Domain 3: Security Architecture and Engineering Flashcards
Scott is the security admin for a consulting firm and must enforce access controls that restrict users’ access based upon their previous activity. For example, once a consultant accesses data belonging to Acme Cola, a consulting client, they may no longer access data belonging to any of Acem’s competitors. What security model best fits Matthew’s needs?
A) Clark-Wilson
B) Biba
C) Bell-laPadula
D) Brewer Nash
D) The Brewer-Nash model allows access controls to change dynamically based upon user’s actions. It is often used in environments like Mathew’s to implement a Chinese Wall between data belonging to different clients.
Referring to the figure shown here, what is the earliest stage of a fire where it is possible to use detection technology to identify it?
A) Incipient
B) Smoke
C) Flam
D) Heat
A) Fires may be detected as early as the incipient stage. During this stage, air ionization takes place and specialized incipient fire detection systems can identify these changes to provide early warning of a fire.
Ralph is designing a physical security infrastructure for a new computing facility that will remain largely unstaffed. He plans to implement motion detectors in the facility but would also like to include a secondary verification control for physical presence. Which one of the following would best me his needs?
a) CCTV
b) IPS
C) Turnstiles
D) Faraday cages
a) CCTV systems act as a secondary verification mechanism for physical presence because they allow security officials to view the interior of the facility when a motion alarm sounds to determine the current occupants and their activities.
Bob is a security admin with the federal government and wishes to choose a digital signature approach that is an approved part of the federal digital signature standard under FIPS 186-4. Which one of the following encryption algorithms is not an acceptable choice for use in digital signatures?
A) DSA
B) HAVAL
C) RSA
D) ECDSA
B) The digital signature standard approves three encryption algorithms for use in digital signature, the Digital Signature Algorithm (DSA), the Rivest, Shamir, Adleman (RSA) algorithm, and the elliptic curve DSA (ECDSA) algorithm. HAVAL is a hash function, not an encrypted algorithm. While hash functions are used as part of the digital signature process, they do not provide encryption.
Michael is responsible for forensic investigations and is investigating a medium-severity security incident that involved the defacement of a corporate website. The web server in question ran on a virtualization platform, and the marketing team would like to get the website up and running as quickly as possible. What would be the most reasonable next step for Michael to take?
A) Keep the website offline until the investigation is complete
B)Take the virtualization platform offline as evidence
C) Take a snapshot of the compromised system and use that for the investigation.
D) Ignore the incident and focus on quickly restoring the website
C) Michael should conduct his investigation, but there is a pressing business need to bring the website back online. The most reasonable course of action would be to take a snapshot of the compromised system and use use the snapshot for the investigation, restoring the website operation as quickly as possible while using the results of the investigation to improve the security of the site.
Scott is blocked from reading a file due to the Biba integrity model. Scott has a secret security clearance and the file has a confidential classification. What principle is being enforced?
A) Simple security property
B) Simple integrity property
C) *-security property
D) *-Integrity property
B) The simple integrity property states that an individual may not read a classified file at a lower security level than the individual’s security clearance.
Scott recently removed an encrypted hard drive from a laptop and moved it to a new device because of a hardware failure. She is having difficulty accessing encrypted content on the drive despite the fact that she knows the user’s password. What hardware security feature is likely causing this problem?
A) TCB
B) TPM
C) NIACAP
D) RSA
B) The Trusted Platform Module (TPM) is a hardware security technique that stores an encryption key on a chip on the motherboard and prevents someone from accessing an encrypted drive by installing it in another computer.
Which of the following is not an attribute of a hashing algorithm?
A) They require a cryptographic key
B) They are irreversible
C) It is very difficult to find tow messages with the same hash value
D) They take variable length input
A) Hash functions do not include any element of secrecy and, therefore, do not require a cryptographic key
Susan would like to configure IPsec in a manner that provides confidentiality for the content of packets. What component of IPsec provides this capability?
A) AH
B) ESP
C) IKE
D) ISAKMP
B) Encapsulating security payload (ESP) protocol provides confidentiality and integrity for packet contents. It encrypts pack payloads and provides limited authentication and protection against replay attacks.
Under the Common Criteria, what element describes the security requirements for a product?
A) TCSEC
B) ITSEC
C) PP
D) ST
C) Protection profiles (PPs) specify the security requirements and protections that must be in place for a product to be accepted under Common Criteria
Which one of the following is not one of the basic requirements for a cryptographic hash function?
A) The function must work on fixed-length input
B) The function must be relatively easy to compute for any input
C) The function must be one way
D) The function must be collision free
A) Hash functions must be able to work on any variable length input and produce a fixed-length output from that input, regardless of the length of the input.
Scott is blocked from writing to the data file by the Biba integrity model. Scott has a security clearance and the file is classified top secret. What principle is preventing him from writing to the file?
A) Simple security property
B) Simple integrity property
C) *-Security property
D) *- Integrity property
D) The *- integrity property states that a subject cannot modify an object at a higher integrity level than possessed by the subject
Scott is reviewing a system that has been assigned the EAL1 evaluation assurance level under the Common Criteria. What is the degree of assurance that he may have about the system?
a) It has been functionally tested
B) It has been structurally tested
C) IT has been formally verified, designed, and tested.
D) IT has been methodically designed, tested, and reviewed
A) EAL 1 assurance applies when the system in question has been functionally tested. It is the lowest level of assurance under the Common Criteria.
Kyle is being granted access to a military computer system that uses System High mode. What is not true about Kyle’s security clearance requirements?
A) Kyle must have a clearance for the highest level of classification processed by the system, regardless of his access.
B) Kyle must have access approval for all information processed by the system.
C) Kyle must have a valid need to know for all information processed by the system.
D) Kyle must have a valid security clearance
C) for systems running in System High mode, the user must have a valid security clearance for all information processed by the system, access approval for all information processed by the system, and a valid need to know for some, but not necessarily all, information processed by the system.
Which one of the following terms accurately describes the Caesar cipher
A) Transposition Cipher
B) Block cipher
C) Shift cipher
D) Strong cipher
C) The Caesar Cipher is a shift cipher that works on a stream of text and is also a substitution cipher. It is not a block cipher or a transposition cipher. It is extremely week as a crytographic function.
In an Iaas environment where a vendor supplies a customer with access to storage services, who is normally responsible for removing sensitive data from drives that are taken out of service?
A) Customer’s security team
B) Customer’s storage team
C) Customer’s vendor management team
D) Vendor
D) In an IaaS environment, security duties follow a shared responsibility model. Since the vendor is responsible for managing the storage hardware, the vendor would retain responsibility for destroying or wiping drives as they are taken out of service. However, it is still the customer’s responsibility validate that the vendor’s sanitization procedures meet their requirements prior to utilizing the vendors storage service.
Which one of the following systems assurance processes provide an independent third-party evaluation of a system’s controls that may be trusted by many different organizations?
A) Certification
B) Definition
C) Verification
D) Accredidation
C) The verification process is similar to the certification process that it validates security controls. Verification may go a step further by involving a third party testing service and compiling results that may be trusted by many different organizations . Accreditation is the the act of management formally accepting an evaluating system, not evaluating the system itself
Scott is concernd about the possibility that hackers may be able to use the Van Eck radiation phenomenon to remotely read the contents of computer monitors in his facility. What technology would protect against this type of attack?
A) TCSEC
B) SCSI
C) GHOST
D) TEMPEST
D) The TEMPEST program creates technology that is not susceptible to VAN Eck Phreaking attacks because it reduces or suppresses natural electromagnetic emanations.
What is the minimum fence height that makes a fence difficult to climb easily, deterring most intruders?
A) 3 feet
B) 4 feet
C) 5 feet
D) 6 feet
D) Fences designed to deter more than the casual intruder should be more than 6 feet high. If a physical security system is designed to deter even determined intruders, it should be at least 8 feet high and topped with 3 strands of barbed wire.
In a SaaS cloud computing environment, who is normally responsible for ensure that appropriate firewall controls are in place to protect the application?
A) Customer’s security team
B) Vendor
C) Customer’s networking team
D) Customer’s infrastructure team
B) In a SaaS environment, the customer has no access to any underlying infrastructure, so firewall management is a vendor responsibility under the cloud computing shared responsibility model.
Which one of the following computing models allows the execution of multiple concurrent tasks within a single process?
A) Multitasking
B) Multiprocessing
C) Multiprogramming
D) Multithreading
D) Multithreading permits multiple tasks to execute concurrently within a single process. These tasks are known as threads and may be alternated between without switching processes
Scott intercepts an encrypted method and wants to determine what type of algorithm was used to create the message. He first performs a frequency analysis and notes that the frequency of letters in the message closely matches the distribution of letters in the English language. What type of cipher was most likely used to create this message?
A) Substitution cipher
B) AES
C) Transposition cipher
D) 3 DES
C) This message was most-likely encrypted with a transposition cipher. The use of a substitution cipher, a category that includes AES and 3DES, would change the frequent distribution so that it did not mirror that of the English language.
The Double DEs (2DES) encryption algorithm was never used as a viable alternative to the original DES algorithm. What attack is 2 DES vulnerabl to that does not exist for the DES or 3 DES approach?
A) Chosen ciphertext
B) Bruteforce
C) Man in the middle
D) Meet in the middle
D) The meet-in-the middle attack uses a known plain text message and uses both encryption of the plaintext and decryption of the ciphertext simultaneously in a brute-force manner to identify the encryption key in approximately double the time of a brute force attack against the basic DES algorithm.
Referring to the fire triangle, which one of the following suppression materials attacks a fire by removing the fuel source?
A) Water
B) Soda acid
C) Carbon dioxide
D) Halon
B) Soda acid and other dry powder extinguishers work to remove the fuel supply. Water suppresses temperature, while halon and carbon dioxide remove the oxygen supply from a fire.
