Domain 3 -- Security Architecture and Engineering Flashcards

Question

What are the three goals of memory management?

Answer 1

1. Provide an abstraction level for programmers 2. Maximize performance with the limited amout of memory available 3. Protect the operating system and applications loaded into memory

Answer 2

A DLL is a set of functions that applications can call upon to carry out differrent types of procedures

Answer 3

When RAM and secondary storage are combined, the result is virtual memory

Answer 4

1. Programmed IO - Polling 2. Interrupt driven I/O -- One character at a time to a printer 3. I/O using DMA (Direct memory access / AKA unmapped IO) 4. Premapped I/O - CPU sends device **_physical_** memory address and device is trusted to read it (scary) 5. Fully mapped I/O - OS works with devices via **logical** memory address. Device is not trusted with physical memory addresses.

Answer 5

The microarchitecture contains the things that make up the physical CPU (registers, logic gates, ALU, cache, etc.)

Answer 6

The most common instruction set today (x86) can be used within different microarchitectures (Intel, AMD, etc.) and with different operating systems (Windows, MacOS, Linux, etc.)

Answer 7

Application Programming Interface -- An API is the doorway to a protocol, operating service, process or DLL.

Answer 8

1. Monolithic -- all OS system processes run in kernel mode 2. Layered -- All OS system processes run in a herarchical model in kernel mode 3. Microkernel - Core OS processes run in kernel mode and the remaining ones run in user mode. 4. Hybrid microkernel - All OS processes run in kernel mode. Core processes run within a microkernel and others run in a client/server model.

Answer 9

A security policy is a strategic tool that dictates how sensitive information and resources are to be managed and protected.

Answer 10

The TCB is a collection of HW, SW and firmware coponents within a system that provides some type of security and enforces the systems's security policy

Answer 11

A security perimeter is a boundary that divides the trusted from the untrusted

Answer 12

No -- the TCB and Security Perimeter are conceptual constructs to delineate between trusted and untrusted components and how they communicate

Answer 13

The reference monitor is an abstract machine that mediates all access subjects have to objects.

Answer 14

The security kernel is made up of hardware, software and firmware coponents that fall within the TCB, and it implements and enforces the reference monitor concept.

Answer 15

1. It must provide isolation for the processes carrying out the reference monitor concept and it must be tamperproof 2. It must be invoked for every access attempt and must be impossible to circumvent. Thus, the security kernel must be implemented in a complete and foolproof way. 3. It must be small enough to be tested and verified in a complete and comprehensive manner

Answer 16

* The Reference Monitor is a concept in which an abstract machine mediates all access to objects by subjects * The Security Kernel is the hardware, software and firmware of the TCB that implements this concept * The TCB is the totality of protection mechanisms within a computer system that work together to enforce security policy

Answer 17

Multilevel security policies prevent information from flowing from a high security level to a lower security level.

Answer 18

* It's a multi-level security policy * It only deals with Confidentiality

Answer 19

1. Simple Security Rule - A subject at a given security level cannot read data that rsides at a higher security level (No read up) 2. \*-property (star property) rule - A subject in a given security level cannot write information to a lower security level (No write down) 3. Strong star property rule - a subject who has read and write capabilities can only perform both of those functions at the same security level. So, for a subject to be able to read and write to an object, its clearance and the objects clearance must be equal.

Answer 20

1. \*-integrity axiom - A subject cannot write data to an object at a higher integrity level (no write up) 2. Simple integrity axiom - A subject cannot read data from a lower integrity level (no read down). 3. Invocation property - A subject cannot request service (invoke) at a higher integrity

Answer 21

* Both have simple rules * Both have \* rules * If the word Simple is used, it's with respect to reading * If the rule uses \*, it's about writing

Answer 22

* Users - active agents * Transformation procedures (TP's) * Constrained data items (CDI's) * Unconstrained data items (UDI's) * Integrity Verification Procedures (IVP's)

Answer 23

**Well formed transactions** - these are a series of operations that transform a data item from one consistent state to another.

Answer 24

* Data is separated into CDI (secure and worthy of protection) and UDI (less critical) * Users can't modify CDI directly. They must use Transformation Procedures to modify the data on behalf of the user * The IVP ensures that all critical data manipulation follows the application defined integrity rules * The Clark-Wilson model enforces the "access triple" 1. Subject (user) 2. Program (TP) 3. Object (CDI)

Answer 25

* A non-interference model ensures that any actions that take place at a higher level of security do not affect or interfere with actions that take place at a lower level * It is concerned about what a subject knows about the state of the system * It is designed to prevent data leakage. If an entity at a higher security level performs an action, it cannot change the state for an entity at a lower security level.

Answer 26

* The model allows for dynamically changing access controls that protect against conflicts of interest * The Brewer and Nash model states that a subject can write to an object if, and only if, the subject cannot read another object that is in a different dataset * Its main goal is to protect against conflicts of interest by users' access attempts (example -- stock broker having access to earnings report) * It is also known as the Chinese Wall model

Answer 27

* How to securely create an object * How to securely create a subject * How to securely delete an object * How to securely delete a subject * How to securely provide the read access right * How to securely provide grant the access right * How to securely provide the delete access right * How to securely provide transfer access rights

Answer 28

The Harrison-Ruzzo-Ullman model deals with access rights of subjects and the integrity of those rights A subject can carry out only a finite set of operations on an object. Gist -- If there is a complex operation required (Steps A-F, for example) and one of those commands is not authorized, then the whole operation fails. Think transaction integrity

Answer 29

ISO/IEC 15408 These are Common Criteria for the evaluation of the security level of a system

Answer 30

* EAL1 - Functionally tested * EAL2 - Structurally tested * EAL3 - Methodically tested and checked * EAL4 - Methodically designed, tested and reviewed * EAL5 - Semiformally designed and tested * EAL6 - Semiformally verified design and tested * EAL7 - Formally verified design and tested

Answer 31

It means that it's based on a model that can be mathematically proven

Answer 32

Protection profiles (pp)

Answer 33

1. Security Problem Description 2. Security Objectives 3. Security Requirements

Answer 34

* It only means it has the potential of providing the specified level of protection. It must be properly configured to actually provide the desired level of protection * It is up to the customer to keep the software properly configured at all times. * The level of protection is a point in time snapshot. The next version of the software could have a lower level of protection

Answer 35

* ISO/IEC 15408-1 Introduction and General model * ISO/IEC 15408-2 Security Functional Components * ISO/IEC 15408-3 Security Assurance Components

Answer 36

* Certification is the comprehensive technical evaluation of the security components and their compliance for the purpose of accredition * The goal of the certification process is to ensure that a system, product, or network is right for the customer's purposes * Accreditation is the formal acceptance of the adequacy of a system's overall security and functionality by management. * Following examination of the certifaction information, Management makes a formal accreditation statement

Answer 37

* Open Systems are based on standards, protocols and interfaces that have published specifications * Closed systems use an architecture that does not follow industry standards

Answer 38

1. SaaS - e.g. Salesforce.com 2. PaaS = e.g. Web server 3. IaaS - User responsible for configuring the infrastructure

Answer 39

* Bit level parallelism - multiple bits are processed in parallel * Instruction level parallelism - Two or more program instructions can be executed simultaneously (requires two or more processors) * Task level parallelism (breaking down a large problem, such as weather forecasting, into multiple tasks that can be executed in parallel. * Data parallelism - describes the distribution of data among different nodes that then process it in parallel.

Answer 40

1. Aggregation - puts together pieces of information available to get a view of secret information 2. Inference - the ability to derive information not explicitly available. It's the goal of aggregation

Answer 41

Context based access control means that the software "understands" what actions should be allowed based on the state and sequence of the request. What else was the user doing? What did he just attempt to do previously? What hours of the day are these access requests being made, etc.?

Answer 42

Content dependent access control is simple. Does the user have access to the resource or not? Context dependent access control must know if the user has access to a resource, what other resources did he just ask to see? What time of day is it. What sequence of events is taking place, etc/

Answer 43

1. Context based access control - knowing context of the user's request before granting access 2. Cell suppression - hide specific cells that could be used in inference attacks 3. Partitioning the database - Not having all the info in one place to make it tougher to connect the dots 4. Noise and Perturbation - intentionally inserting bogus information to misdirect the attacker and confusing them enough so that the actual attack will not be fruitful

Answer 44

1. Analyze website architecture and keep it as simple and straightforward as possible 2. Assume all user input is potentially dangerous and must be sanitized before being processed 3. All output generated by the system should be filtered to ensure private/sensitive data is not being disclosed 4. Make sure that the system fails securely 5. Web application firewalls -- these inspect traffic into/out of the web site to filter malicious content. Added layer of security.

Answer 45

* False base stations can be created * Confidential data can be stolen * Camera and microphone functionality can be used improperly * Internet sites can be accessed in violation of company policies * Malicious code can be downloaded * Encryption can be weak and not end to end

Answer 46

1. Only allow centrally managed devices to access corporate resources 2. Remote policies should be pushed to each device and user profiles should be encrypted with no local options for modification 3. Data encryption, idle timeout locks, screen saver lockouts, authentication, and remote wipe should be enabled 4. Bluetooth should be locked down, only allowed apps should be installed and social media sites should be restricted 5. Endpoint security should expand to mobile endpoints 6. 802.1X should be implemented on wireless VoIP clients on mobile devices

Answer 47

Any system in which computers and phsical devices collaborate via the exchange of inputs and outputs to accomplish a task or objective is a cyber physical system Examples: 1. Embedded systems 2. Internet of things

Answer 48

1. Authentication (usually it's poor if it exists at all) 2. Encryption - since cryptography requires a lot of processing and memory, in many cases data at rest and in motion can be vulnerable 3. Updates - many vendors do not provide functionality to automatically update the software/firmware when patches are available

Answer 49

Industrial Control Systems

Answer 50

1. Programmable Logic Controllers (PLCs) - are computers designed to control electromechanical processes such as assembly lines, elevators, roller coasters and nuclear centrifuges. Typically communicate via RS-232 2. Distributed Control Systems (DCS) - Think hierarchy. At bottom are the devices to be controlled (e.g. hammers). Next level up are the PLC's. Next level up from PLCs are Distributed Control systems that are supervisory computers that control, for example, an assembly line. DCS typically work within the context of a single plant 3. Supervisory Control and Data Acquisition (SCADA) -- Essentially DCS across long distances. DCS could control a power plant. A SCADA system would control distribution of generated power across a power grid.

Answer 51

Remote Terminal Unit (RTU) - endpoint that connects to sensors and actuators Data Acquisition Servers (DAS) - backends that receive data from RTU's via telemetry system and perform processing Human Machine Interface (HMI) - User Station

Answer 52

The single greatest threat to ICS security is the connectivity of these once-private networks to traditional IT networks

Answer 53

1. Apply risk management process to ICS 2. Segment the network to place IDS/IPS at the subnet boundaries 3. Disable unneeded ports and services on all ICS devices 4. Implement least privilege through the ICS 5. Use encryption wherever feasible 6. Ensure there is a process for patch management 7. Monitor audit trails regularly

Answer 54

6 defects per 1000 LOC.

Answer 55

Maintenance hooks are commands that only a developer knows that gives him/her easy access to the code They should be removed before the software goes into production

Answer 56

No because: 1. Developers are not necessarily security minded 2. Enterprises are still running old software that may still have maintenance hooks.

Answer 57

1. Use a host base IDS to watch for attackers using back doors to access the system 2. Use file system encryption to protect sensitive information 3. Implement auditing to detect any type of back door use

Answer 58

The main concept is that it may be possible for an attacker to get "in the middle" of the sequence of instructions that are to be performed. Example, Process 1 may check to see of Bob has access to a non-critical text file. However, before the file is opened, the attacker may change out the non-critical file with the password file and thus Bob would gain access to the password file. This type of attack is also known as an asynchronous attack.

Answer 59

A race condition is when two different processes need to carry out their tasks on one resource and they must be performed in a certain order. However, if process 2 can be manipulated to happen before process 1, it could generate incorrect results. Example: If you are supposed to add 3 (process 1) and divide by 15 (process 2) and these processes happen out of order, they would generate the different results.

Answer 60

1. Use atomic operations (don't break up authorization and authorization) 2. Apply software locks when carrying out its checking tasks

Answer 61

A cipher where each character is replaced with another character

Answer 62

When paper (or papyrus) is wrapped around a piece of wood it is readable, but otherwise not.

Answer 63

He created cipher text by shifting each character 3 positions forward in the alphabet.

Answer 64

A system or product that provides encryption and decryption.

Answer 65

An algorithm

Answer 66

1. Software 2. Protocols 3. Algorithms 4. Keys

Answer 67

Kerckhoff argued that the only secret in cyptography should be the key. That way lots of people know how it works and can make it better. Not everyone agrees with this point of view.

Answer 68

1. The algorithm 2. The secrecy of the key 3. The initialization vectors 4. How they all work together

Answer 69

Work factor (i.e. how much work is required to break the system)

Answer 70

A one-time pad is a perfect encryption scheme because it is considered unbreakable if implemented properly. Another name for a one-time pad is the Vernam cipher.

Answer 71

1. Convert the message to binary 2. Create a random one-time pad of 1's and 0's with as many bits as the plain text message 3. To create cyphertext, XOR the plaintext binary wtih the onetime pad, bit by bit 4. To decrypt it, also XOR the the ciphertext with the one-time pad

Answer 72

1. The pad must be used only one time 2. The pad must be as long as the message 3. The pad must be securely distributed 4. The pad must be secured at sender and receiver's sites 5. The pad must be made up of truly random values

Answer 73

Each side has the same bookshelf of books 1st book: 49th page 6th line 7th column The four parameters above give you the first character. Then, etc.

Answer 74

Example -- You get a message, but the real message is to only read every third word. A concealment cipher is an example of steganography.

Answer 75

Steganography is a method of hiding data in another media type so the very existence of the data is concealed. Example is to conceal a message in a jpeg file.

Answer 76

1. Carrier - a signal, data stream or file that has hidden information in it 2. Stegomedium - the medium in which the information is hidden 3. Payload -- the information that is to be concealed and transmitted

Answer 77

Least Significant Bit (LSB)

Answer 78

A substitution cipher replaces bits, characters or blocks of characters with different bits, characters, or blocks.

Answer 79

A transposition cipher does not replace the original text with different text, but rather moves the original values around. It rearranges the bits, characters or blocks of characters to hide the original meaning.

Answer 80

Substitution

Answer 81

Frequency analysis is looking at how often certain patters recur in order to break the code. In English, the letter e is the most common, so once you know the cipher text for e you can go on to the next step.

Answer 82

Ker Derivation Functions (KDF's) are used to generate keys that are made up of random values.

Answer 83

It's where sender and receiver use two instances of the same key

Answer 84

* Much faster than asymmetric systems * Hard to break if done with a large key size

Answer 85

* Requires a secure mechanism to deliver keys properly * Each pair of users needs a unique key, so as the number of individuals increases, so does the number of keys, making key management overwhelming * Provides confidentiality, but not authenticity or non-repudiation

Answer 86

1. DES 2. Triple-DES 3. Blowfish 4. International Data Encryption Algorithm (IDEA) 5. RC4, RC5, RC6 6. Advances Encryption Standard (AES)

Answer 87

Asymmetric cryptography uses two different keys for encryption and decryption. Both keys are mathematically related.

Answer 88

Secure message format is encrypting the file with the receivers public key. That way only the receiver can decrypt it. This ensures confidentiality

Answer 89

The sender would use his/her private key, because it is known only to the sender and would prove that the message came from the sending

Answer 90

Open message format means the sender encrypts the message with his/her private key. Authenticity is ensured, but not confidentiality because anyone with the sender's public key could decrypt it.

Answer 91

Public Key Cryptography

Answer 92

* Better key distribution than symmetric systems * Better scalability than symmetric systems * Can provide authentication and non-repudiation

Answer 93

* It's much slower than symmetric key cryptography * Mathematically intensive tasks

Answer 94

* Rivest-Shamir-Adelman (RSA) * Elliptic curve cryptosystem (ECC) * Diffie-Hellman * El Gamal * Digital Signature Algorithm (DSA)

Answer 95

1. Message is divided into fixed-length blocks 2. An encryption algorithm is run against each of the blocks

Answer 96

Confusion pertains to making the relationship between the key and resulting ciphertext as complex as possible so the key cannot be uncovered from the ciphertext.

Answer 97

Diffusion means that a single plaintext bit has influence over several of the ciphertext bits. Thus, changing a plaintext value should change many ciphertext values, not just one.

Answer 98

The avalanche effect means that a small change in the plaintext will make a big change in the ciphertext. The avalanche effect is basically the same thing as diffusion.

Answer 99

Whereas a block cipher breaks a message down into blocks of fixed length, a stream cipher treats a message as a stream of bits and performs functions on each bit individually.

Answer 100

1. Easy to implement in hardware 2. Long periods of no repeating patters within keystream values 3. A keystream is not linearly related to a key (if a person figures out the keystream value, they still don't have the key 4. A statistically unbiased keystream (as many zeroes as ones)

Answer 101

Block ciphers are considered more secure

Answer 102

Stream based data tends to use stream ciphers. Things like: VOIP Multimedia

Answer 103

1. Compression - reduce redundancy before plaintext is encrypted 2. Expansion - expanding the plaintext by duplicating values. This is done to increase the plaintext size to map to key sizes 3. Padding -- Adding material to plaintext data before it is encrypted 4. Key mixing -- using a portion (subkey) of a key to limit the exposure of the key. Key schedules are used to generate subkeys from master keys

Answer 104

1. Secret key cryptography 2. Session key cryptography 3. Private key cryptography (unfortunate because asym crypt also uses this term in a different way 4. Shared-key cryptography

Answer 105

DEA is the algorithm that fulfills DES, which is just a standard. Exam could refer to either one.

Answer 106

* DES is a symmetric block encryption algorithm * 64 bit blocks of plaintext go in and 64-bit blocks of ciphertext come out * Symmetric algorithm * 64-bit key * 56 bits for the true key * 8 bits for parity * Blocks are operated on one at a time * Blocks are put through 16 rounds of transposition and substitution functions * The order and type of transposition depend on the key value

Answer 107

Not necessarily. If people are using session keys, then the key was only good for a single session and the attacker would have to break another key for a second session. So, if you are a bank or a military, you probably wouldn't ever use an encryption methodology that has been broken. If your messages are less critical, you might.

Answer 108

1. Electronic Code Book (ECB) 2. Cipher Block Chaining (CBC) 3. Cipher Feedback (CFB) 4. Output Feedback (OFB) 5. Counter (CTR)

Answer 109

ECB mode operates like a code book. * A 64-bit data block is entered into the algorithm along with a key and a block of ciphertext is produced * For a given block of plaintext and given key, it will always produce the same ciphertext * It uses padding when messages don't fit neatly into 64-bit blocks

Answer 110

* Each block is encrypted with the exact same key * If an attacker uncovers the key, he would be able to decrypt all blocks of data encrypted with that key. * Or an attacker could gather the ciphertext and plaintext of each block and build the code book that was used without needing the key * The crux of the problem is that there is not enough randomness * If it is used to encrypt large amounts of data it would be easier to crack than small amounts of data. * Then why use it? It's the fastest and is useful for small amounts of data like PINs, challenge/response values in authenticaion processes

Answer 111

1. Operations can be run in parallel, which decreases processing time 2. Errors are contained. If an error takes placed during th encryption procss, it only affects one block of data 3. It is only usable for the encryption of short messages 4. It cannot carry out preprocessing functions before recieving plaintext.

Answer 112

* Cipher block chaining mode does not revel a pattern because for the next block of text the algorithm uses: * the key * the value based on the previous block are used. * See Figure 3-40 * The algorithm uses an initialization vector for the first block since it doesn't have a previous block to feed in to the algorithm

Answer 113

* CFB works on 8-bit blocks * It is a combination of a block cipher and a stream cipher * For the first block of 8-bits it is necessary to use an IV * First 8-bit block is XORed with bits generated by keystream generator * Two things happen with the resulting 8-bit block of ciphertext 1. One copy goes over the wire to destination 2. One copy is used to encrypt the next 8-bit block of data

Answer 114

It's very similar to CFB mode except, instead of feeding the Ciphertext into the algorithm for the subsequent block, OFB mode feeds the Keystream (output) from the previous stage into the algorithm of the subsequent stage. This makes OFB mode more tolerant of single bit errors throughout the full encryption process

Answer 115

* Counter mode is very similar to OFB mode, except instead of using a randomly unique IV to generate the keystream values, it uses an IV counter that increments for each plaintext block that needs to be encrypted. * The IV counter increments for each block to be encrypted * There is no chaining involved. * Encryption of different blocks can happen in parallel * Same with decryption * Used in protocols where blocks may arrive out of order * CTR is much faster because of parallelization

Answer 116

* Synchronous systems use keystreams to encrypt plaintext one bit at a time * Asynchronous cryptosystems use previously generated output to encrypt the current plaintext values * A stream algorithm is considered synchronous * A block algorithm that uses chaining is considered asynchronous

Answer 117

* Triple DES was meant to be a stop gap between DES and AES * 3DES uses 48 rounds in its computation * 3DES can take up to 3X longer to encrypt/descrypt

Answer 118

* DES-EEE3 - uses 3 different keys for encryption. The data is Encrypted, Encrypted, Encrypted * DES-EDE3 - uses 3 different keys for encryption. The data is Encrypted, Decrypted, Encrypted * DES-EEE2 - Same as DES-EEE3, but only uses two keys. The first and third encryption process use the same key * DES-EDE2 - Same as DES-EDE3, but only uses two keys. The first and third encryption process use the same key

Answer 119

* AES uses the Rijndael algorithm * It supports 128, 192 and 256 bit block sizes * If key and block size are 128 bits, there are 10 rounds * If key and block size are 192 bits, there are 12 rounds * If key and block size are 256 bits, there are 14 rounds

Answer 120

* IDEA is a block cipher * Operates on 64 bit blocks * Key is 128 bits long * IDEA is faster than DES when implemented in software * Has different modes similar to the DES modes * Harder to break than DES because key is longer * IDEA is used in PGP and other encryption software * It is patented, so limited use * No successful practical attacks against the algorithm

Answer 121

* Block cipher * Works on 64 bit blocks * Key Length can be 32 bits up to 448 bits * 16 rounds of cyptographic functions * Is in the public domain

Answer 122

* **RC4** is one of the most commonly implemented **stream** ciphers * Variable key size * Is used in SSL * Was a trade secret of RSA Data Security * Sometimes referred to as ARC4 because RC4 is trademarked * Simple, fast, efficient * Vulerable to modification attacks

Answer 123

* RC5 is a block cipher * Developed by Ron Rivest * Parameters used to determine * block size (32-bit, 64-bit, 128-bit) * key length (up to 2048 bits) * number of rounds used (up to 255)

Answer 124

* Block Cipher * Very similar to RC5 * Modifications to RC6 to increase speed * Was a candidate for AES, but was not chosen

Answer 125

1. Symmetric key cryptography only provides confidentiality, not authentication or non-repudiation 2. As the number of people who need to communicate increases, so does the number of symmetric keys required, meaning more keys must be managed 3. Secure Key Distribution - Symmetric key must be delievered to its destination via a secure courier.

Answer 126

* It provides key agreement, not key exchange * Enables two systems to generate a symmetric key securely without having a previous relationship or prior arrangements * DOES NOT Provides encryption * DOES NOT provide digital signature * Based on the difficulty of calculating discrete logarithms in a finite field * Susceptible to man in the middle attacks

Answer 127

* Tanya and Erika both generate a public and private key pair * They exchange public keys * Tanya's software takes her private key and Erika's public key and generates a symmetric key * Erika takes her private key and Tanya's public key and generates the same symmetric key * Now they can use the same symmetric key to communicate securely

Answer 128

Make sure authentication takes place before accepting someone's public key

Answer 129

* Public Key Cryptography uses an asymmetric algorithm * Public Key Infrastructure is not an algorithm, protocol or application -- It is an infrastructure based on public key cryptography

Answer 130

* RSA stands for Rivest-Shamir-Adleman * It's a public key algorithm * It's the most popular asymmetric algorithm * Worldwide de facto standard * Provides authentication & encryption * Security is based on the difficulty of factoring large numbers into their original prime numbers * Advantage of RSA is that it provides encryption and signature verification

Answer 131

* A one-way function is a mathematical function that is easier to compute in one direction than the other direction * RSA one way function is to multiply two large prime numbers * Multiplying these numbers is much easier than factoring the product to recover the initial large prime numbers * With RSA, encrypting with the public key is the one-way function * The private key is the "trap door" that contains information to decrypt the message securely

Answer 132

Work factor is the amount of time and resources needed to break an encryption method

Answer 133

* El Gamal is a public key algorithm * Can be used for digital signatures * Can be used for encryption * Can be used for key exchange * Based on the difficulty of calculating discrete logarithms in a finite field * El Gamal is an extension of Diffie Hellman * Main drawback is performance. It's usually the slowest

Answer 134

* Provides much the same functionality as RSA: * Digital signatures * Secure Key distribution * Encryption * More efficient than RSA or any other asymmetric algorithm * Security comes from the difficulty of calculating discrete logarithms along an elliptical curve * Since it's more efficient, it is used in wireless and cell phones * ECC can provide the same level of security as RSA, but with smaller keys

Answer 135

* It was based on the knapsack problem: * if you have several different items, each with its own weight, can you add them to a knapsack so the knapack has a specific weight? * Knapsack is now considered insecure

Answer 136

* It's used in public key cryptography * If Irene sends you a message that she encrypted with her private key and you can verify that she sent it by decrypting it with her public key * Irene thus "proves" to you that she has her private key, but she never gives or shows you her private key. * Only the owner of the private key can truly prove that she has possession of the private key.

Answer 137

They only protect against unintentional modifications, not intentional ones.

Answer 138

* A one-way hash is a function that takes a variable length string and produces a fixed length hash value. * The sender appends the hash value to the message * When the receiver receives the message, he recomputes the hash value and checks to make sure that it matches the one sent with the message * If the hash values match, then the message should be secure. * Hashing takes place without any keys * Weakness -- If the message is intercepted someone can create a new message, create a new hash and send it to the receiver. The hash values will match, but it will be a message from an attacker

Answer 139

MAC stands for Message Authentication Code A MAC function is an authentication scheme derived by applying a secret key to a message in some form. The three basic types of MAC functions are: * HMAC * CBC-MAC * CMAC

Answer 140

1. The sender concatenates a symmetric key with the message 2. The result is put through a hashing algorithm 3. A MAC value is generated 4. The MAC value is appended to the message 5. The sender sends the message to the receiver (message + MAC value) 6. The receiver concatenates symmetric key to message 7. Receiver puts the message + symm key through hashing algorithm to generate MAC value 8. If the the MAC values match, then the message has not been modified Note - the key is not used for encryption.

Answer 141

Cipher Block Chaining Message Authentication Code

Answer 142

* Message is encrypted with symmetric block cipher in CBC mode * The output of the final block of ciphertext is used as the MAC * Sender sends the plaintext message with the MAC attached to it * Receiver receives the plaintext message + MAC * Receiver encrypts the message with the same block cipher * If the new MAC value matches the one sent with the message, then the message has not been altered

Answer 143

Message Authentication Codes (MAC's) provide data origin authentication (aka system authentication), but not user authentication. The reason for this is that symmetric keys are bound to a computer or device Only private keys are bound to a user

Answer 144

CMAC stands for Cipher-based Message Authentication Code * It provides the same data origin authentication and integrity as CBC-MAC * It is a variation of CBC-MAC * It's more mathematically secure * Symmetric keys are used to create subkeys * Subkeys are used to individually encrypt each of the blocks * Other than that, it's the same as CBC-MAC

Answer 145

* CCM combines CTR mode and CBC-MAC. * The goal is to provide both data origin authentication and encryption through the use of the same key * One key value is used for the counter values in CTR mode encyption and the IV value for CBC-MAC operations. * IEEE 802.11i wireless standard outlines the use of CCM mode for the block cipher AES

Answer 146

fingerprint

Answer 147

* The hash should be computed over the entire message * The hash should be a one-way function so messages are not disclosed by their values * Given a message and its hash value, computing another message with the same hash value should be impossible * The function should be resistant to birthday attacks

Answer 148

* MD4 is a one-way hash function designed by Ron Rivest * It produces a 128-bit digest value * It is no longer considered secure

Answer 149

* It's the follow-on to MD4 * More complex algorithm / harder to break * It produces a 128-bit hash * MD5 is subject to collision attacks

Answer 150

* SHA produces a 160 bit hash value (aka message digest) * The hash is then inputted into an asymmetric algorithm which computes a signature for a message * There are multiple versions of SHA (known as SHA-2 and SHA-3 families) * SHA-256 * SHA-384 * SHA-512

Answer 151

A collision

Answer 152

* How many people must be in the same room for the chance to be greater than even that another person has the same birthday as you? Answer: 253 * How many people must be in the room for the chance to be greater than even that at least two people share the same birthday? Answer: 23 * In a birthday attack, you have the original message and you tweak it to your advantage and keep changing it until the message digests match.

Answer 153

* Public Key infrastructure consists of programs, data formats, procedures, communication protocols, security policies and public key cryptographic mechanisms working in a comprehensive manner to enable a wide range of dispersed people to communicate in a secure and predictable fashion. * In other words, PKI establishes a level of trust in the organization

Answer 154

* A CA is a trusted organization (or server) that maintains and issues digital certificates. * Could be at a company * Could be something like Verisign * A CA is a component of PKI

Answer 155

A man in the middle attack

Answer 156

When two private CA's each trust the other in order for two separate organizations to be able to communicate securely

Answer 157

A CRL is a list of certs that have been revoked. The CRL is maintained by the CA.

Answer 158

* It's an improvement over the CRL approach * When OCSP is implemented, it checks the CRL in the background as part of the protocol * Thus, the CRL is checked every time and we are not risking trusting entities with certs that have been revoked for one reason or another

Answer 159

* A certificate is the mechanism used to associate a public key with a collection of components in a manner that is sufficient to uniquely identify the claimed owner. * The cert includes a serial number, version number, identity information, algorithm information, lifetime dates and the signature of the issuing authority.

Answer 160

The RA performs the certificate registration duties

Answer 161

* Certification Authority * Registration Authority * Certificate Repository * Certificate Revocation System * Key backup and recovery system * Automatic key update * Management of Key Histories * Timestamping * Client-side software

Answer 162

* Confidentiality * Access Control * Integrity * Authentication * Non-repudiation

Answer 163

* Confidentiality * Integrity * Authentication * Authorization * Non-repudiation

Answer 164

A digital signature is a hash value that has been encrypted with the sender's private key

Answer 165

* authentication * non-repudiation * integrity

Answer 166

* DSA stands for Digital Signature Algorithm * It can only be used for Digital signatures * DSA is slower than RSA for signature verification

Answer 167

Key management

Answer 168

* Key length should be long enough to provide the necessary level of protection * Keys should be stored and transmitted by secure means * Keys should be extremely random and the algorithm should use the full spectrum of the keyspace * The key's lifetime should correspond to the sensitivity of the data it's protecting. More sensitive data, shorter key lifetime * The more the key is used, the shorter it's lifetime should be * Key should be backed up or escrowed in case of emergencies * Keys should be properly destroyed when they are no longer in use

Answer 169

* Key escrow is a process or entity that can recover lost or corrupted cryptographic keys. * When two or more parties are needed to reconstruct a key for recovery, the process is known as multi-party key recovery

Answer 170

The Trusted Platform Module is a microchip that is installed on the motherboard of modern computers and is dedicated to carrying out security functions related to the storage and processing of symmetric and asymmetric keys, hashes and digital certificates.

Answer 171

1. **Binding a hardrive to a specific computer.** The TPM contains a key and the contents are encrypted by the key in the TPM. If the hard disk is removed, it can't be read. 2. **Sealing a systems state** to a particular HW/SW configuration. It protects against tampering with system configuration. This is accomplished by the TPM generating hash values based on system configuration settings

Answer 172

1. Persistent Memory * Includes Endorsement Key (EK). Public/Private key pair that is installed on the TPM at the time of manufacture. Private key always remains in the TPM 2. Storage Root Key (SRK) * The master wrapping key used to secure the keys stored in the TPM

Answer 173

Versatile Memory. 1. Attestation Identity Key (AIK). Used for the attestation f the TPM chip itself to service providers. The AIK ensures the integrity of the EK 2. Platform Configuration Registers - Used to store cryptographic hashes of data used for TPM's "sealing" functionality 3. Storage keys. Used to encrypt storage media of the computer system

Answer 174

Digital Rights Management (DRM) refers to a set of technologies that is applied to controlling access to copyrighted data

Answer 175

No. Digital Rights Management doesn't necessarily mean a technology designed exclusively for DRM. It could be standard security technology. Example - standard user authentication and authorization

Answer 176

It won't work if the device does not have internet connectivity

Answer 177

Product Keys

Answer 178

If you use Product keys, then the attacker has the Key and the executable code of the algorithm that uses it. The attacker could reverse engineer the algorithm and create a key generator. The countermeasure for this is to require a one-time activation of the key before it will work.

Answer 179

Digital watermarks are an approach to DRM. Digital watermarks are steganographically embedded into the file and can document details such as the owner, the licensee and data of purchase. They can't prevent someone from illegally copying the file, but they can be used to track, identify and prosecute the perpetrator.

Answer 180

1. Eavesdropping 2. Sniffing data Since they are hard to detect, the approach is to prevent them from happening in the first place.

Answer 181

1. Altering messages 2. modifying system files 3. masquerading as another individual

Answer 182

1. Key 2. Algorithm 3. Implementation 4. Data 5. People

Answer 183

* In this attack, the attacker has the cyphertext of several messages * Each of the messages has been encrypted with the same encrypted algorithm * Attackers goal is to discover the key used in the encryption process * Once the key is known, attacker can decrypt all of the other messages encrypted with the same key

Answer 184

* It's where the attacker has the plaintext and the corrresponding ciphertext of one or more messages * Goal is to uncover the key so other messages can be deciphered and read * The US used a known plaintext attack against the Germans and Japanese in WWII.

Answer 185

* A chosen plaintext attack is where the attacker has the plaintext and ciphertext, but can choose the plaintext that gets encrypted to see the corresponding ciphertext. * Example is that an attacker has been sniffing. * Attacker creates a message they they believe will get forwarded. Since the attacker created the plaintext, they know it and when they sniff the corresponding ciphertext, they have two pieces of the puzzle to use to determine the key

Answer 186

* It's where the attacker can choose the ciphertext to be decrypted and has access to the resulting plaintext. * Goal is to figure out the key * It's a hard attack to make because the attacker may have to take control of a system to carry out the attack.

Answer 187

It's where the user starts with a certain type of attack and after they begin to gather puzzle pieces they may adapt their method and begin to use a different type of attack, to continue the attack.

Answer 188

* It's goal is to uncover the key * Attacker looks at ciphertext pairs generated by encryption of plaintext pairs with specific, intentional differences * Attacker analyzes the effect of those differences * In 1990 a differrential cryptanalysis attack was invented against DES and it was effective against it, as well as other block algorithms * It is considered a type of chosen plaintext attack

Answer 189

* it performs functions to determine the highest probability that a specific key was employed during the the encryption process using a block algorithm * It uses probability of different keys producing the ciphertext at various S-Boxes in the process

Answer 190

* A side channel attack doesn't depend on trying to mathematically determine the key. * Instead, it looks around the cryptosystem and its attributes and characteristics * Examples: Measuring power consumption, radiation emissions, the amount of time needed for certain computations * In 1995, RSA private keys were uncovered by measuring the relative time cryptographic operations took.

Answer 191

* A replay attack is where an attacker captures some type of data and resubmits it with the hopes of fooling the receiving device into thinking it is legitimate information. * It is often that the data captured is authentication information and the attacker is trying to authenticate himself as someone else.

Answer 192

1. Timestamps 2. Sequence numbers

Answer 193

An algebraic attack is when the attacker analyzes the vulnerabilities in the mathematics used within the algorithm and exploit the intrinsic algebraic structure. For exaple, attacks on the textbook version of the RSA cryptosystem exploit the properties of the algorithm, such as the fact that the encryption of a raw "0" message is "0."

Answer 194

An analytic attack identifies an algorithm's structural weakness or flows as opposed to a brute force attack, which exhausts all possibilitites. Examples: 1. Double DES attack 2. RSA factoring attack

Answer 195

Statistical attacks identify statistical weaknesses in algorithm design and exploit them. Example - if statistical patterns are observed between the number of ones and the number of zeroes in a random number generator. If the keys are taken directly from the RNG, then that information could be used to reduce the search time for the keys

Answer 196

Goal of these attacks is to trick people into giving their sensitive information. Examples: * Attacker convinces victim that he is a sysadmin * Attacker uses persuasion * Coercion * Bribery

Answer 197

It's a mathematical analysis technique used to attack the problem from both sides Forward map from one side Inverse map from the other side at the same time Works by: * Encrypting from one end * Decrypting from the other end at the same time * Thus, meet in the middle

Answer 198

* Natural environmental threats -- floods, earthquakes, etc. * Supply system threats -- Power disruption, communication disruptions, water, gas, etc. * Manmade threats - Unauthorized access (internal and external) * Politically motivated threats

Answer 199

It's the idea that human life is the top priority. You could bar a door shut to keep out intruders, but if that prevents people from escaping in the event of a fire, it's a bad idea.

Answer 200

Physical security is a combination of people, processes, procedures, technology and equipment to protect resources.

Answer 201

Collusion is where two or more people work together to carry out fraudulent activity

Answer 202

* Crime and disruption prevention through deterrence (fences, security guards, etc.) * Reduction of damage through the use of delaying mechanisms (locks, security personnel, barriers * Crime or disuption prevention - smoke detectors, motion detectors, CCTV, etc. * Incident assessment - Response of security guards to detected incidents and determination of damage level * Response procedures - fire suppression mechanisms, emergency response process, law enforcement notification, etc.

Answer 203

* You devise measurements and metrics to guage the effectiveness of countermeasures. Things like: * Number of successful crimes * number of successful disruptions * Number of unsuccessful disruptions * business impact of disruption * Time for a criminal to defeat a control * Financial loss of a successful crime * Financial loss of a successful diruption

Answer 204

1. Identify team of internal employess/external consultantgs to build the program 2. Define the scope 3. Carry out risk analysis 4. Identify regulatory and legal requirements 5. Work with management to define acceptable risk level 6. Derive the required performance baselines from that acceptable risk level 7. Create countermeasures and peformance metrics 8. Develop criteria from the results of the analysis and categorize them 9. Identify and implement countermeasures for each program category 10. Continually evaluate countermeasures against the set baselines to ensure acceptale risk is not exceeded

Answer 205

CPTED is a discipline that outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior. * Street furnishing like benches encourage people to sit and watch * security cameras in full view * No wooded areas * The establishment of security zones / different zones have different controls

Answer 206

The goal of natural surveillance is to make criminals feel uncomfortable by providing many ways observers could potentially see them and to make all ofther people feel safe and comfortable by providing an open and well-designed environment.

Answer 207

Target Hardening

Answer 208

* Under raised floors * On dropped ceilings

Answer 209

* The MDF is the Main Distribution Facility where higher bandwidth lines are divided into multiple lower bandwidth lines. It normally has its own room * * IDF is the Intermediate Distribution Facilities -- which usually distribute individual lines or drops to multiple end points. These are often in the same room as other things, which makes them susceptible to tampering

Answer 210

1. They are secured 2. All access and transfers are logged

Answer 211

Internal Support systems refers to things like: * lights * air conditioning * water

Answer 212

1. Uninterruptable Power Supplies 2. Power line conditioners 3. Backup sources * Possibly having power supplied by different power companies * Generators

Answer 213

1. Voltage regulators 2. Line conditioners

Answer 214

* Surge protectors * Shut down devices in an orderly fashion * Use power line monitors * Use regulators to keep voltage steady and the power clean * Protect distribution panels, master circuit breakers and transformer cables with access controls * Protect against magnetic induction through shielded lines * Use shielded cabling for long runs * Do not run data or power lines over fluorescent lights * Use three prong connections or adapters if using two-prong connections

Answer 215

HVAC system

Answer 216

* Training employes how to react to a fire * supplying the right equipment * Ensuring equipment is in working order * Storing combustible elements in a proper manner

Answer 217

* Red pull boxes * Smoke detectors

Answer 218

Fire suppression is the use of an agent to put out a fire.

Answer 219

* Smoke activated * Heat activated

Answer 220

Smoke detectors should be located 1. above suspended ceilings 2. below raised floors 3. in air vents

Answer 221

CO2 is dangerous to life. It can remove Oxygen from the air and presents a risk to humans and other forms of life

Answer 222

Halon was banned by the Montreal protocol in 1992. It's replacement is FM-200 -- similar to Halon, but does not damage the Ozone layer

Answer 223

1. Wet pipe -- water is included in these at all times. If there is a leak, it will cause damage 2. Dry pipe -- water is not held in the pipes, but in a holding tank * If a heat or smoke detector is activated, water fills the pipe leading to the sprinkler heads 3. Preaction -- similar to dry pipe, in that water is not held in the pipes * Pressurized air in pipes holds back water supply * A thermal-fusible link on the sprinkler head must melt to release the water 4. Deluge -- sprinker heads are wide open to allow a large volume of water to flow very quickly. Not frequently used in data processing environments

Answer 224

The available key space for any given algorithm (or your choie of keys withtin it) will eventually "go stale" over time.

Answer 225

IoT devices

Answer 226

A nonce is like a salt. A nonce is a random number that acts as a placeholder variable in mathematical functions. When the function is executed, the nonce is replaced with a random number generated at run-time for one-time use. It makes codes harder to break.

Answer 227

A zero knowledge proof enables you to prove your knowledge of a fact to a third party without revealing the fact itself to the third party. Secret door: Peggy knows the password to a secret door in a circular cave. Victor wants to buy the password, but doesn't want to pay until Peggy can prove that she knows the password. Peggy doesn't want to give the password for fear that Victor will not pay afterword. Zero knowledge proof solves the dilemma. Victor stands at the main entrance. Peggy takes a left and opens the door and then victor sees her come back via the right entrace.

Answer 228

An M of N control system is frequently used in key escrow. It guarantees that no one person can perform the function. In an M of N control system a Minimum number of M people out of N possible people must be involved to perform a function (i.e. recover a key). In a 3 of 8 control system, at least 3 people must be involved out of 8 to recover a key.

Answer 229

1. Digital Signature Algorithm (DSA); 2. Rivest, Shamir, Adleman (RSA) algorithm; 3. Elliptic Curve DSA (ECDSA) algorithm.

Answer 230

cryptographic key.

Answer 231

A preaction fire suppression system activates in two steps. The pipes fill with water once the early signs of a fire are detected. The system does not dispense water until heat sensors on the sprinkler heads trigger the second phase.

Answer 232

The Encapsulating Security Payload (ESP) protocol provides confidentiality and integrity for packet contents. It encrypts packet payloads and provides limited authentication and protection against replay attacks.

Answer 233

TEMPEST is a specification for techniques used to prevent spying using electromagnetic emissions and wouldn’t be used to stop attacks at any normal bank.

Answer 234

Business Owners

Answer 235

* **Clearing** describes preparing media for reuse. When media is cleared, unclassified data is written over all addressable locations on the media. Once that’s completed, the media can be reused. * **Erasing** is the deletion of files or media. * **Purging** is a more intensive form of clearing for reuse in lower security areas, and * **Sanitization** is a series of processes that removes data from a system or media while ensuring that the data is unrecoverable by any means.

Answer 236

The U.S. government uses the labels: * **Unclassified** * **Confidential** for data that could cause damage if it was disclosed without authorization. * **Secret** data could cause serious damage. * **Top Secret** data is considered to potentially cause grave damage, Classified is not a level in the U.S. government classification scheme

Answer 237

Spare sectors, bad sectors, and space provided for wear leveling on SSDs (overprovisioned space) may all contain data that was written to the space that will not be cleared when the drive is wiped. Most wiping utilities only deal with currently addressable space on the drive. SSDs cannot be degaussed, and wear leveling space cannot be reliably used to hide data. These spaces are still addressable by the drive, although they may not be seen by the operating system.

Answer 238

A watermark is used to digitally label data and can be used to indicate ownership.

Answer 239

**Rogue access point:** An access point intended to attract new connections by using an apparently legitimate SSID. **Evil twin:** An attack that relies on an access point to spoof a legitimate access point’s SSID and MAC address.

Answer 240

The DMCA states that providers are not responsible for the **_transitory_** activities of their users. Transmission of information over a network would qualify for this exemption. The other activities listed are all nontransitory actions that require remediation by the provider.

Answer 241

The three common threat modeling techniques are: 1. Focused on attackers (Social engineering is a subset of attackers) 2. Focused on software 3. Focused on assets.

Answer 242

**The prudent man rule** requires that senior executives take personal responsibility for ensuring the due care that ordinary, prudent individuals would exercise in the same situation. The rule originally applied to financial matters, but the Federal Sentencing Guidelines applied them to information security matters in 1991.

Answer 243

The U.S. Department of Commerce is responsible for implementing the EU-US Privacy Shield Agreement.

Answer 244

The Gramm-Leach-Bliley Act (GLBA)

Answer 245

The Federal Information Security Management Act (FISMA) specifically applies to government contractors. The Government Information Security Reform Act (GISRA) was the precursor to FISMA and expired in November 2002.

Answer 246

* Spoofing * Tampering * Repudiation * Information disclosure * DoS * Elevation of Privilege

Answer 247

The Economic Espionage Act imposes fines and jail sentences on anyone found guilty of stealing trade secrets from a U.S. corporation. It gives true teeth to the intellectual property rights of trade secret owners.

Answer 248

For the test, YES

Answer 249

Between 40% and 60%

Answer 250

Serial number

Answer 251

Typing with the rhythm of Morse code

Answer 252

Lauren has implemented **address space layout randomization,** a memory protection methodology that randomizes memory locations, which prevents attackers from using known address spaces and contiguous memory regions to execute code via overflow or stack smashing attacks.

Answer 253

bcrypt is based on Blowfish. Bcrypt adds 128 additional bits as a salt to protect against rainbow table attacks

Answer 254

* An **Administrator** assigns permissions based on the principles of least privilege and need to know. * A **custodian** protects the integrity and security of the data. * **Owners** have ultimate responsibility for the data and ensure that it is classified properly, and owners provide guidance to administrators on who can have access, but owners do not assign permissions. * **Users** simply access the data.

Answer 255

Nonrepudiation

Answer 256

One 16 divided by 3 equals 5, with a remainder value of 1.

Answer 257

**Output feedback (OFB)** mode prevents early errors from interfering with future encryption/decryption. Cipher Block Chaining and Cipher Feedback modes will carry errors throughout the entire encryption/decryption process. Electronic Code Book (ECB) operation is not suitable for large amounts of data.

Answer 258

is a one-way function.

Answer 259

The Advanced Encryption Standard uses a 128-bit block size, even though the Rijndael algorithm it is based on allows a variable block size.

Answer 260

The Twofish algorithm, developed by Bruce Schneier, uses prewhitening and postwhitening.

Answer 261

The El Gamal cryptosystem extends the functionality of the Diffie-Hellman key exchange protocol to support the encryption and decryption of messages.

Answer 262

4096 bits The major disadvantage of the El Gamal cryptosystem is that it doubles the length of any message it encrypts. Therefore, a 2,048-bit plain-text message would yield a 4,096-bit ciphertext message when El Gamal is used for the encryption process.

Answer 263

160 bits The elliptic curve cryptosystem requires significantly shorter keys to achieve encryption that would be the same strength as encryption achieved with the RSA encryption algorithm. A 1,024-bit RSA key is cryptographically equivalent to a 160-bit elliptic curve cryptosystem key.

Answer 264

160 bytes The SHA-1 hashing algorithm always produces a 160-bit message digest, regardless of the size of the input message. In fact, this fixed-length output is a requirement of any secure hashing algorithm.

Answer 265

X.509 governs digital certificates and the public-key infrastructure (PKI). It defines the appropriate content for a digital certificate and the processes used by certificate authorities to generate and revoke certificates.

Answer 266

Pretty Good Privacy uses a “web of trust” system of digital signature verification. The encryption technology is based on the IDEA private key cryptosystem.

Answer 267

Certificate revocation lists (CRLs) introduce an inherent latency to the certificate expiration process due to the time lag between CRL distributions.

Answer 268

The simple property of Biba is no read down, but it implies that it is acceptable to read up.

Answer 269

**Declassification** Declassification is the process of moving an object into a lower level of classification once it is determined that it no longer justifies being placed at a higher level. Only a trusted subject can perform declassification because this action is a violation of the verbiage of the star property of Bell-LaPadula, but not the spirit or intent, which is to prevent unauthorized disclosure.

Answer 270

**Multitasking** is processing more than one task at the same time. In most cases, multitasking is simulated by the operating system even when not supported by the processor.

Answer 271

**Mobile device management (MDM)** Mobile device management (MDM) is a software solution to the challenging task of managing the myriad mobile devices that employees use to access company resources. The goals of MDM are to improve security, provide monitoring, enable remote management, and support troubleshooting. Not all mobile devices support removable storage, and even fewer support encrypted removable storage. Geotagging is used to mark photos and social network posts, not for BYOD management. Application whitelisting may be an element of BYOD management, but is only part of a full MDM solution.

Answer 272

In system high mode of operation, all users must have: * Signed NDA for ALL information on the system. * Proper clearance for ALL information on the system. * Formal access approval for ALL information on the system. * A valid need to know for SOME information on the system. * All users can access SOME data, based on their need to know.

Answer 273

In a dedicated system, * all users must have a valid security clearance for the highest level of information processed by the system, * they must have access approval for all information processed by the system, and * they must have a valid need to know of all information processed by the system.

Answer 274

The risk of a lost or stolen notebook is the data loss, not the loss of the system itself. Thus, keeping minimal sensitive data on the system is the only way to reduce the risk. Hard drive encryption, cable locks, and strong passwords, although good ideas, are preventive tools, not means of reducing risk.

Answer 275

Dynamic RAM chips are built from a large number of capacitors, each of which holds a single electrical charge. These capacitors must be continually refreshed by the CPU in order to retain their contents. The data stored in the chip is lost when power is removed.

Answer 276

Removable drives are easily taken out of their authorized physical location, and it is often not possible to apply operating system access controls to them. Therefore, encryption is often the only security measure short of physical security that can be afforded to them.

Answer 277

**Physical security** is the most important aspect of overall security. Without physical security, none of the other aspects of security are sufficient.

Answer 278

**Lighting** is the most common form of perimeter security device or mechanism. Your entire site should be clearly lit. This provides for easy identification of personnel and makes it easier to notice intrusions.

Answer 279

**A capacitance motion detector** senses changes in the electrical or magnetic field surrounding a monitored object.

Answer 280

There is no such thing as a preventive alarm. Alarms are always triggered in response to a detected intrusion or attack.

Answer 281

No matter what form of physical access control is used, a security guard or other monitoring system must be deployed to prevent abuse, masquerading, and piggybacking. Espionage cannot be prevented by physical access controls.

Answer 282

2 In the Fair Cryptosystem approach to key escrow, the secret keys used in communications are divided into two or more pieces, each of which is given to an independent third party.

Answer 283

Information flow The information flow model applies state machines to the flow of information. The Bell-LaPadula model applies the information flow model to confidentiality while the Biba model applies it to integrity.

Answer 284

Mirai targeted “Internet of Things” devices, including routers, cameras, and DVRs. As organizations bring an increasing number of devices like these into their corporate networks, protecting both internal and external targets from insecure, infrequently updated, and often vulnerable IoT devices is increasing important.

Answer 285

Supervisory Control and Data Acquisition systems, or SCADA systems, provide a graphical interface to monitor industrial control systems (ICS). Joanna should ask about access to her organization’s SCADA systems.

Answer 286

This integrity model focuses on preventing interference in support of integrity.

Domain 3 -- Security Architecture and Engineering Flashcards

(318 cards)