Abdul Gabriel

Question 1

What is the Formula for calculating Risk in information security Management?

Answer 1

Risk = Threats X vulnerability X impact

Question 2

When is a Program said to be Considered a Process?

Answer 2

A program is considered a process when it is loaded into a memory and activated by the Operating system

Question 3

What is the difference between Multi-programming and Multitasking?

Answer 3

Multi-programming just means more than one application can be loaded into memory at the same time. which is also thesame thing as Multitasking

Question 4

What is the difference between Privacy and Security?

Answer 4

Privacy is managing Risk to Confidentiality of personal identifiable information using physical, technical and administrative Controls.

Question 5

What are the tree factors to consider in Authentication?

Answer 5

Something You have, Something you know, and Something you are

Question 6

Identification in Authentication Simply Implies Who I am. True or False

Answer 6

True

Question 7

When is an Authentication said to be Multi-factor?

Answer 7

When you combine either something you know and something you are or something you are and something you have.

Question 8

What is the differences between Need to know and Least Privilege?

Answer 8

Very similar but slightly different. Least privilege is tied to Right of a subject in a system, it defines what the subject can do when access and authorization is granted. While Need to know is tied to information; Defines what a subject can do with and information when access is granted.

Question 9

A violation of Least Privileged Principle may lead to violation of need-to-know principle. True or False

Answer 9

True. Violation of LPP can lead to violation of need-to-know principles

Question 10

What is the major differences between Subject and Object?

Answer 10

a subject is an active entity in a system while an object is passive. but an object can be a subject in some cases - Very testable in CISSP exams.

Question 11

What is the difference between Access Control Lists (ACLs) and Capability Tables?
A. Access control lists are related/attached to a subject whereas capability tables are related/attached to an object.
B. Access control lists are related/attached to an object whereas capability tables are related/attached to a subject.
C. Capability tables are used for objects whereas access control lists are used for users.
D. They are basically the same.

Answer 11

B. Access control lists are related/attached to an object whereas capability tables are related/attached to a subject.

Question 12

Which of the following offers advantages such as the ability to use stronger passwords,
easier password administration, one set of credential, and faster resource access?
A. Smart cards
B. Single Sign-On (SSO)
C. Symmetric Ciphers
D. Public Key Infrastructure (PKI)

Answer 12

The advantages of SSO include having the ability to use stronger passwords, easier administration as far as changing or deleting the passwords, minimize the risks of orphan accounts, and requiring less time to access resources

Question 13

What is a war-dialing attack?

Answer 13

War dialing or wardialing is a technique to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for modems, computers, bulletin board systems (computer servers) and fax machines. Hackers use the resulting lists for various purposes: hobbyists for exploration, and crackers – malicious hackers who specialize in breaching computer security – for guessing user accounts (by capturing voicemail greetings), or locating modems that might provide an entry-point into computer or other electronic systems.

Question 14

Which of the following countermeasures would be the most appropriate to prevent possible
intrusion or damage from wardialing attacks?
A. Monitoring and auditing for such activity
B. Require user authentication
C. Making sure only necessary phone numbers are made public
D. Using completely different numbers for voice and data accesses

Answer 14

Explanation: Knowlege of modem numbers is a poor access control method as an attacker can discover modem numbers by dialing all numbers in a range. Requiring user authentication before remote access is granted will help in avoiding unauthorized access over a modem line. “Monitoring and auditing for such activity” is incorrect. While monitoring and auditing can assist in detecting a wardialing attack, they do not defend against a successful wardialing attack. “Making sure that only necessary phone numbers are made public” is incorrect. Since a wardialing attack blindly calls all numbers in a range, whether certain numbers in the range are public or not is irrelevant. “Using completely different numbers for voice and data accesses” is incorrect. Using different number ranges for voice and data access might help prevent an attacker from stumbling across the data lines while wardialing the public voice number range but this is not an adequate countermeaure

Question 15

When we are dealing with memory activities, we use a time metric of nanoseconds (ns), which is a billionth of a second. So if you look at your RAM chip and it states 70 ns, this means it takes 70 nanoseconds to read and
refresh each memory cell. True/False

Answer 15

True

Question 16

RAM is an integrated circuit made up of millions of transistors and capacitors. True/False

Answer 16

True. The capacitor is where the actual charge is stored, which represents a 1 or 0 to the system. The transistor acts like a gate or a switch. A capacitor that is storing a binary value of 1 has several electrons stored in it, which have a negative charge, whereas a capacitor that is storing a 0 value is empty. When the operating system writes over a 1 bit with a 0 bit, in
reality, it is just emptying out the electrons from that specific capacitor.

Question 17

How does DRAM works? and how does it differ from Static RAM?

Answer 17

In Dynamic RAM the data being held in the RAM memory cells must be continually and dynamically refreshed so your bits do not magically disappear. This activity of constantly refreshing takes time, which is why DRAM is slower than static RAM.

Question 18

Why Do we need a DRAM when we have a SRAM?

Answer 18

SRAM capacitors cannot keep their charge for long. Therefore, a memory controller has to “recharge” the values in the capacitors, which just means it continually reads and writes the same values to the capacitors. If the memory controller does not “refresh” the value of 1, the capacitor will start losing its electrons and become a
0 or a corrupted value.

Question 19

Synchronous DRAM (SDRAM), Extended data out DRAM (EDO DRAM), Burst EDO DRAM (BEDO DRAM) and Double data rate SDRAM (DDR SDRAM). Which type of RAM listed above provides better, faster and robust RAM capability for a System.

Answer 19

DDR SDRAM Carries out read operations on the rising and falling cycles of a clock pulse. So instead of carrying out one operation per clock cycle, it carries out two and thus can deliver twice the throughput of SDRAM. Basically, it doubles the speed of memory activities, when compared to SDRAM, with a smaller number of clock cycles.

Question 20

In Systems Security Architecture, Systems of a higher trust level may need to implement segmentation of the memory used by different processes. This means memory is separated physically instead of just logically. This adds another layer of protection to ensure that a lowerprivileged process does not access and modify a higher-level process’s memory space. This is Often Referred to as ______?

Answer 20

Hardware Segmentation

Question 21

Read-only memory (ROM) is a nonvolatile memory type, meaning that when a computer’s power is turned off, the data is still held within the memory chips. When data is written into ROM memory chips, the data cannot be altered. Individual ROM chips are manufactured with the stored program or routines designed into it. The software that is stored within ROM is called _________

Answer 21

Firmware

Question 22

PROM vs EPROM which of the following categories fo Read only Memories can be programmed Once?

Answer 22

PROM Programmable read-only memory (PROM) is a form of ROM that can be modified after it has been manufactured. PROM can be programmed only one time because the voltage that is used to write bits into the memory cells actually burns out the fuses that connect the individual memory cells.

Question 23

What type of memory used for high-speed writing and reading activities. When the system assumes (through its programmatic logic) that it will need to access
specific information many times throughout its processing activities, it will store the information in location so it is easily and quickly accessible?

Answer 23

Cache Memory;

Question 24

Validate this statement wether true or False; Different motherboards have different types of cache. Level 1 (L1) is faster than Level 2 (L2), and L2 is faster than L3. Some processors and device controllers have cache memory built into them. L1 and L2 are usually built
into the processors and the controllers themselves.

Answer 24

Absolutely True. L1 cache is faster than L2 and L2 is faster than L3. L1 and L2 are often store in processors and Controllers.

Question 25

What is the purpose of memory Mapping?

Answer 25

Memory Mapping Controls Access to memory which is needed to ensure data does not get corrupted and that sensitive information is not available to unauthorized
processes.

Question 26

Which Part of the computer is the most trusted to access system memory using physical addressing?

Answer 26

The CPU is one of the most trusted components within a system, and can access memory directly. It uses physical addresses instead of pointers (logical addresses) to memory segments. Applications used Logical addressing to access the memory.

Question 27

What is the differences between absolute and Logical Address

Answer 27

The physical memory addresses that the CPU uses are called absolute addresses. The indexed memory addresses that software uses are referred to as logical addresses. Software only uses the indexed memory assigned to them

Question 28

True or False? Every application does not “know” it is sharing memory with other applications. When the program needs a memory segment to work with, it tells the memory manager how much memory it needs. The memory manager allocates this much physical memory, which could have the physical addressing of 34000 to 39000.

Answer 28

Absolutely True.

Question 29

_________ takes place when too much data is accepted as input to a specific process. it is an allocated segment of memory. it can be overflowed arbitrarily with too much data, but for it to be of any use to an attacker, the code inserted into it must be of a specific length, followed up by commands the attacker wants.
executed.

Answer 29

Buffer Overflow

Question 30

When a programmer writes a piece of software that will accept data, this data and its associated instructions will be stored in the buffers that make up a stack. The buffers need to be the right size to accept the inputted data. True/False

Answer 30

True, So if the input is supposed to be one character, the buffer should be 1 byte in size. If a programmer does not ensure that only 1 byte of data is being inserted into the software, then someone can input several characters at once and thus overflow that specific buffer.

Question 31

Explain how buffer over flows occurs with illustrations

Answer 31

You can think of a buffer as a small bucket to hold water (data). We have several of these small buckets stacked on top of one another (memory stack), and if too much water is poured into the top bucket, it spills over into the buckets below it (buffer overflow) and overwrites the instructions and data on the memory stack

Question 32

In a System Security architecture, a memory stack has individual buffers to hold instructions and data. True/False

Answer 32

True

Question 33

What must an attacker know and do before he/she can have a successful Buffer Overflow attack?

Answer 33

The attacker must know the size of the buffer to overwrite and must know the addresses that have been assigned to the stack. Without knowing these addresses, she could not lay down a new return pointer to her malicious code. The attacker must also write this dangerous payload to be small enough so it can be passed as input from one procedure to the next.

Question 34

True/False. Windows’ core is written in the C programming language and has layers and layers
of object-oriented code on top of it. When a procedure needs to call upon the operating system to carry out some type of task, it calls upon a system service via an API call.

Answer 34

Absolutely True. The APIs act like a doorway to operating systems functionalities.

Question 35

An operating system must be written to work with specific CPU architectures. These architectures dictate system memory addressing, protection mechanisms, and modes of execution and work with specific
instruction sets. True/Fasle and what does it implies ?

Answer 35

Very True.. This means a buffer overflow attack that works on an Intel chip will not necessarily work on an AMD or a SPARC processor. These different processors set up the memory address of the stacks differently, so the attacker may have to craft a different buffer overflow code for different platforms.

Question 36

What is the Best Countermeasures against Buffer Overflow attacks?

Answer 36

Vendor System Updates is the best Option.

Question 37

Which is the best protection against buffer-over flow attacks?

Answer 37

The best countermeasure is proper programming. This means use bounds checking. If an input value is only supposed to be nine characters, then the application Should only accept nine characters and no more.

Question 38

Windows Vista was the first version of Windows to implement address space layout randomization (ASLR), which was first implemented in OpenBSD. This Control was meant to address what kind of Vulnerability in a system?

Answer 38

These was implemented to address the Memory vulnerability associated with Buffer Overflow on Systems.

Question 39

How is Address space Layout Randomization Works?

Answer 39

If an attacker wants to maliciously interact with a process, he needs to know what memory address to send his attack inputs to. If the operating system changes these addresses continuously, which is what ASLR accomplishes, the potential success of his attack is greatly reduced. You can’t mess with something if you don’t know where it is.

Question 40

What is the sole purpose of implementing DEP - Data execution Prevention in System Memory Managements.

Answer 40

DEP mark certain memory locations as “off limits” with the goal of reducing the “playing field” for hackers and malware.

Question 41

In a properly written system, When the application is done with the memory, it is supposed to tell the operating system to release the memory so it is available to other applications. This is only fair True/false

Answer 41

True. But some applications are written poorly and do not indicate to the system that this memory is no longer in use. If this happens enough times, the operating system could become “starved” for memory, which would drastically affect the system’s performance

Question 42

The Process by Which an application is vulnerable to Dos attack because applications are written poorly and do not indicate to the system that this memory is no longer in use. is known as ______________

Answer 42

Memory Leaks

Question 43

Two main countermeasures can protect against memory leaks: These include: ____________-and ______________

Answer 43

developing better code that releases memory properly, and using a garbage collector, software that runs an algorithm to identify unused committed memory and then tells the operating system to mark that memory as “available.” Different types of garbage collectors work with different operating systems and programming languages.