Chapter 12: Security Architecture Vulnerabilities, Threats, and Countermeasures Flashcards Preview

CISSP > Chapter 12: Security Architecture Vulnerabilities, Threats, and Countermeasures > Flashcards

Flashcards in Chapter 12: Security Architecture Vulnerabilities, Threats, and Countermeasures Deck (43)
Loading flashcards...
1
Q

What is multitasking?

A

Handling two or more tasks simultaneously (or time slicing to appear so)

2
Q

What is multiprocessing?

A

Harnessing the power of more than one processor to complete the execution of a single application.

3
Q

What is symmetric multiprocessing?

A

A single computer/operating system controlled by one OS, sharing data and memory resources.

4
Q

What is massively parallel processing?

A

Each processor has its own operating system and memory bus/resources.

5
Q

What is multiprogramming?

A

The pseudosimultaneous execution of two tasks on a single processor coordinated by the operating system as a way to increase operational efficiency.

6
Q

What is multithreading?

A

Multiple concurrent tasks performed within a single process.

7
Q

What are the ways in which processing information of different security levels has been addressed?

A

Single state and multistate systems. Single state systems use policy mechanisms, requiring approval of a system to process only a single security level at a time. Multistate systems are certified to handle multiple levels simultaneously using protection mechanisms.

Multistate systems are uncommon because they’re expensive.

8
Q

What is in protection ring 0?

A

OS kernel/memory resident components

9
Q

What is in protection ring 1?

A

Other OS components

10
Q

What is in protection ring 2?

A

Drivers, protocols, etc

11
Q

What is in protection ring 3?

A

User level programs and applications.

12
Q

What is a process state?

A

The various forms of execution in which a process may exist. Supervisor mode == privileged, all access. Problem mode = user mode, all access requests must be checked.

13
Q

What are the four approved security modes for systems that process classified information?

A

Dedicated, system-high, compartmented, multilevel

14
Q

Describe dedicated mode

A

.

15
Q

Describe system-high mode

A

.

16
Q

Describe compartmented mode

A

.

17
Q

Describe multilevel mode.

A

.

18
Q

Security mode table

A

.

19
Q

What is the primary advantage of ROM?

A

It can’t be modified.

20
Q

What is PROM?

A

Programmable Read Only Memory. A user can write it once.

21
Q

What is EPROM?

A

Erasable PROM. Has a small window that when illuminated with UV light erases the chip. Reusable.

22
Q

What is EEPROM?

A

Electronically erasible PROM. Doesn’t require the UV light. Some BIOS are this.

23
Q

What should you do with any memory devices prior to allowing them to leave?

A

Purge them. Includes memory.

24
Q

What is the difference between primary vs secondary storage?

A

Primary is RAM. Secondary is all the familiar long term storage devices, like hard drives.

25
Q

What is DMA?

A

Direct memory access. More detail. p 500.

26
Q

What is RAID 0?

A

Striping

27
Q

What is RAID 1?

A

Mirroring

28
Q

What is RAID 2

A

Hamming code parity

29
Q

What is RAID 3?

A

Byte-level parity

30
Q

What is RAID 4?

A

Block level parity

31
Q

What is RAID 5?

A

Interleave parity

32
Q

What is RAID 6?

A

Second parity data

33
Q

What is RAID 10?

A

Raid 1 + RAID 0

34
Q

What is RAID 15?

A

RAID 1 + RAID 5

35
Q

What is an applet?

A

A code object sent from a server to be run on the client.

36
Q

What is cloud computing?

A

A concept of computing where processing and storage are performed elsewhere over a network connection rather than locally.

37
Q

What are the security issues with cloud computing?

A

Privacy concerns, regulation compliance difficulties, use of open/closed-source solutions, adoption of open standards, and whether cloud-based data is secured (or even securable).

38
Q

What is Paas?

A

Platform as a service. Hardware and OS.

39
Q

What is SaaS.

A

Provides on-demand access to specific software applications or suites without the need for local installation. Office 365, for example.

40
Q

What is IaaS?

A

Infrastructure as a service. Utility or metered computing. Administrative task automation, dynamic scaling and virtualization.

41
Q

What is Grid Computing?

A

A form of parallel distributed processing that loosely groups a significant number of processing nodes to work toward a specific processing goal. members of the grid can enter or leave. Partial calculations, state saving.

42
Q

Describe Peer to Peer (P2P) computing.

A

Like grid, but no central management. Skype, Bittorrent, Spotify.

Perceived inducement to copyright infringement, ability to eavesdrop, ability for services to consume all bandwidth.

43
Q

Finish page 510

A

.