Ch 09 Security Architectures Flashcards
Developed by Microsoft, which threat-modeling technique is suitable for application to logical and physical systems alike?
A. Attack trees
B. STRIDE
C. The MITRE ATT&CK framework
D. The Cyber Kill Chain
B. STRIDE is a threat-modeling framework that evaluates a system’s design using flow diagrams, system entities, and events related to a system.
Which threat modeling framework provides detailed procedures followed by specific cyberthreat actors?
A. Attack trees
B. STRIDE
C. The MITRE ATT&CK framework
D. The Cyber Kill Chain
C. The MITRE ATT&CK framework maps cyberthreat actor tactics to the techniques used for them and the detailed procedures used by specific threat actors during cyberattacks.
Which of the following security models is concerned with the confidentiality and not the integrity of information?
A. Biba
B. Bell-LaPadula
C. Brewer and Nash
D. Clark-Wilson
B. The Bell-LaPadula model enforces the confidentiality aspects of access control.
Which of the following security models is concerned with the integrity and not the confidentiality of information?
A. Biba
B. Bell-LaPadula
C. Graham-Denning
D. Brewer and Nash
A. The Biba model is a security model that addresses the integrity of data within a system but is not concerned with security levels and confidentiality.
Where is the data encrypted in a self-encrypting drive system?
A. On the disk drive
B. In memory
C. On the bus
D. All of the above
A. Self-encrypting drives include a hardware module that decrypts the data prior to putting it on the external bus, so the data is protected only on the drive itself.
Where is the data encrypted in a bus encryption system?
A. On the disk drive
B. In memory
C. On the bus
D. All of the above
D. In systems that incorporate bus encryption, the data is decrypted only on the cryptoprocessor. This means that the data is encrypted everywhere else on the system.
What is the difference between a Trusted Platform Module (TPM) and a hardware security module (HSM)?
A. An HSM is typically on the motherboard and a TPM is an external device.
B. Only an HSM can store multiple digital certificates.
C. There is no difference, as both terms refer to the same type of device.
D. A TPM is typically on the motherboard and an HSM is an external device.
D. In general, TPMs are permanently mounted on the motherboard and used for hardware-based assurance and key storage, while HSMs are removable or altogether external and are used for both hardware accelerated cryptography and key storage.
Which of the following is not a required feature in a TPM?
A. Hashing
B. Certificate revocation
C. Certificate storage
D. Encryption
B. Certificate revocation is not a required feature in a TPM. TPMs must provide storage of cryptographic keys and digital certificates, symmetric and asymmetric encryption, and hashing
Which of the following is true about changing the password on a self-encrypting drive?
A. It requires re-encryption of stored data.
B. The new password is encrypted with the existing secret key.
C. It has no effect on the encrypted data.
D. It causes a new secret key to be generated.
C. When you change the password on a self-encrypting drive, the existing secret key is retained but is encrypted with the new password. This means the encrypted data on the disk remains unaltered.
Which of these is true about processor security extensions?
A. They are after-market additions by third parties.
B. They must be disabled to establish trusted execution environments.
C. They enable developers to encrypt memory associated with a process.
D. Encryption is not normally one of their features.
C. Processor security extensions are instructions that provide security features in the CPU and can be used to support a trusted execution environment. They can, for example, enable programmers to designate special regions in memory as being encrypted and private for a given process.
