Domain 3 Flashcards

Question

Assurance

Answer 1

Assurance is a degree of confidence that the system will act in a correct and predictable manner in every computing situation (trustworthy computing)

Answer 2

A security evaluation process assesses products against defined security requirements in a consistent and repeatable manner. Third-party labs rely on standard evaluation criteria.

Answer 3

Developed in 1983, Trusted Computing System Evaluation Criteria (TCSEC) was used to evaluate, classify, and select systems for the DoD based upon confidentiality requirements, Superseded by the Common Criteria. Original publication as the "Orange Book". Expanded to 20+ books known as the rainbow series.

Answer 4

Developed in 1991 by a consortium of European nations, IT Security Evaluation Criteria (ITSEC) is used to evaluate the functionality and assurance of a computer system based upon a vendor-defined set of requirements. Functionality and assurance evaluated independently and separately.

Answer 5

Developed in 1993 by the ISO, the Common Criteria provides a universal structure and language for expressing product and system requirements. the Common Criteria evaluates products against a protection profile and results are published. - Common Criteria ratings categories are functional and assurance.

Answer 6

A protection profile is a specific set of functional and assurance requirements for a category of products. A protection profile can be written by several different groups including vendors, customers, and accreditation agencies.

Answer 7

A security Target is written by a product vendor, developer that explains the specifications of the product including functionality and assurance. requirements.

Answer 8

The Target of Evaluation (TOE) is the product or system that will be rated.

Answer 9

Certification is the process of evaluation, testing, and examining security controls. The evaluation compares the current system's security posture with specific standards.

Answer 10

Accreditation is the process of an authority (management) granting approval to operate a system for a specified period of time with the understanding of the residual risks identified during the certification.

Answer 11

Trusted Computing Base is the combination of all the security mechanisms within a computer including hardware, software, and firmware.

Answer 12

BIOS (Basic Input Output System) is non-volatile firmware used to perform hardware initialization during the booting process, and to provide run-time services for operating systems and programs.

Answer 13

Unified Extensible Firmware Interface (UEFI) is an open standard interface layer between the firmware and the operating system that requires firmware updates to be digitally signed. - Designed as a replacement for traditional PC BIOS. - Additional functionality includes support for Secure Boot, network authentication, and universal graphics drivers. - Protects against BIOS malware attacks including rootkits.

Answer 14

Secure Boot Attestation that all boot loader components (e.g. OS Kernel, drivers) attest to their identity (digital signature) and the attestation is compared to the trusted list.

Answer 15

TPM A trusted platform module (TPM) is a special hardware chip installed on a computer's motherboard that is responsible for protecting passwords, symmetric and asymmetric keys, hashes, and digital certificates are specific to that system hardware. - The chip contains an RSA key used for encryption and authentication. - TPMs are compatible with most operating systems.

Answer 16

Hardware Security Model (HSM) is a physical device whose function is secure cryptoprocessing. - HSM take the form of an adapter cards,m USBs, or appliances. - Fast, scalable, and expensive.

Answer 17

CPU Protection Rings are conceptual boundaries that control how processes are executed. A process is a set of instructions and assigned resources.

Answer 18

CPU Protection Rings are conceptual boundaries that control how processes are executed. A process is a set of instructions and assigned resources. - Each process has a PID (Process ID) and a level of trust (ring number) assigned to it. - The level of trust determines the level of access to system resources, drivers, and data.

Answer 19

- Ring 0: OS Kernel and device Drivers. - Ring 1 Operating System - Ring 2: OS Utilities. - Ring 3: Applications.

Answer 20

In a centralized computing environment, processing occurs within mainframe or terminal host and clients, (terminals, thin clients) are limited to simple interaction and emulation. - Security advantage is controls can be implemented and tightly controlled. - Security disadvantage is that configuration errors and unaddressed vulnerabilities can impact all clienteles systems.

Answer 21

In a heterogeneous client-server environment, processing is distributed and there is a inherent trust, which makes every endpoint a potential target and every connection a potential conduit. Security Considerations: - Privileged use. - Outdated operating systems and applications. - Malware distribution. - Unauthorized remote access.

Answer 22

In a distributed system environment, there is no central Authority. Security Considerations: - Each node is responsible for its own security. - Distributed ownership and management. - Local data stores - Peer-to-Peer (P2P) access. - Malware Distribution.

Answer 23

Large-scale Parallel Systems are disparate systems working in concert. Examples include cluster computing, grid computing, and cloud computing. Security Considerations: - Distributed ownership and management. - Dependencies (SPOF) - Force multiplier effect (dramatic increased efficiency and/or capability. - Big data aggregation.

Answer 24

Grid Computing is a sharing of CPU and other resources across a network, in a way that all machines function as one large computer. Grid participants can be heterogeneous and multitasking. Security Considerations: - Transmission between nodes. - Authentication controls. - Activity isolation

Answer 25

Industrial Control Systems (ICS) are computer-based systems that monitor and control industrial processes that exists in the physical world. ICS are either data-driven or operated remotely. Well-known industrial control systems include: - Distributed control systems (DCS). - Programmable logic controllers (PLC). - Supervisory control and data acquisition (SCADA)

Answer 26

SCADA usually refers to centralized systems which monitor and control entire sites, or complexes of systems spread out over large areas (e.g. electrical, grid, oil, and gas pipelines). Security Considerations: - Weak Authentication. - Use of outdated OS. - Inability to patch systems. - Unauthorized remote access.

Answer 27

Cloud Computing is a model for enabling ubiquitous, convenient, on-demand, network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Answer 28

- SaaS - PaaS - IaaS

Answer 29

- Private Cloud - Community Cloud - Public Cloud - Hybrid Cloud

Answer 30

Provisioned for public use. Considerations: - Location - Multi-tenancy.

Answer 31

Provisioned for the exclusive use by a well-defined group. Considerations: - Multi-tenancy

Answer 32

Provisioned for exclusive of single organization. Considerations: - Scalability.

Answer 33

The public and private cloud infrastructures communicate over an encrypted connection, using technology that allows for the portability of data and applications.

Answer 34

Cloud Access Security Brokers (CASBs) are security policy points (software or appliance) placed between 'the cloud' and enterprise users. - Security policies are interjected as cloud-based resources are accessed. for example, authentication, encryption, visibility, and DLP

Answer 35

Security as a Service (SecaaS) is the delivery of managed security services for public, private, and hybrid cloud environments. - SeccaS relieves the burden of relying on the SaaS, PassS, or IaaS vendor for security protection and enforcement. - Services include encryption, activity monitoring, DLP, malware detection, filtering, firewall, policy enforcement, email security, intrusion detection, authentication, and more.

Answer 36

Tricking an application into including unintended commands in the data sent to an interpreter (e.g. OS, LDAP, SQL) - Flaw: Improper input/output validation. - Impact: Can result in unauthorized access, data exfiltration, and data corruption. - Mitigation: Use of 'safe' API, positive 'whitelist' input output validation.

Answer 37

The attacker uses flaws in the authentication or session management Functions to impersonate users> Privileged accounts are frequently targeted.

Answer 38

Bluejacking is injecting a unsolicited message.

Answer 39

Bluesnarfing is unauthorized device pairing.

Answer 40

Blueborne exploits protocol weakness to take over the device

Answer 41

An embedded system is an electronic product that contains a microprocessor and software designed to perform a specific task. An embedded system can either be fixed or programmable. - The devices are designed for functionality and convenience - not security.

Answer 42

- System on a chip (SOC) - Real-time OS (RTOS) - APP

Answer 43

"The internet of things is the network of physical objects or 'things' embedded with electronics, software, sensors, and connectivity to enable it to achieve greater value and service by exchanging data with the manufacturer, operator, and/or other connected devices. Each thing is uniquely identifiable through its embedded computing system but is able to interoperate within the existing Internet infrastructure.

Answer 44

Architecture that uses collaborative edge computing devices for local resource pooling.

Answer 45

- Confidentiality (encryption) - Integrity (Hashing) - Non-repudiation (digital signatures) - Authentication (digital certificates)

Answer 46

Human readable.

Answer 47

Encrypted and/or human unreadable text.

Answer 48

A technique that transforms plaintext into ciphertext and back to clear-text.

Answer 49

A cryptographic algorithm is a mathematically complex modern cipher.

Answer 50

Algorithm that works with one bit at a time. | Example: RC4

Answer 51

Algorithm that works with blocks of data. | Examples: DES, 3DES, AES, BLOWFISH, TWOFISH, IDEA

Answer 52

Secret used with an algorithm. | - The key dictates what parts of the algorithm will be used, in what order, and with what values.

Answer 53

Number of possible key combinations.

Answer 54

The initial key is fed into an algorithm that outputs an enhanced (stronger) key.

Answer 55

Using a single key.

Answer 56

Using two mathematically related keys (public / private)

Answer 57

Substitution cipher replaces one character or bit for another character or bit. The key is the shift pattern.

Answer 58

Transposition Cipher moves characters or bits to another place within the block. The key is the transposition code.

Answer 59

Confusion is the process of changing the values. Complex substitution functions are used to create confusion. Substitution ciphers are enforced through confusion.

Answer 60

Diffusion is the process of changing the order sending bits through multiple rounds of transposition is used to create diffusion.

Answer 61

Emerging lightweight cryptographic algorithms are being developed to support low power devices as well as low latency and high resiliency requirements.

Answer 62

Strength of a Cryptographic Algorithm is a combination of the algorithm, the algorithmic process, the length of the key, and the secrecy of the key. If one element is weak, the cryptosystem can potentially be compromised.

Answer 63

The work factor is the amount of time and effort it would take to penetrate (break) a cryptosystem.

Answer 64

Key management describes the activities involving the handling of cryptographic keys and other related security parameters (e.g. passwords) during their entire life-cycle. - A key should only be used for one purpose (e.g. encryption). - Keys should be frequently changed to increase work-factor. - Provate keys must be securely stored.

Answer 65

Key Escrow is a proactive arrangement in which the keys needed to decrypt encrypted data are held in escrow so that, under certain circumstances, a authorized third party may gain access to those keys.

Answer 66

- Electronic CodeBook (ECB) - Cipher Block Chaining (CBC) - Counter Mode (CTR) - Galois/Counter Mode (GCM)

Answer 67

With Electronic CodeBook (ECB) mode, each block is independent (doesn't hide patterns - not suitable for long message).

Answer 68

Cipher Block Chaining (CBC) mode, includes an initialization vector (IV) and a compartment mode of the previous ciphertext to leverage randomization.

Answer 69

Counter Mode (CTR) mode does not have any dependencies. Converts block cipher to a stream cipher using XOR functions.

Answer 70

Galois/Counter Mode (GCM) is an efficient mode of operation for symmetric key cryptographic 128-bit blocks. GCM can take advantage of parallel processing.

Answer 71

- DES - 3DES - AES - Blowfish - IDEA - Twofish - RC4

Answer 72

64-bit key size / 16 rounds of substitution and transposition. - 1977 established a US Government standard - 1998 demonstrated that it could be "broken" in less than 56 hours.

Answer 73

64-bit key size / 48 rounds of substitution and transposition using either 2 or 3 key. - 1999 replaced DES as a US Government standard. - Considered deprecated.

Answer 74

128- or 192- or 256-bit key / 10 or 12 or 14 rounds of substitution and transposition. - 2002 replaced 3DES as a US Government standard.

Answer 75

- RSA - ECC-Elliptic Curve Cryptosystem - Diffie-Hellman - El Gamal

Answer 76

Widely implemented. - Defacto commercial standard. - Works with both encryption and digital signatures.

Answer 77

Similar function to RSA but with smaller key sizes (require less computing power). - Current US Government standard for Asymmetric encryption.

Answer 78

Primarily used for key agreement (key exchange) - Allows two parties (in the same DH group) that have no prior knowledge of each other to jointly establish a shared secret key. - DHE uses modular arithmetic to computer the shared secret.. - ECDH uses algebraic curves to generate keys.

Answer 79

Primarily used for transmitting digital signatures and key exchange.

Answer 80

Hashing produces a visual representation of a data set. The objective of hashing is proving integrity. - Validate that a message has not been changed during transmission (message digest). - Verify that a forensic clone is intact.

Answer 81

In order to be considered secure, cryptographic hash functions must meet three criteria: - Output must not be reversible (one-way-representation). - Variable length input must produce fixed length output. - Output must be unique.

Answer 82

If a hash function produces the same value for two different inputs, the result is known as a collision.

Answer 83

MD5 has been shown to be subject to collision attacks and is 'broken'

Answer 84

Created by the NSA - SHA-1 has been shown to be subject to collision attacks - Sha-2 family is widely used and includes SHA-256, SHA-384, and SHA-512.

Answer 85

RIPEMD was based on MD4; it has been replaced by RIPEMD-160

Answer 86

A hashed message authentication code (HMAC) is a hashed value that includes a symmetric key. - An HMAC cannot be reproduced without knowing the key. - An HMAC provides integrity and data origin authentication. - HMAC is used by cryptographic protocols such as the TLS and IPsec to verify the integrity of transmitted data during secure communications.

Answer 87

A digital sinature is a message digest that has been encrypted using a private key. The goal of a digital signature is integrity and non-repudiation.

Answer 88

Non-repudiation means that the signer cannot deny sending the message. Conversely, the receiver can trust that the message came from the named signer.

Answer 89

- RSA | - Digital Signature Algorithms (DSA)

Answer 90

Published by NIST in cooperation with the NSA US Government Digital Signature standard.

Answer 91

Public Key Infrastructure consists of programs, data formats, procedures, communication protocols, security policies, and public key cryptographic mechanisms working together in a comprehensive manner to enable secure communication.

Answer 92

- Public Key Infrastructure x506 (PKIX) is the working group formed by the IETF to develop standards and models (known as x.509). - Public Key Cryptography Standards (PKCS) is a set of voluntary standards created by RSA and other industry leaders.

Answer 93

Digital Certificates are the mechanisms to generate a private key and to associate a public key with a collection of components sufficient to authenticate the claimed owner. - The x509 standards defines the certificate format and fields for public key. - The x509 standard defines the distribution procedures. - The current version of x509 for certificates is v3.

Answer 94

A Self-Signed certificate is signed by the person creating it. - The advantage is that there is no additional expense. - The disadvantages is that a self-signed certificate can easily be impersonated, will present the user with a warning message and cannot be revoked. - Use cases include a internal development server.

Answer 95

A Trust Model defines how users trust other users, organizations, CAs and RAs within the PKI. - Web of Trust. - Third party (single Authority) Trust. - Hierarchical Model.

Answer 96

No central authority. Each user creates and signs their own certificate. Users sign each others public key indicating "trust"

Answer 97

A central third-party Certificate Authority (CA) signs a key and authenticates the owner.

Answer 98

Extension of third party in which root CAs issues certificate to lower level "intermediate" CAs who can then issue certificates. Trust is inherited.

Answer 99

- CSR - Certificate Signing Requrest (CSR). - Certificate is issued - Certificate is published - Certificate is received - Certificate is Installed - Certificate renewed, suspended, revoked or expired. - Key is destroyed.

Answer 100

CA maintain list of certificates that have been revoked. - Pull Model - CRL is downloaded by the user or organization. - Push model - CRL is automatically sent out by the CA at regular intervals.

Answer 101

Process designed to query the status of certificate in real-time. - OCSP stapling is a time stamped (cached) OCSP response.

Answer 102

The process of finding a cryptographic weakness (vulnerability)

Answer 103

A sample of ciphertext is available without the plaintext associated with it.

Answer 104

A sample of ciphertext and the corresponding known plaintext is available.

Answer 105

Can choose the plaintext to get encrypted and obtain the corresponding ciphertext

Answer 106

Can select the ciphertext and obtain the corresponding plaintext.

Answer 107

- Brute Force - Dictionary - Frequency - Replay

Answer 108

Every possible key is tested (Online, Offline)

Answer 109

List of known keys tested.

Answer 110

Looking for patterns to reveal the key.

Answer 111

Attacker tries to reuse a cryptographic transmission.

Answer 112

Exploits the mathematics behind the birthday problem probability theory to cause collision.

Answer 113

Using captured hashed credentials from one machine to successfully gain control of another machine.

Answer 114

Rainbow Tables are publicly available tables of pre-computed hashes.

Answer 115

Salts are values appended to the input to negate the value of rainbow tables.

Answer 116

A Downgrade Attack is an attack on a system or communications protocol that forces degradation to a lower-quality crypto mode (if available) designed for backward compatibility

Answer 117

Attackers take advantage of miscommunications, weak keys, broken, or deprecated versions.

Answer 118

Physical security principles of deter, detect, and delay* supported by a response plan are designed to frustrate and disrupt an adversary's attack timeline. - Deter: Stop or displace an attack. - Detect: Verify an attack, initiate a response. - Delay: Prevent the attack from reaching the asset (including measures to minimize the consequence of an attack)

Answer 119

The premise of a layered defense model is that it an intruder can bypass one layer of controls, the next layer of controls should provide additional deterrence or detection capabilities. Layers defense is both physical and psychological.

Answer 120

The principles of deter, detect, and delay* extend to the following security zones. - Beyond the perimeter - Perimeter - Within site - Building - Asset

Answer 121

Fail-Safe implies that in an emergency situation, controls will default to open.

Answer 122

Fail-Secure implies that in an emergency situation, controls will default to locked.

Answer 123

The basic premise of Crime Prevention through Environmental Design (CPTED) is that the proper design and effective use of the physical environment can lead to a reduction in the incidence ad fear of crime.

Answer 124

Lighting can be continuous, motion triggered, random, timed, or standby. Lighting should be tamper proof and have a backup power supply.

Answer 125

Signs for personnel safety and intruder deterrence.

Answer 126

fences, walls, gates, barricades, and bollards define perimeter.

Answer 127

Security personnel may be stationed at checkpoints, and patrol the area, manage surveillance, and respond to breaches and/or suspicious activity.

Answer 128

Key Controlled cylinder -susceptible to "bumping".

Answer 129

Conventional locks that have complex and difficult to reproduce keys.

Answer 130

Uses a programmable key pad.

Answer 131

Cipher lock with centralized control and auditing capabilities.

Answer 132

Biometric recognition - may also require a key code.

Answer 133

- ID Card / badge - Smart Card - Biometric - Access logs - Audit Logs - Mantrap

Answer 134

Identification card with or without picture (non electronic)

Answer 135

Card with integrated circuitry used in conjunction with a card reader.

Answer 136

Use of bio-metric technology to identify and authenticate a person.

Answer 137

Requirement to document access (sign-in/out)

Answer 138

Logs generated by smart and biometric systems.

Answer 139

Two-tier barrier. Entry door on one side and an exit door on the opposite side. One door of a mantra cannot be unlocked and opened until the opposite door has been closed and locked.

Answer 140

Surveillance technologies such as closed-circuit TV (CCTV) and camera detect suspicious, abnormal, or unwanted behavior. A surveillance system can: - Identify the presence of an intruder - Trigger an alarm or an alert - Provide enough detail to determine the type of incident response. - Provide Evidence.

Answer 141

- Proximity: Measure magnetic field. - Motion: Detect physical disturbance. - Photometric: Changes in light. - Passive Infrared: Changes in Heat. - Acoustical: Changes in noise - Contact: - Electrical circuit si broken,

Answer 142

- Located in the center of a facility with no external windows or doors. - Located on floors other that the basement, first floor, and top floor. - Full walls extending from floor to ceiling. - Partitioned ceiling.

Answer 143

Airgap Isolation refers computers or networks that are physically isolated from the internet or to any other computers that are connected to the internet.

Answer 144

A physically isolated network is completely disconnected from any other network, period.

Answer 145

Clean Room network/computer is located in a secured room or facility.

Answer 146

Data Centers (inclusive of server rooms and networking closets) need to be kept cool. - Recommended temperature for an area containing computing devices is between 70-74 degrees Fahrenheit. - Damaging temperatures: Computers >175F, Magnetic Storage >100F, Paper products >350F

Answer 147

Data Center humidity can cause corrosion and low humidity can cause excessive static electricity. - Relative humidity between 45-60% is acceptable for areas that are processing data. - Electronic discharge (ESD) is the release of static electricity when two objects touch. ESD can damage or destroy electronic components.

Answer 148

Equipment copper cable are sensitive to electromagnetic interference (EMI) and radio frequency interference (RFI). Equipment should have limited exposure to magnets, fluorescent lights, electric motors space heaters, and wireless access points.

Answer 149

Electromagnetic Interference (EMI) is due to electromagnetic conduction or radiation. Almost any type of electrical device can cause EMI

Answer 150

Radio Frequency Interference (RFI) is due to AM/FM and cellular tower transmissions.

Answer 151

Data Emanation (or signal emanation) is the electromagnetic (EM) field generated by a coax or copper cable or network devices, which can be manipulated to eavesdrop on conversations or to steal data.

Answer 152

A Faraday Cage is shield is an enclosure used to block electromagnetic (EM) fields (incoming and outgoing). Faraday bags are after used in digital forensics to prevent remote wiping and alteration of criminal digital evidence.

Answer 153

Prolonged period without power | - Mitigating Control: Battery backup (UPS), Alternate power supply (generator), Supplier diversity,

Answer 154

Prolonged period of low voltage. | - Mitigation control: Voltage regulator, surge protectors, power line conditioners, battery backups (UPS)

Answer 155

Moment of low voltage. | - Mitigation control: Voltage regulator, surge protectors, power line conditioners, battery backups (UPS)

Answer 156

Prolonged period of high voltage. | - Mitigation control: Voltage regulator, surge protectors, power line conditioners, battery backups (UPS)

Answer 157

Moment of high voltage. | - Mitigation control: Voltage regulator, surge protectors, power line conditioners, battery backups (UPS)

Answer 158

Failure of internal power supply or fan. | - Mitigation control: Redundant power supply.

Answer 159

- Fire Prevention: is the first line of defense. - Fire Detection: Is to realize that there is a fire while it is still small and controllable. - Fire Suppression: Is the containment and actually dealing with the fire.

Answer 160

Ordinary combustibles: wood, paper, rubber, fabrics, and many plastics. Type of Extinguisher: Water, Dry Powder, Halon.

Answer 161

Flammable Liquids and Gases: gasoline, oils, paint, lacquer, and tar. Type of Extinguisher: carbon Dioxide, Dry Powder, Halon

Answer 162

Fires involving Live electrical Equipment. | Type of Extinguisher: carbon Dioxide, Dry Powder, Halon

Answer 163

Combustible Metals or Combustible Metal Alloys. | Type of Extinguisher: Special Agents.

Answer 164

Fires in Cooking appliances that involve Combustible Cooking Media: Vegetable or Animal Oils, and Fats.

Answer 165

Sprinkler system effective on Class A (ordinary combustible) fires.

Answer 166

Sprinkler system effective on Class A (Ordinary combustible) fires Pipes do not have water in them until system is activated. Automatic Shut-off.

Answer 167

Pressurized Halon gas that removes oxygen from the air with no residue (Banned by the Montreal Protocol of 1987)

Answer 168

Colorless, orderless gaseous halo-carbon with no residue. Safe for Humans.

Answer 169

Mixture of argon and nitrogen gas. Although non-toxic, it can be dangerous for humans.

Answer 170

Pressurized gas - manual discharge required. Extremely dangerous to humans.