Chapter 9

Question 1

an initiative by the DHS to facilitate the open and free exchange of IOCs and other cyberthreat information between the US fed and the private sector in an automated and timely manner

Answer 1

Automated indicator sharing (AIS)

Question 2

an observable along with a hypothesis about a threat

Answer 2

indicator

Question 3

an identified face of occurrence, such as the presence of a malicious file

Answer 3

observable

Question 4

which organization manages AIS?

Answer 4

National Cybersecurity and Communications Integration Center (NCCIC)

Question 5

6 technical mechanisms implemented via architecture

Answer 5

layering
abstraction
data hiding
trusted recovery
process isolation
hardware segmentation

Question 6

the chip that governs all major operations; can perform a limited set of logical and computational operations

Answer 6

CPU

Question 7

handling two or more tasks simultaneously; a single core CPU is still only executing a single process at a time but is able to “juggle” multiple tasks for the user.

Answer 7

multitasking

Question 8

the CPU contains multiple independent execution cores that can operate simultaneously and independently

Answer 8

Multicore

Question 9

harnessing the power of more than one processor to complete the execution of a multithreaded application

Answer 9

Multiprocessing

Question 10

when multiprocessor systems assign or dedicate a process or execution threat to a specific CPU

Answer 10

affinity

Question 11

when multiprocessor systems assign or dedicate a process or execution threat to a specific CPU

Answer 11

affinity

Question 12

pseudo-simultaneous execution of two tasks on a single processor; batches or serializes multiple processes. This method delays each individual task, but across all processes in the batch total time is reduced.

Answer 12

multiprogramming

Question 13

multiple concurrent tasks are performed within a single process; often used in applications where frequent context switching between active processes causes excessive overhead

Answer 13

multithreading

Question 14

an OS model that organizes code and components in to concentric rings, where the deeper inside you go the higher privilege level is associated with the code

Answer 14

protection rings

Question 15

the part of an OS that always remains resident in memory so that it can run on demand at any time

Answer 15

kernel

Question 16

which ring does the kernel reside on?

Answer 16

Ring 0

Question 17

which ring do somewhat privileged things like I/O drivers and system utilities?

Answer 17

Ring 2

Question 18

where do applications and peripheral devices reside?

Answer 18

the outermost ring

Question 19

which ring runs in user mode?

Answer 19

Ring 3 (outermost ring)

Question 20

which rings run in supervisory or privileged mode?

Answer 20

Rings 0-2

Question 21

5 process states

Answer 21

ready
running
waiting
supervisory
stopped

Question 22

which process state is when the process executes on the CPU?

Answer 22

Running or problem

Question 23

which state is when a process is ready to resume or being processing?

Answer 23

Ready

Question 24

what state is when a process is ready for continued execution but is waiting for I/O to be serviced?

Answer 24

waiting

Question 25

what state is when a process must perform an action that requires higher privileges?

Answer 25

supervisory mode

Question 26

what state is when a process finishes or must be terminated?

Answer 26

stopped

Question 27

the hardware component that is a storage bank for information that the computer needs to keep readily available

Answer 27

memory

Question 28

memory the system can read but can’t change, contents are usually burned in at the factory

Answer 28

ROM - Read-Only Memory

Question 29

which part of memory includes the POST series of diagnostics that run on boot?

Answer 29

ROM - Read Only Memory

Question 30

this kind of ROM isn’t burnt in at the factory, but incorporates special functionality that allows an end user to burn in the chip’s content later. Afterwards it cannot be altered

Answer 30

PROM - Programmable Read-Only Memory

Question 31

this kind of ROM can be programmed and erased with ultraviolet light

Answer 31

UVEPROM - UV Erasable Programmable Read-Only Memory

Question 32

this kind of ROM can be programmed and erased with electronic volatage

Answer 32

EEPROM - electronically erasable programmable read-only memory

Question 33

a nonvolatile form of storage media that can be electronically erased and rewritten in blocks or pages. widely used on memory cards, thumb drives, mobile devices, and SSDs

Answer 33

flash memory

Question 34

readable and writable memory that is retained only when power is continuously supplied to it

Answer 34

RAM - Random Access Memory

Question 35

the largest RAM storage resource made of a number of dynamic RAM chips, must be refreshed by the CPU on a periodic basis

Answer 35

Real memory, main memory, or primary memory

Question 36

this type of RAM contains an onboard cache of extremely fast memory used to hold data on which it will operate

Answer 36

cache RAM

Question 37

this kind of RAM uses a series of capacitors to hold either a charge (1) or no charge (0)

Answer 37

dynamic RAM

Question 38

this kind of RAM uses a logical device known as a flip-flop, which is basically a switch that gets moved to the on/off position to represent 1 or 0. the CPU does not need to check this RAM to make sure the positions of these flip-flops do not change, so there is no CPU overhead.

Answer 38

Static RAM

Question 39

memory onboard a CPU that provides it with directly accessible memory locations that the ALU uses when performing calculations

Answer 39

registers

Question 40

the brain of the CPU

Answer 40

Arithmetic-logical unit (ALU)

Question 41

this memory addressing scheme refers to one of the registers

Answer 41

register addressing

Question 42

this scheme refers to data that is supplied to the CPU as part of an instruction - it is not really an addressing scheme since the information does not need to be retrieved from a memory location

Answer 42

Immediate Addressing

Question 43

this type of addressing scheme is the actual address of the memory location

Answer 43

direct addressing

Question 44

this addressing scheme directs the CPU to a memory address that contains another memory address.

Answer 44

Indirect Addressing

Question 45

this addressing scheme uses a value stored in one of the CPU’s registers or pointers as the base location from which to begin counting

Answer 45

Base+Offset Addressing

Question 46

this type of memory is magnetic, optical, or flash-based media that contain data not immediately available to the CPU

Answer 46

Secondary Memory

Question 47

this type of memory is used to expand the addressable space of real memory

Answer 47

virtual memory

Question 48

this kind of memory is used to store information that may by used by a computer any time after it’s written

Answer 48

data storage devices

Question 49

the type of memory that will lose data quickly or when power is lost

Answer 49

volatile

Question 50

an attack that freezes the memory chips to delay the decay of resident data when the system is turned off

Answer 50

cold boot attack

Question 51

safeguards used to protect against emanation attakcs

Answer 51

TEMPEST

Question 52

malicious code embedding itself into UEFI, BIOS, or firmware

Answer 52

phlashing

Question 53

a single computer contains multiple processors that are threated equally and controlled by a single OS

Answer 53

symmetric multiprocessing (SMP)

Question 53

a single computer contains multiple processors that are threated equally and controlled by a single OS

Answer 53

symmetric multiprocessing (SMP)

Question 54

a computer having multiple processors that are operating independently of one another with its own OS, data bus, and memory resources

Answer 54

Asymmetric multiprocessing (AMP)

Question 55

many AMP systems are linked together for computationally intensive tasks

Answer 55

massive parallel processing (MPP)

Question 56

a form of parallel distributed processing that loosely groups a significant number of processing nodes into a grid

Answer 56

grid computing

Question 57

what is the biggest security concern with grid computing?

Answer 57

grid computing projects are open to the world, so they are not able to maintain secrecy and protect private or proprietary data

Question 58

networking and distributed application solutions that share tasks and workloads among peers

Answer 58

Peer-to-peer (P2P)

Question 59

device that controls industrial processes and machines

Answer 59

industrial control system (ICS)

Question 60

which committee is maintaining guidlelines for securing ICS?

Answer 60

ISA99 - integrated into the IEC

Question 61

a collection of individual systems that work together to support a resource or provide a service

Answer 61

distributed system, distributed computing environment (DCE)

Question 62

a collection or ledger of records, transactions, operations, or other events that are verified using hashing, timestamps, and transaction data. each time a new element is added the whole ledger is hashed again

Answer 62

blockchain

Question 63

methods to secure DCE

Answer 63

homomorphic encryption
MFA

Question 63

methods to secure DCE

Answer 63

homomorphic encryption
MFA

Question 64

the concept that once information has been converted into a binary form and stored, it is subject to the laws of the country within which the storage device resides

Answer 64

data sovereignty

Question 65

computing platforms designed to perform complex calculations at extremely high speeds

Answer 65

High performance computing (HPC)

Question 66

data and the compute resources are located as close as possible in order to optimize bandwidth use while minimizing latency

Answer 66

edge computing

Question 67

sensors, IoT devices, or edge devices collect data and transfer it back to a central location for processing. the processing location is in the LAN

Answer 67

fog computing

Question 68

devices that offer a computational means to control something in the physical world

Answer 68

cyber-physical devices

Question 69

the concept that a server never changes once it is deployed

Answer 69

immutable architecture

Question 70

native or bare-metal hypervisor

Answer 70

type I

Question 71

a hosted hypervisor

Answer 71

type II hypervisor

Question 72

when an organization deploys numerous VMs without an orveraching IT management or security plan in place

Answer 72

VM sprawl

Question 73

numerous underutilized servers are operating in the server room taking up space and electricity

Answer 73

server sprawl

Question 74

eliminating the duplication of OS elements in a VM; each application is placed into a container that includes only the actual resources needed to support the enclosed application

Answer 74

containerization

Question 75

the platform or server is managed by the cloud service provider (CSP)

Answer 75

serverless architecture

Question 76

an attack in which attacker gains access to a system and makes small, random, changes to data during storage, processing, input, output or transaction rather than altering file contents

Answer 76

data diddling