Domain 3. Security Architecture and Engineering

Question 1

CPU Register

Answer 1

A register is a temporary storage location located on the Central Processing Unit (CPU). It is used to store instruction sets. When a CPU executes an instruction set, it loads it from the register.

Question 2

Known-Plaintext Attack

Answer 2

A known-plaintext attack is an attack model for cryptanalysis where the attacker has samples of both the plaintext and its encrypted version.

Question 3

Secure defaults

Answer 3

Concept that products should have default settings that are intentionally secure.

This principle demands product and solution teams consider the security implications of weak “default” settings in their product or solution (e.g., passwords, algorithms, or controls) and instead utilize responsible default security settings, even if those increase the complexity of implementation or use.

Question 4

A Salt is BEST defined as what?

Answer 4

A random value that is added to existing data before being hashed

Question 5

Scytale, Vigenere, Caesar are types of what?

Answer 5

Ancient Ciphers

Question 6

El Gamal

Answer 6

El Gamal is an asymmetric public-key algorithm. It was derived from Diffie-Hellman principles but was expanded to support an entire public-key cryptosystem. The main drawback of El Gamal is performance. It also doubles the length of any message it encrypts.

Question 7

One-Time Pad

Answer 7

The only cryptography known to be impossible to crack.

One-Time pad requirements:

Keys must be genuinely random values
Keys can only be used one time
Keys must be exchanged securely
The sender and receiver must keep the keys secure
The key must be the same length as the message.

Question 8

Vernam Cipher

Answer 8

Another name for One-time Pad

The only cryptography known to be impossible to crack.

One-Time pad requirements:

Keys must be genuinely random values
Keys can only be used one time
Keys must be exchanged securely
The sender and receiver must keep the keys secure
The key must be the same length as the message.

Question 9

PGP - Symmetric or Asymmetric?

Answer 9

Symmetric

Question 10

Third-Party Audit vs. External Audit

Answer 10

External Audits are any audit performed by an outside auditing firm.

Third-Party Audit is an audit conducted on behalf of another firm.

Question 11

Abuse Case Testing

Answer 11

Subset of misuse case testing. Tests for intentional mis-use (as opposed to unintentional/accidental). Abuse case testing is a test to determine if a website, its hardware, software, and their interactions with one another have security vulnerabilities which could be used by attackers.

Question 12

Misuse Case Testing

Answer 12

When we test for a case of misuse, we are testing to ensure a common user misuse doesn’t exploit a vulnerability.

Question 13

What is Jack the Ripper

Answer 13

Psyche! Not a thing in CyberSecurity. JOHN the ripper is a password cracking tool. JACK the Ripper was a serial killer.

Question 14

Infection Monkey

Answer 14

Open Source Breach Attack Simulation program.

Question 15

Hydra

Answer 15

Password Cracking Tool

Question 16

Birthday Attack

Answer 16

Attacker attempts to substitute one message for another message that generates the exact same hash and/or signature.

birthday attack exploits a mathematical principle on probability. This is known as the mathematical birthday paradox. For example, consider the scenario where a teacher with 30 students asks for everybody’s birthday. The odds are small if the teacher picked a specific day (say, 5th of October) that at least one student was born on that particular day, it’s around 8%. However, the probability that at least one student has the same birthday as any other student is about 70%.

Question 17

Open System

Answer 17

Open Systems use agreed-upon insdustry standards.

Much easier to integrate multi-vendor solutions when industry standards are used.

i.e API, motherboard PCI connectors,

Question 18

Closed System

Answer 18

Closed systems and proprietary systems use proprietary hardware or software.

Question 19

Confinement (In context of running processes)

Answer 19

Another term for Sandboxing.

Confinement is used to restrict a process from interfering with the memory locations and resources of another process.

Question 20

Multithreading

Answer 20

Allows multiple instruction sets to run in parallel under a single process

A thread is an individual instruction set that must be worked on by the CPU. Threads can execute in parallel with other threads that are part of the same parent process. This is known as multithreading. Threads are dynamically built and destroyed by the parent process. A process is a program loaded in memory. Most modern applications take advantage of multithreading.

Question 21

Class A Combustible

Answer 21

Common combustibles, wood, paper.

Suppress with water, soda acid

Question 22

Class B Combustible

Answer 22

Liquids - oil, gas, fuel

Suppress with COs, halon, or other gas option, soda acid.

Question 23

Class C Combustible

Answer 23

Electrical

Suppress with CO2, halon, alternate gas option

Question 24

Class D Combustible

Answer 24

Metals such as magnesium.

Suppress with dry powder

Question 25

Class K Combustible

Answer 25

Cooking media - fats, grease, etc

Suppress with Alkaline mix.

Question 26

Work Level

Answer 26

Metric that defines the strength of encryption. Very strong encryption will have a high work level

Question 27

Common Criteria - Use and EAL levels

For Sure My Mother - So Sweet Forever

Answer 27

Common standard for evaluating technology products. Has 7 levels

EAL1-Functionally tested
EAL2-Structurally testeed
EAL3-Methodically tested, checked
EAL4-Methodically designed, tested, reviewed
EAL5-Semiformally designed and tested
EAL6-Semiformally verified designed, and tested
EAL7-Formally verified design, and tested

Question 28

TCP SYN Scan

Answer 28

AKA Half Open scanning

Scanner sends a SYN packet and waits for a SYN ACK packet - but the scanner doesn’t then respond with an ACK packet.

Question 29

Most common cause of a false positive in regards to water-based fire suppression

Answer 29

People

Question 30

TOC/TOU Attack

Answer 30

Time of check, time of use attack.

Sometimes called a “race condition”, occurs when an attacker exploits the gap in time that exists between the processing of different instructions in an ordered set to circumvent security controls.

Question 31

Multi processing

Answer 31

When CPUs are used in parallel, it is called multiprocessing. Multiprocessing is the parallel execution of instructions. If a computer has more than one CPU, they can be used in parallel to execute instructions. For example, a database server can use up to eight processors at the same time to improve performance for data queries.

Question 32

FM-200

Answer 32

Replacement for Halon as a fire suppressant.

uses HFC-227ea, leaves no residue, and does not require costly cleanup. FM-200 systems replace halon, which was banned in the US in 1994 as an environmental hazard.

Question 33

CPU Architecture - Ring 0

Answer 33

Kernel

Question 34

CPU Architecture - Ring 1

Answer 34

Operating System

Question 35

CPU Architecture - Ring 2

Answer 35

Drivers

Question 36

CPU Architecture - Ring 3

Answer 36

Applications

Question 37

ASLR - Address Space Layout Randomization

Answer 37

A Memory protection methodology that randomizes memory locations.

Question 38

Common Access Cards

Answer 38

Smart cards used by the U.S. government are known as common access cards (CACs).

Question 39

SCADA

Answer 39

Supervisory Control and Data Acquisition:

Controls multiple process, and can span large geographical areas.

Question 40

ICS

Answer 40

Industrial Control System

Question 41

DCS - Distributed System Controller

Answer 41

Distributed Control System:

Network of PLCs

Generally, DCS is process-specific and does not span large geographical areas.

Often integrated into other scada systems.

Question 42

PLC

Answer 42

Programmable Logic Controller:

PLCs are often networked and controlled by a supervisory computer.

Question 43

ALU - Arithmetic Logic Unit

Answer 43

Component of the CPU - “Brain” of the CPU.

The arithmetic logic unit (ALU) is a series of physical circuits that perform bitwise operations on binary numbers. The circuits are built using logic gates made from transistors.

Question 44

How many stages in a fire?

Answer 44

4

Incipient - triggers air ionization but has no smoke
Smoke - displays smoke
Flame - visible flames
Heat - heat buildup and burning of surrounding objects

Question 45

How many OS process states are there?

Answer 45

5:

Ready
Running
Waiting
Supervisory
Stopped

Question 46

Preferable Humidity range for Electronics

Answer 46

20%-80% (OSG)

40%-60% (Learnzapp)

Question 47

Trusted Computing Base

Answer 47

The trusted computing base is the total combination of protection mechanisms for a computer system, including hardware, software, and firmware.

The combination of hardware, software, and controls that form a trusted base that enforces your security policy.

Question 48

Tape Jukebox AKA Tape Library

Answer 48

A device that contains multiple backup tapes and rotates them automatically

Question 49

RAID 0

Answer 49

Striping

Question 50

RAID 1

Answer 50

Mirroring

Question 51

RAID 10

Answer 51

Mirror of stripes

Question 52

RAID 5

Answer 52

Striping with parity

Question 53

RAID 6

Answer 53

Striping with double parity

Question 54

Secondary Memory

Answer 54

Secondary memory, also called secondary storage, includes non-volatile storage such as a floppy disk, hard drive, or CD-ROM.

CISSP Certified Information Systems Security Professional Official Study Guide, 9th Edition. Pg 365-366.

Question 55

Primary Memory

Answer 55

(Also called Primary Storage in some questions I’ve taken)

Primary memory is the RAM the computer uses to keep necessary information readily available to CPU.

CISSP Certified Information Systems Security Professional Official Study Guide, 9th Edition. Pg 366.

Question 56

Reference Monitor

Answer 56

The reference monitor is an abstract machine that is used to implement security. The reference monitor’s job is to validate access to objects by authorized subjects. The reference monitor operates at the boundary between the trusted and untrusted realm. The reference monitor has three properties:

Cannot be bypassed and controls all access
Cannot be altered and is protected from modification or change
Can be verified and tested to be correct

Question 57

Security Kernel

Answer 57

reference monitor is a concept in which an abstract machine mediates all access to objects by subjects. The security kernel is the hardware, firmware, and software of a TCB that implements this concept.

CISSP Certified Information Systems Security Professional Official Study Guide, 9th Edition. Pg 324-325.

Question 58

S/MIME

Answer 58

Secure Multipurpose Internet Mail Extensions (S/MIME) is used to encrypt and digitally sign email. S/MIME uses the RSA encryption algorithm and has been incorporated into many commercial products.

Question 59

Multilevel Processing

Answer 59

A multilevel approach allows for the processing of data at different security levels. Information is allowed to flow between different access levels, provided the user has the proper clearance. Multilevel models are a category in the information-flow model.

Question 60

PASTA

Answer 60

7 stages

Process for Attack Simulation and Threat Analysis:

Seven stage threat modeling methodology. This is a risk-centric approach that aims at selecting countermeasures in relation to the value of the assets to be protected.

Question 61

SD3+C

Answer 61

Microsoft Security Development Cycle

Secure by Design

Secure by Default

Secure in Deployment and Communication

Question 62

STRIDE

Answer 62

Threat Categorization scheme developed by microsoft.

Question 63

Tape Librarian

Answer 63

The tape librarian generally has access to media storage facilities. They are responsible for check-in and check-out processes, keeping the storage facility locked, and sanitizing media when it’s returned for reuse.

Question 64

Zero-knowledge proof

Answer 64

A zero-knowledge proof allows one party to demonstrate knowledge of a secret without actually disclosing that secret to the other party. It is a method commonly applied in cryptography to validate passwords and keys (for example, validating an asymmetric private key through the use of a public key).

Question 65

TEMPEST

Answer 65

United States government standard for limiting electric or electromagnetic radiation emanations from electronic equipment

Question 66

Heartbeat Sensor

Answer 66

Mechanism attached to analog alarm system to periodically check in with the security/alarm company.