and VMs whenever their production needs demand it. This often results in obtaining underpowered equipment that is then overtaxed by inefficient implementations of software and VMs. This situation is not specifically related to end-of-service life (EOSL) systems, but EOSL systems would exacerbate the sprawl issue. This situation is not related to poor cryptography, nor is there any evidence of VM escaping issues.

73
Q

A company server is currently operating at near maximum resource capacity, hosting just seven virtual machines. Management has instructed you to deploy six new applications onto additional VMs without purchasing new hardware since the IT/IS budget is exhausted. How can this be accomplished?

A. Data sovereignty
B. Infrastructure as code
C. Containerization
D. Serverless architecture

A

C. Containerization is based on the concept of eliminating the duplication of OS elements in a virtual machine. Instead, each application is placed into a container that includes only the actual resources needed to support the enclosed application, and the common or shared OS elements are then part of the hypervisor. The system as a whole could be redeployed using a containerization solution, and each of the applications previously present in the original seven VMs could be placed into containers, as well as the six new applications. This should result in all 13 applications being able to operate reasonably well without the need for new hardware. Data sovereignty is the concept that, once information has been converted into a binary form and stored as digital files, it is subject to the laws of the country within which the storage device resides. Infrastructure as code (IaC) is a change in how hardware management is perceived and handled. Instead of seeing hardware configuration as a manual, direct hands-on, one-on-one administration hassle, it is viewed as just another collection of elements to be managed in the same way that software and code are managed under DevSecOps (security, development, and operations). Serverless architecture is a cloud computing concept where code is managed by the customer, and the platform (i.e., supporting hardware and software) or server is managed by the CSP. This is not a solution that will work in this scenario; if management does not want to purchase additional hardware, they probably won’t approve a monthly CSP subscription, either.

74
Q

____________ is a cloud computing concept where code is managed by the customer and the platform (i.e., supporting hardware and software) or server is managed by the cloud service provider (CSP). There is always a physical server running the code, but this execution model allows the software designer/architect/programmer/developer to focus on the logic of their code and not have to be concerned about the parameters or limitations of a specific server.

A. Microservices
B. Serverless architecture
C. Infrastructure as code
D. Distributed systems

A

B. Serverless architecture is a cloud computing concept where code is managed by the customer and the platform (i.e., supporting hardware and software) or server is managed by the cloud service provider (CSP). There is always a physical server running the code, but this execution model allows the software designer/architect/programmer/developer to focus on the logic of their code and not have to be concerned about the parameters or limitations of a specific server. This is also known as function as a service (FaaS). A microservice is simply one element, feature, capability, business logic, or function of a web application that can be called on or used by other web applications. Infrastructure as code (IaC) is a change in how hardware management is perceived and handled. Instead of seeing hardware configuration as a manual, direct hands-on, one-on-one administration hassle, it is viewed as just another collection of elements to be managed in the same way that software and code are managed under DevSecOps (development, security, and operations). A distributed system or a distributed computing environment (DCE) is a collection of individual systems that work together to support a resource or provide a service. Often a DCE is perceived by users as a single entity rather than numerous individual servers or components.

75
Q

You have been tasked with designing and implementing a new security policy to address the new threats introduced by the recently installed embedded systems. What is a security risk of an embedded system that is not commonly found in a standard PC?

A. Software flaws
B. Access to the internet
C. Control of a mechanism in the physical world
D. Power loss

A

C. Because an embedded system is often in control of a mechanism in the physical world, a security breach could cause harm to people and property (aka cyber-physical). This typically is not true of a standard PC. Power loss, internet access, and software flaws are security risks of both embedded systems and standard PCs.

76
Q

A company is developing a new product to perform simple automated tasks related to indoor gardening. The device will be able to turn lights on and off and control a pump to transfer water. The technology to perform these automated tasks needs to be small and inexpensive. It only needs minimal computational capabilities, does not need networking, and should be able to execute C++ commands natively without the need of an OS. The organization thinks that using an embedded system or a microcontroller may be able to provide the functionality necessary for the product. Which of the following is the best choice to use for this new product?

A. Arduino
B. RTOS
C. Raspberry Pi
D. FPGA

A

A. Arduino is an open source hardware and software organization that creates single-board 8-bit microcontrollers for building digital devices. An Arduino device has limited RAM, a single USB port, and I/O pins for controlling additional electronics (such as servo motors or LED lights), and does not include an OS or support networking. Instead, Arduino can execute C++ programs specifically written to its limited instruction set. Raspberry Pi is a popular example of a 64-bit microcontroller or a single-board computer, which includes its own custom OS, although many third-party OS alternatives are available. A Raspberry Pi, another microcontroller option, has significantly more processing power than Arduino, is not limited to executing C++ programs, supports networking, and is more expensive than Arduino. Thus, a Raspberry Pi is not the best option for this scenario. A real-time operating system (RTOS) is designed to process or handle data as it arrives on the system with minimal latency or delay. RTOS is a software OS that is usually stored and executed from ROM and thus may be part of an embedded solution or hosted on a microcontroller. An RTOS is designed for mission-critical operations where delay must be eliminated or minimized for safety. Thus, RTOS is not the best option for this scenario since it is about managing a garden, which does not need real-time mission-critical operations. A field-programmable gate array (FPGA) is a flexible computing device intended to be programmed by the end user or customer. FPGAs are often used as embedded devices in a wide range of products, including industrial control systems (ICSs). FPGAs can be challenging to program and are often more expensive than other more limited solutions. Thus, FPGA is not the best fit for this scenario.

77
Q

You are developing a new product that is intended to process data in order to trigger real-world adjustments with minimal latency or delay. The current plan is to embed the code into a ROM chip in order to optimize for mission-critical operations. What type of solution is most appropriate for this scenario?

A. Containerized application
B. An Arduino
C. DCS
D. RTOS

A

D. This scenario is describing a product that requires a real-time operating system (RTOS) solution, since it mentions the need to minimize latency and delay, storing code in ROM, and optimizing for mission-critical operations. A containerized application is not a good fit for this situation because it may not be able to operate in near real time due to the virtualization infrastructure, and containerized apps are typically stored as files on the contain host rather than a ROM chip. An Arduino is a type of microcontroller, but not typically robust enough to be considered a near-real-time mechanism; it stores code on a flash chip, has a limited C++ based instruction set, and is not suited for mission-critical operations. A distributed control system (DCS) can be used to manage small-scale industrial processes, but it is not designed as a near-real-time solution. DCSs are not stored in ROM, but they may be used to manage mission-critical operations.

78
Q

A major online data service wants to provide better response and access times for its users and visitors. They plan on deploying thousands of mini-web servers to ISPs across the nation. These mini-servers will host the few dozen main pages of their website so that users will be routed to the logically and geographically closest server for optimal performance and minimal latency. Only if a user requests data not on these mini-servers will they be connecting to the centralized main web cluster hosted at the company’s headquarters. What is this type of deployment commonly known as?

A. Edge computing
B. Fog computing
C. Thin clients
D. Infrastructure as code

A

A. This scenario is an example of edge computing. In edge computing, the intelligence and processing is contained within each device. Thus, rather than having to send data off to a master processing entity, each device can process its own data locally. The architecture of edge computing performs computations closer to the data source, which is at or near the edge of the network. Fog computing relies on sensors, IoT devices, or even edge computing devices to collect data and then transfer it back to a central location for processing. A thin client is a computer with low to modest capability or a virtual interface that is used to remotely access and control a mainframe, virtual machine, or virtual desktop infrastructure (VDI). Infrastructure as code (IaC) is a change in how hardware management is perceived and handled. Instead of seeing hardware configuration as a manual, direct hands-on, one-on-one administration hassle, it is viewed as just another collection of elements to be managed in the same way that software and code are managed under DevOps.

79
Q

You are working on improving your organization’s policy on mobile equipment. Because of several recent and embarrassing breaches, the company wants to increase security through technology as well as user behavior and activities. What is the most effective means of reducing the risk of losing the data on a mobile device, such as a laptop computer?

A. Defining a strong logon password
B. Minimizing sensitive data stored on the mobile device
C. Using a cable lock
D. Encrypting the hard drive

A

B. The risk of a lost or stolen laptop is the data loss, not the loss of the system itself, but the value of the data on the system, whether business related or personal. Thus, keeping minimal sensitive data on the system is the only way to reduce the risk. Hard drive encryption, cable locks, and strong passwords, although good ideas, are preventive tools, not means of reducing risk. They don’t keep intentional and malicious data compromise from occurring; instead, they encourage honest people to stay honest. Hard drive encryption can be bypassed using the cold boot attack or by taking advantage of an encryption service flaw or configuration mistake. Cable locks can be cut or ripped out of the chassis. Strong passwords do not prevent the theft of a device, and password cracking and/or credential stuffing may be able to overcome the protection. If not, the drive could be extracted and connected to another system to access files directly, even with the native OS running.

80
Q

The CISO has asked you to propose an update to the company’s mobile device security strategy. The main concerns are the intermingling of personal information with business data and complexities of assigning responsibility over device security, management, updates, and repairs. Which of the following would be the best option to address these issues?

A. Bring your own device (BYOD)
B. Corporate-owned personally enabled (COPE)
C. Choose your own device (CYOD)
D. Corporate-owned

A

D. The best option in this scenario is corporate-owned. A corporate-owned mobile strategy is when the company purchases mobile devices that can support compliance with the security policy. These devices are to be used exclusively for company purposes, and users should not perform any personal tasks on them. This option often requires workers to carry a second device for personal use. Corporate-owned clearly assigns responsibility for device oversight to the organization. The other three options still allow for comingling of data and have unclear or vague security responsibility assignments as a concept or policy basis. BYOD is a policy that allows employees to bring their own personal mobile devices to work and use those devices to connect to business resources and/or the internet through the company network. The concept of corporate-owned, personally enabled (COPE) means the organization purchases devices and provides them to employees. Each user is then able to customize the device and use it for both work activities and personal activities. The concept of choose your own device (CYOD) provides users with a list of approved devices from which to select the device to implement.

81
Q

Your organization is planning on building a new facility to house a majority of on-site workers. The current facility has had numerous security issues, such as loitering, theft, graffiti, and even a few physical altercations between employees and nonemployees. The CEO has asked you to assist in developing the facility plan to reduce these security concerns. While researching options you discover the concepts of CPTED. Which of the following is not one of its core strategies?

A. Natural territorial reinforcement
B. Natural access control
C. Natural training and enrichment
D. Natural surveillance

A

C. Natural training and enrichment is not a core strategy of CPTED. Crime Prevention Through Environmental Design (CPTED) has three main strategies: natural access control, natural surveillance, and natural territorial reinforcement. Natural access control is the subtle guidance of those entering and leaving a building through placement of entranceways, use of fences and bollards, and placement of lights. Natural surveillance is any means to make criminals feel uneasy through the increasing of opportunities for them to be observed. Natural territorial reinforcement is the attempt to make the area feel like an inclusive, caring community.

82
Q

What method is a systematic effort to identify relationships between mission-critical applications, processes, and operations and all the necessary supporting elements when evaluating the security of a facility or designing a new facility?

A. Log file audit
B. Critical path analysis
C. Risk analysis
D. Taking inventory

A

B. Critical path analysis is a systematic effort to identify relationships between mission-critical applications, processes, and operations and all the necessary supporting elements when evaluating the security of a facility or designing a new facility. Log file audit can help detect violations to hold users accountable, but it is not a security facility design element. Risk analysis is often involved in facility design, but it is the evaluation of threats against assets in regard to rate of occurrence and levels of consequence. Taking inventory is an important part of facility and equipment management, but it is not an element in overall facility design.

83
Q

Which of the following is a true statement in regard to security cameras? (Choose all that apply.)

A. Cameras should be positioned to watch exit and entry points allowing any change in authorization or access level.
B. Cameras are not needed around valuable assets and resources as well as to provide additional protection in public areas such as parking structures and walkways.
C. Cameras should be positioned to have clear sight lines of all exterior walls, entrance and exit points, and interior hallways.
D. Security cameras should only be overt and obvious in order to provide a deterrent benefit.
E. Security cameras have a fixed area of view for recording.
F. Some camera systems include a system on a chip (SoC) or embedded components and may be able to perform various specialty functions, such as time-lapse recording, tracking, facial recognition, object detection, or infrared or color-filtered recording.
G. Motion detection or sensing cameras can always distinguish between humans and animals.

A

A, C, F. The true statements are option A, cameras should be positioned to watch exit and entry points allowing any change in authorization or access level; option C, cameras should be positioned to have clear sight lines of all exterior walls, entrance and exit points, and interior hallways; and option F, some camera systems include a system on a chip (SoC) or embedded components and may be able to perform various specialty functions, such as time-lapse recording, tracking, facial recognition, object detection, or infrared or color-filtered recording. The remaining answer options are incorrect. The corrected statements for those options are: option B: Cameras should also be used to monitor activities around valuable assets and resources as well as to provide additional protection in public areas such as parking structures and walkways; option D: Security cameras can be overt and obvious in order to provide a deterrent benefit, or hidden and concealed in order to primarily provide a detective benefit; option E: Some cameras are fixed, whereas others support remote control of automated pan, tilt, and zoom (PTZ); and option G: Simple motion recognition or motion-triggered cameras may be fooled by animals, birds, insects, weather, or foliage.

84
Q

Your organization is planning on building a new primary headquarters in a new town. You have been asked to contribute to the design process, so you have been given copies of the proposed blueprints to review. Which of the following is not a security-focused design element of a facility or site?

A. Separation of work and visitor areas
B. Restricted access to areas with higher value or importance
C. Confidential assets located in the heart or center of a facility
D. Equal access to all locations within a facility

A

D. Equal access to all locations within a facility is not a security-focused design element. Each area containing assets or resources of different importance, value, and confidentiality should have a corresponding level of security restriction placed on it. A secure facility should have a separation between work and visitor areas and should restrict access to areas with higher value or importance, and confidential assets should be located in the heart or center of a facility.

85
Q

A recent security audit of your organization’s facilities has revealed a few items that need to be addressed. A few of them are related to your main data center. But you think at least one of the findings is a false positive. Which of the following does not need to be true in order to maintain the most efficient and secure server room?

A. It must be optimized for workers.
B. It must include the use of nonwater fire suppressants.
C. The humidity must be kept between 20 and 80 percent.
D. The temperature must be kept between 59 and 89.6 degrees Fahrenheit.

A

A. A computer room does not need to be optimized for human workers to be efficient and secure. A server room would be more secure with a nonwater fire suppressant system (it would protect against damage caused by water suppressant). A server room should have humidity maintained between 20 and 80 percent relative humidity and maintain a temperature between 59 and 89.6 degrees Fahrenheit.

86
Q

A recent security policy update has restricted the use of portable storage devices when they are brought in from outside. As a compensation, a media storage management process has been implemented. Which of the following is not a typical security measure implemented in relation to a media storage facility containing reusable removable media?

A. Employing a media librarian or custodian
B. Using a check-in/check-out process
C. Hashing
D. Using sanitization tools on returned media

A

C. Hashing is not a typical security measure implemented in relation to a media storage facility containing reusable removable media. Hashing is used when it is necessary to verify the integrity of a dataset, whereas data on reusable removable media should be removed and not retained. Usually the security features for a media storage facility include using a media librarian or custodian, using a check-in/check-out process, and using sanitization tools on returned media.

87
Q

The company’s server room has been updated with raised floors and MFA door locks. You want to ensure that updated facility is able to maintain optimal operational efficiency. What is the ideal humidity range for a server room?

A. 20–40 percent
B. 20–80 percent
C. 80–89.6 percent
D. 70–95 percent

A

B. The humidity in a computer room should ideally be from 20 to 80 percent. Humidity above 80 percent can result in condensation, which causes corrosion. Humidity below 20 percent can result in increased static electricity buildup. However, this does require managing temperature properly as well. The other number ranges are not the relative humidity ranges recommended for a data center.

88
Q

You are mapping out the critical paths of network cables throughout the building. Which of the following items do you need to make sure to include and label on your master cabling map as part of crafting the cable plant management policy? (Choose all that apply.)

A. Access control vestibule
B. Entrance facility
C. Equipment room
D. Fire escapes
E. Backbone distribution system
F. Telecommunications room
G. UPSs
H. Horizontal distribution system
I. Loading dock

A

B, C, E, F, H. The primary elements of a cable plant management policy should include a mapping of the entrance facility (i.e., demarcation point), equipment room, backbone distribution system, telecommunications room, and horizontal distribution system. The other items are not elements of a cable plant. Thus, access control vestibule, fire escapes, UPSs, and the loading dock are not needed elements on a cable map.

89
Q

What is the best type of water-based fire suppression system for a computer facility?

A. Wet pipe system
B. Dry pipe system
C. Preaction system
D. Deluge system

A

C. A preaction system is the best type of water-based fire suppression system for a computer facility because it provides the opportunity to prevent the release of water in the event of a false alarm or false initial trigger. The other options of wet pipe, dry pipe, and deluge system use only a single trigger mechanism without the ability to prevent accidental water release.

90
Q

Your company has a yearly fire detection and suppression system inspection performed by the local authorities. You start up a conversation with the lead inspector and they ask you, “What is the most common cause of a false positive for a water-based fire suppression system?” So, what do you answer?

A. Water shortage
B. People
C. Ionization detectors
D. Placement of detectors in drop ceilings

A

B. The most common cause of a false positive for a water-based system is human error. If you turn off the water source after a fire and forget to turn it back on, you’ll be in trouble for the future. Also, pulling an alarm when there is no fire will trigger damaging water release throughout the office. Water shortage would be a problem, but it is not a cause for a false positive event. Ionization detectors are highly reliable, so they are usually not the cause of a false positive event. Detectors can be placed in drop ceilings in order to monitor that air space; this would only be a problem if another detector was not placed in the main area of the room. If there are only detectors in the drop ceiling, then that could result in a false negative event.

91
Q

A data center has had repeated hardware failures. An auditor notices that systems are stacked together in dense groupings with no clear organization. What should be implemented to address this issue?

A. Visitor logs
B. Industrial camouflage
C. Gas-based fire suppression
D. Hot aisles and cold aisles

A

D. The cause of the hardware failures is implied by the lack of organization of the equipment, which is heat buildup. This could be addressed by better management of temperature and airflow, which would involve implementing hot aisles and cold aisles in the data center. A data center should have few if any actual visitors (such as outsiders), but anyone entering and leaving a data center should be tracked and recorded in a log. However, whether or not a visitor log is present has little to do with system failure due to poor heat management. Industrial camouflage is not relevant here since it is about hiding the purpose of a facility from outside observers. A gas-based fire suppression system is more appropriate for a data center than a water-based system, but neither would cause heat problems due to poor system organization.

92
Q

Which of the following are benefits of a gas-based fire suppression system? (Choose all that apply.)

A. Can be deployed throughout a company facility
B. Will cause the least damage to computer systems
C. Extinguishes the fire by removing oxygen
D. May be able to extinguish the fire faster than a water discharge system

A

B, C, D. Benefits of gas-based fire suppression include causing the least damage to computer systems and extinguishing the fire quickly by removing oxygen. Also, gas-based fire suppression may be more effective and faster than a water-based system. A gas-based fire suppression system can only be used where human presence is at a minimum, since it removes oxygen from the air

93
Q

When designing physical security for an environment, it is important to focus on the functional order in which controls should be used. Which of the following is the correct order of the six common physical security control mechanisms?

A. Decide, Delay, Deny, Detect, Deter, Determine
B. Deter, Deny, Detect, Delay, Determine, Decide
C. Deny, Deter, Delay, Detect, Decide, Determine
D. Decide, Detect, Deny, Determine, Deter, Delay

A

B. The correct order of the six common physical security control mechanisms is Deter, Deny, Detect, Delay, Determine, Decide. The other options are incorrect.

94
Q
  1. Equipment failure is a common cause of a loss of availability. When deciding on strategies to maintain availability, it is often important to understand the criticality of each asset and business process as well as the organization’s capacity to weather adverse conditions. Match the term to the definition.

I. MTTF
II. MTTR
III. MTBF
IV. SLA

  1. Clearly defines the response time a vendor will provide in the event of an equipment failure emergency
  2. An estimation of the time between the first and any subsequent failures
  3. The expected typical functional lifetime of the device given a specific operating environment
  4. The average length of time required to perform a repair on the device

A. I - 1, II - 2, III - 4, IV - 3
B. I - 4, II - 3, III - 1, IV - 2
C. I - 3, II - 4, III - 2, IV - 1
D. I - 2, II - 1, III - 3, IV - 4

A

C. Mean time to failure (MTTF) is the expected typical functional lifetime of the device given a specific operating environment. Mean time to repair (MTTR) is the average length of time required to perform a repair on the device. Mean time between failures (MTBF) is an estimation of the time between the first and any subsequent failures. A service level agreement (SLA) clearly defines the response time a vendor will provide in the event of an equipment failure emergency.

95
Q

You have been placed on the facility security planning team. You’ve been tasked to create a priority list of issues to address during the initial design phase. What is the most important goal of all security solutions?

A. Prevention of disclosure
B. Maintaining integrity
C. Human safety
D. Sustaining availability

A

C. Human safety is the most important goal of all security solutions. The top priority of security should always be the protection of the lives and safety of personnel. The protection of CIA (confidentiality, integrity, and availability) of company data and other assets is the second priority after human life and safety.

96
Q

While reviewing the facility design blueprints, you notice several indications of a physical security mechanism being deployed directly into the building’s construction. Which of the following is a double set of doors that is often protected by a guard and is used to contain a subject until their identity and authentication are verified?

A. Gate
B. Turnstile
C. Access control vestibule
D. Proximity detector

A

C. An access control vestibule is a double set of doors that is often protected by a guard and used to contain a subject until their identity and authentication is verified. A gate is a doorway used to traverse through a fence line. A turnstile is an ingress or egress point that allows travel only in one direction and by one person at a time. A proximity detector determines whether a proximity device is nearby and whether the bearer is authorized to access the area being protected.

97
Q

Due to a recent building intrusion, facility security has become a top priority. You are on the proposal committee that will be making recommendations on how to improve the organization’s physical security stance. What is the most common form of perimeter security devices or mechanisms?

A. Security guards
B. Fences
C. CCTV
D. Lighting

A

D. Lighting is often claimed to be the most commonly deployed physical security mechanism. However, lighting is only a deterrent and not a strong deterrent. It should not be used as the primary or sole protection mechanism except in areas with a low threat level. Your entire site, inside and out, should be well lit. This provides for easy identification of personnel and makes it easier to notice intrusions. Security guards are not as common as lighting, but they are more flexible in terms of security benefits. Fences are not as common as lighting, but they serve as a preventive control. CCTV is not as common as lighting but serves as a detection control.

98
Q

Your organization has just landed a new contract for a major customer. This will involve increasing production operations at the primary facility, which will entail housing valuable digital and physical assets. You need to ensure that these new assets receive proper protections. Which of the following is not a disadvantage of using security guards?

A. Security guards are usually unaware of the scope of the operations within a facility.
B. Not all environments and facilities support security guards.
C. Not all security guards are themselves reliable.
D. Prescreening, bonding, and training do not guarantee effective and reliable security guards.

A

A. Security guards are usually unaware of the scope of the operations within a facility and are therefore not thoroughly equipped to know how to respond to every situation. Though this is considered a disadvantage, the lack of knowledge of the scope of the operations within a facility can also be considered an advantage because this supports confidentiality of those operations and thus helps reduce the possibility that a security guard will be involved in the disclosure of confidential information. Thus, even though this answer option is ambiguous, it is still better than the three other options. The other three options are disadvantages of security guards. Not all environments and facilities support security guards. This may be because of actual human incompatibility or the layout, design, location, and construction of the facility. Not all security guards are themselves reliable. Prescreening, bonding, and training do not guarantee that you won’t end up with an ineffective or unreliable security guard.

99
Q

While designing the security plan for a proposed facility, you are informed that the budget was just reduced by 30 percent. However, they did not adjust or reduce the security requirements. What is the most common and inexpensive form of physical access control device for both interior and exterior use?

A. Lighting
B. Security guard
C. Key locks
D. Fences

A

C. Key locks are the most common and inexpensive form of physical access control device for both interior and exterior use. Lighting, security guards, and fences are all much more costly. Fences are also mostly used outdoors.

100
Q

While implementing a motion detection system to monitor unauthorized access into a secured area of the building, you realize that the current infrared detectors are causing numerous false positives. You need to replace them with another option. What type of motion detector senses changes in the electrical or magnetic field surrounding a monitored object?

A. Wave
B. Photoelectric
C. Heat
D. Capacitance

A

D. A capacitance motion detector senses changes in the electrical or magnetic field surrounding a monitored object. A wave pattern motion detector transmits a consistent low ultrasonic or high microwave frequency signal into a monitored area and monitors for significant or meaningful changes or disturbances in the reflected pattern. A photoelectric motion detector senses changes in visible light levels for the monitored area. Photoelectric motion detectors are usually deployed in internal rooms that have no windows and are kept dark. An infrared PIR (passive infrared) or heat-based motion detector monitors for significant or meaningful changes in the heat levels and patterns in a monitored area.