Domain 3

Question 1

what is the point of threat modeling

Answer 1

identify, categorize, and analyze potential threats.

Question 2

What are some threat models that are used in industry

Answer 2

STRIDE
DREAD
OCTAVE
TRIKE

Question 3

What are the pillars of privacy by design

Answer 3

Proactive
Embedded in design
Privacy as default setting
Positive sum
end 2 end fully lifecycle data protection
Visibility and transparency

Question 4

whats the purpose of a security model

Answer 4

A formal representation of a security policy.

Provide framework for analyzing and implementing sec controls.

Question 5

What is used to determine how controls are intended to be put into place?

Answer 5

Security models. Intended to assist in determining what subjects can access the system and what objects they have access to

Question 6

Describe the State Machine Model

Answer 6

Protects: Confidentiality
Used for Specifying and enforcing policies

Defines states and transitions between them to model allowable actions in a system.

Question 7

Describe the information flow model

Answer 7

Protects: Confidentiality
Used for: Tracking Information Flows between subjects and objects

Labels subjects and objects with Sec level and ensures no flow from higher to lower levels

Question 8

Describe Lattice models

Answer 8

Protects: Confidentiality
Used for: multilevel sec policies with heirachical structure.

Defines partially ordered set of sec levels

Question 9

What are the two Integrity Focused Sec Models

Answer 9

Biba
Clark-Wilson

Question 10

What is the simple property used for

Answer 10

Simple - Read - Protects Confidentiality - No Low to High Read

Question 11

What is the start property used for

Answer 11

Preventing subjects from writing at lower security levels - protects confidentiality

Question 12

Describe the Bell Lapadula Model

Answer 12

Type: Info flow
Protects Conf
Levels: Classification + Categories
Uses: MAC
Rules: No read up, no write down

Question 13

Descirbe the Biba model

Answer 13

Based on: Info flow
protects: Integrity
Lattice based model

No read down no write up

Question 14

Describe the Clark Wilson

Answer 14

*Integrity Model
*Used in: DB\TX systems
*Rules: Well formed TX transform valid states
*Based on access control triplet

Uses sec labels to grant access to objects

Question 15

Describe the components to Clark-Wilson

Answer 15

CDI - Constrained Data Item - Any object protected by the model

UDI - Any object not protected by the model
IVP - Integrity Verification Process - Scan data items and confirms their identity
TP - Transformation procedure, only procedure that can transition UDI and CDI

Question 16

What are the access control triplets in the Clark Wilson Model

Answer 16

Authenticated Principle (user)
Programs (TP)
Data Items (UDI+CDI)

Question 17

Describe the Brewer and Nash model

Answer 17

Chinesse Wall,

Type: Information Flow
Protects Confidentiality and Information Flow

Levels: COI classes
Rules: Subjects can only access data in one class per dataset
Used in: Finance Legal, auditing sytems

Question 18

Describe the Take-grant Model

Answer 18

Information Flow Model
Protects: Conf
Lvls: Objects + privileges

Rules: Transfer privileges between objects and subjects

Used to specify access control policies

Question 19

Whare are the four rules to the Take Grant Model

Answer 19

Take - sibject take rights over an object
Grant - Grant rights to an object
Create - new rights
Remove - Remove rights

Question 20

What is a critical item to correctly select security controls based on requirements

Answer 20

That data is classified correctly

Question 21

What are the steps to selecting a control based the sec requirements of a system

Answer 21

1 Identify the requirements
2 analyze system function
3 Data sensitivity
4 Consider compliance

Question 22

What is a good way to select controls for assets

Answer 22

Make use of an established framework

Question 23

What are some items to consider when selecting security controls

Answer 23

Integration
Cost/benefit,
scalability,
Maintenance

The cost of the control should never be greater than the value of what it is protecting.

Question 24

What is the common Criteria, how many levels are there

Answer 24

A standardized assurance recognition guideline.

7

Question 25

What does Certification in the context of the Common Criteria mean

Answer 25

Each part of a system is evaluated to validate its alignment with security standards

Question 26

What does Accreditation mean in the context of the Common Criteria

Answer 26

Process of formal acceptance of a certified configuration by an authority. This will typically come after certification

Question 27

In the context of and SAR

Answer 27

SAR - Security assurance requirement define how the product is developed, implemented, and maintained

Question 28

In the context of CC, what is a SFR,

Answer 28

Security Function Requirement, The function or feature a product must have

Question 29

In the context of CC, what is a , TOE

Answer 29

Target of Evaluation The specific IT product/ system being evaluated

Question 30

In the context of CC, what is a PP

Answer 30

Protection Profile The security requirements for a category of products independent of implementation

Question 31

In the context of CC, what is a ST

Answer 31

Security Tarager Document that provides the Sec properties of a specific system, Defines what is to be evaluated

Question 32

What is a TCB

Answer 32

Trusted Compute base All of the components combined that make up a secure system policy

Question 33

What is a trusted path

Answer 33

Secure comms channel between user and TCB, Ensures that sensitive data is txd directly to the parts of the system without chance for interception

Question 34

What is a reference monitor

Answer 34

Intercepts all access attempts Mediates all access to objects by subjects using Authentication, Authorization, and Accountinh

Question 35

What is the implmentation of a Reference Monitor called

Answer 35

Security Kernel

Question 36

What is the role of the Secuirty Kernel

Answer 36

Actsx as a gater keeper for all requestrs to access resources, checks each request against system secuirity rules

Question 37

How does a processor multitask

Answer 37

Execute multiple tasks or processes by switching between themW

Question 38

How does a processor mulitprocess

Answer 38

By haivng more that one processor and executing tasks in prallel

Question 39

How does a processor multithread

Answer 39

Single process dived into threads that are then executed concurrently in the same process

Question 40

What is multiprogramming

Answer 40

Multiple programs pulled into memory at once, allow cpu to swap between them

Question 41

How is process isolation performd

Answer 41

Confinement- restrict the resources and memory locations allowed to a process bounds - set restrictions on the memory location and resources a process can access

Question 42

What is mediated access

Answer 42

When users interact with defined interfaces instead of objects themselves

Question 43

What does secure boot accomplish

Answer 43

Ensures that only trusted items are loaded durring boot.

Question 44

What does measured boot do

Answer 44

Hashes each step of the boot process. Mismatches in hashes alert user of potential tampering

Question 45

What is FOTA

Answer 45

Firmware over the air, update method for mobile devices.

Question 46

What are CO PE devices

Answer 46

Corporate owned personally enabledC

Question 47

What are CO BE

Answer 47

Corporate owned Business only devices

Question 48

What are candidate keys

Answer 48

Set of attributes that can be used to identify any record in a table. No two record in a table will contain all the same values for each attribute

Question 49

What are views in a DB

Answer 49

Virtual table presenting a subset of data from one or more underlying tables No actual data is stored here can be used to mask data.

Question 50

What are the parts of the ACID model

Answer 50

Atomicity - TX run 100% or not at all Consistency - TX bring the DB from one consistent stable state to another. ISOLATION - Concurrent TX do not interfere with each other.

Question 51

What are some common RDBMS attacks

Answer 51

Aggregation - where attacker combines several non-sensitive sources of info to construct sensitive info Inference - logical reasoning to deduce sensitive info from non sensitive info.

Question 52

What is the order of these items of complexity PLC, SCADA, DCS

Answer 52

PLC > DCS > SCADA

Question 53

What are some ICS/OT Concerns

Answer 53

Patching, System Resources Legacy Systems Logging /monitoring No Built in security

Question 54

What are some approaches to safegaurding your ICS/SCADA systems

Answer 54

Segmentation FW/IPS Encryption Physical Security

Question 55

What is data residency defined as

Answer 55

The physical or geographic area data is stored in

Question 56

What is data soverignty

Answer 56

The laws and regulations data falls under as part of where it is physically located

Question 57

What is a concern for IOT devices with low compute power

Answer 57

potentially have limited ability for cryptographic functions. Need to use less compute heavy algs like ECC

Question 58

What is a concern for IOT devices with low memory

Answer 58

Insufficient storage for logs an dupdates Offload logs, and use efficient update methods

Question 59

What are the disadvantages of microservices

Answer 59

Increased attack surfaces due to multiple entry points Challenge in maintaining consistent policy across services Need for robust authentication and authorization between services

Question 60

What is the focus of serverless computing

Answer 60

The execution of code or scripts in response to events or triggers without the need to manage infrastructure beneath systems executing code. Good use case for microservices

Question 61

What is a static system

Answer 61

A system that is designed to remain unchanged during normal operations. The biggest risks are changes that alter security or functions.

Question 62

What is an HPC

Answer 62

High Performance Computer Makes use of supercomputers and parallel processing to solve complex computational problems

Question 63

What is a MPP

Answer 63

Massively Parallel processing Many independent nodes each with its own memory and process communicate at high speeds - very scalable

Question 64

What are the stages of the Cryptographic key management lifecycle

Answer 64

Generation Distribution Strorage use Destruction

Question 65

What is Kerchoffs principle

Answer 65

A cryptographic solution should be perfectly secure even if everything about the system is known

Question 66

What is time based protection

Answer 66

If the data's value decreases, the work factor only needs to be enough to protect the data during its useful timespan

Question 67

What is trust

Answer 67

Confidence that a system, network, entity, will behave as expected

Question 68

What is assurnace

Answer 68

The degree of confidence that security measures and controls in place will function correctly.

Question 69

What is the diff between confusion and diffusion

Answer 69

Confusion is the practice of making a secret key hard to guess by looking at the plain and cipher text. The relationship between key input and cipher text should be difficult to guess Diffusion, changes made to plain text should be distributed throughout the cipher text

Question 70

What is DKIM

Answer 70

Email authentication method that allows the reciver to verify that an email was indeed sent and authorized bt eh owner of the domain

Question 71

What is spf

Answer 71

Sender IP addresses are analyzed to prevent spoofing

Question 72

What is DMARC

Answer 72

SPF and DKIM combined and includes specifics on how to handle mail that fails either check

Question 73

Key Escrow

Answer 73

Securely storing a copy of key with a trusted 3rd party.

Question 74

What are the algorithms used for Digital Signature Standard

Answer 74

RSA ECC Digital signature Alg

Question 75

How can you protect against brute forcing

Answer 75

Key stretching - increase key length to make up for potentially weak keys Cryptographic salting,

Question 76

How do you protect against dictionary attacks

Answer 76

MFA, Password Blacklists, Salts, Account lockouts

Question 77

What is a hybrid attack

Answer 77

Where dictionary is used first, then pure brute force is used

Question 78

Describe a cipher text only attack

Answer 78

User has access to a collection of ciphertexts They want to deduce the key or plaintext. EX encrypted messages intercepted, and patters are searched for in the ciphertext

Question 79

How do you protect against Cipher text only attacks

Answer 79

Strong algorithms like AES Proper Key MGMT Encryption modes that provide Semantic security like CBC or CTR

Question 80

Describe known plaintext attacker

Answer 80

Attacker has: Plain text and cipher text Used to deduce encryption key that could be used to encrypt other messages

Question 81

What is a meet in the middle

Answer 81

Divide keys in half, precompute the results for the function then compare the results calculated for the other half

Question 82

What is a chosen plaintext attack

Answer 82

Attacker chooses the plaintexts that are encrypted then analyzes the resulting cipher to get an understanding about the encryption alg or key They find a way to decrypt cipher text without knowing the key

Question 83

Describe Differential Cryptoanalysis

Answer 83

Examine how changes in the plaintext affect the ciphertext. By studying this you can try to find patterns

Question 84

What is semantic security

Answer 84

Semantic security means that an attacker cannot derive any meaningful information about the original plaintext just by observing the ciphertext—even if they know other plaintext-ciphertext pairs.

Question 85

How do you protect against Frequency Analysis

Answer 85

User modern algs instead of ciphers Use padding or randomization before encryption Semantic Sec Algs

Question 86

What is a chosen ciphertext attack

Answer 86

EX: Attacker gets access to function that is used to perform decryption, they know nothing else about system they then decrypt ciphertexts known to them to learn about the cryptographic system

Question 87

How do you protect against chosen ciphertext attacks

Answer 87

Padding schemes Authenticated encryption modes Use algs like AES

Question 88

How do you protect against side channel attacks

Answer 88

Hardware based tamper resistant encryption modules Apply techniques like blinding and masking to reduce leakage

Question 89

Describe cover channels

Answer 89

Covert is intentional comms over a channel not designed for comms. Creation of the channel is not intentional, but its exploit is. Hidden communication - existenc of channel is concealed

Question 90

Describe side channel attacks

Answer 90

unintentional info leakage - method of obtaining information about a system or its process without direct access to the data itself Exploiting observable system behavior like power consumption, EMI.

Question 91

Describe timing attacks

Answer 91

Exploit measurable differences in the time taken to perform a cryptographic operations. This can then be used to learn about the key EX attacker measures the time taken for a server to respond to a carefully crafted query Sued to deduce inform about PK used

Question 92

What are safegaurds for Timing attacks

Answer 92

Constant-time cryptography Used random delays to make timing less reliable Use tamper resistant hardware encryption modules

Question 93

How do you protect against MITM attacks

Answer 93

Use TLS or SSh Mutual Auth Digital signatures

Question 94

What is a pass the ticket attack

Answer 94

Kerberos attack where a valid K ticket is stolen and used for authentication without a password

Question 95

What is a Golden Ticket

Answer 95

Attacker compromised the domain's KDC (Kerberos Distrobution Center) to cerate a forged Ticket Granting Ticket

Question 96

What is a Silver Ticket

Answer 96

Attacker brute forecs a service ticket for a specific service account which bypasses the need for a TGT

Question 97

What is Kerberoasting

Answer 97

Using SPN (service principle name) Attacker requests a service ticket and attempts to crack the encrypted portion of the ticket offline to get the service account password

Question 98

What is Overpass the hash

Answer 98

Converting stolen NTLM hash into a full Kerberos ticket.

Question 99

What is AS-REP Roasting

Answer 99

Exploiting the account with "Do not require Kerberos Pre-Auth" Allows attackers to requsest AS-REP msgs and attempt offline password crackingW

Question 100

What are the safegaurds for kerberos

Answer 100

Keep it patched use strong encryption Proper Access controls and Monitoring