Domain 3 - Security Engineering

Question 1

What is the simultaneous execution of more than one

application on a computer and is managed by the operating system.

Answer 1

Multitasking

Question 2

This permits multiple concurrent tasks to be performed within a single process.

Answer 2

Multithreading

Question 3

The use of more than one processor to increase computing power.

Answer 3

Multiprocessing

Question 4

Similar to multitasking but takes place on mainframe systems and requires specific programming.

Answer 4

Multiprogramming

Question 5

Processors that are capable of operating at only one security level at a time,

Answer 5

Single state processors

Question 6

Processors that can simultaneously operate at multiple security levels.

Answer 6

Multistate processors

Question 7

What are the four security modes approved by the federal government for processing classified information.

Answer 7

Dedicated systems - require that all users have appropriate clearance, access permissions, and need to know for all information stored on the system.
System high mode - removes the need-to-know requirement.
Compartmented mode - removes the need-to-know requirement and the access permission requirement. Multilevel mode - removes all three requirements.

Question 8

The two layered operating modes used by most modern processors.

Answer 8

User mode and Privileged mode

Question 9

User applications operate in a limited instruction set environment

Answer 9

User mode

Question 10

The operating system performs controlled operations

Answer 10

Privileged mode

Question 11

Nonvolatile memory that can’t be written to by the end user or PC

Answer 11

Read only memory (ROM)

Question 12

Similar to a ROM chip in functionality, but with one exception; special functionality
that allows an end user to burn in the chip’s contents later. However once it is burned in no further changes are possible

Answer 12

Programmable Read-Only Memory (PROM)

Question 13

Memory chips that may be erased through the use of ultraviolet light and then can have new data written to
them.

Answer 13

Erasable Programmable Read-Only Memory (EPROM)

Question 14

Memory chips may be erased with electrical current and then have new data written to them.

Answer 14

Electronically Erasable Programmable Read-Only Memory (EEPROM)

Question 15

Memory chips that are volatile and lose their contents when the computer is powered off.

Answer 15

Random Access Memory (RAM)

Question 16

A limited amount of memory that is included in the CPU that provide it with directly accessible memory locations that the brain of the CPU, the arithmeticlogical unit (ALU), uses when performing calculations or processing instructions.

Answer 16

Registers

Question 17

At the computer level, it contains the basic instructions needed to start a computer. It is also used to provide operating instructions in peripheral devices such as printers.

Answer 17

Firmware

Question 18

This ensures that individual processes can access only

their own data.

Answer 18

Process isolation

Question 19

This creates different realms of security within a process and limits
communication between them.

Answer 19

Layering

Question 20

This creates “black-box” interfaces for programmers to use without requiring knowledge of an algorithm’s or device’s inner workings.

Answer 20

Abstraction

Question 21

This prevents data from being discovered or accessed by a subject by positioning it in a location that is not seen by the subject.

Answer 21

Data hiding

Question 22

Enforces process isolation with physical controls.

Answer 22

Hardware segmentation

Question 23

The role of a _____ ______ is to inform and guide the design, development, implementation, testing, and maintenance of some particular system.

Answer 23

Security Policy

Question 24

The popular term referring to a concept of computing where processing and storage are performed elsewhere over a network connection rather than locally. It is often thought of as Internet-based computing.

Answer 24

Cloud computing

Question 25

Typically designed around a limited set of specific functions in relation to the larger product of which it’s a component.

Answer 25

Embedded System

Question 26

Applications, OSs, hardware sets, or networks that are confi gured for a specifi c need, capability, or function, and then set to remain unaltered.

Answer 26

Static environments

Question 27

Ensures that only a minimum number of processes are authorized to run in supervisory mode.

Answer 27

Principle of lease privilege

Question 28

Any method that is used to pass information but that is not normally used for information.

Answer 28

Covert Channels

Question 29

This occurs when the programmer fails to check the size of input data prior to writing the data into a specific memory location.

Answer 29

Buffer Overflow

Question 30

Checking data before it is saved to a database

Answer 30

Input checking

Question 31

An engineering discipline concerned with the design and construction of computing systems at a logical level.

Answer 31

Computer architecture

Question 32

From a security standpoint, _____ _____ organize code and components in an operating system (as well as applications, utilities, or other code that runs under the operating system’s control) into concentric rings. The deeper inside the circle you go, the higher the privilege level associated with the code that occupies a specific ring.

Answer 32

Protection rings

Question 33

This is not a memory addressing scheme perse but rather a way of referring to data that is supplied to the CPU as part of an instruction.

Answer 33

Immediate addressing

Question 34

In this memory addressing scheme, the CPU is provided with an actual address of the memory location to access.

Answer 34

Direct addressing

Question 35

In this scheme the memory address supplied to the CPU as part of the instruction doesn’t contain the actual value that the CPU is to use as an operand. Instead, the memory address contains another memory address

Answer 35

Indirect addressing

Question 36

This contains the operating system–independent primitive instructions that a computer needs to start up and load the operating system from disk.

Answer 36

BIOS

Question 37

Database attack where attacker collects details at lower level to determine information at a higher level.

Answer 37

Aggregation

Question 38

Combining several pieces of nonsensitive information to gain access to information that should be classified at a higher level. Requires some level of deduction.

Answer 38

Inference

Question 39

Facility construction and selection, site management, personnel controls, awareness training, and emergency response and procedures are all examples of what?

Answer 39

Administrative Physical security controls

Question 40

Access controls, intrusion detection, alarms, CCTV, monitoring, HVAC, power supplies, and fire detection and suppression are all examples of what?

Answer 40

Technical physical security controls

Question 41

Fencing, lighting, locks, construction materials, mantraps, dogs, and guards are all examples of what?

Answer 41

Physical controls for physical security

Question 42

What are the key elements in making a site selection?

Answer 42

Visibility, composition of the surrounding area, area accessibility, and the effects of natural disasters.

Question 43

What is the key element in designing a facility for construction?

Answer 43

Understanding the level of security needed by your

organization and planning for it before construction begins.

Question 44

Name the three categories of security controls implemented to manage physical security

Answer 44

administrative, technical, and physical

Question 45

Using someone else’s security ID to gain entry to a facility

Answer 45

Masquerading

Question 46

Following someone through a secured gate or doorway without being identified or authorized personally.

Answer 46

Piggybacking

Question 47

Ideal temperature for a computer room

Answer 47

60 to 75 degrees Fahrenheit

Question 48

Ideal Humidity for a computer room

Answer 48

between 40 and 60 percent

Question 49

A systematic effort to identify relationships between mission-critical applications, processes, and operations and all the necessary supporting elements.

Answer 49

Critical path analysis

Question 50

The tendency for various technologies, solutions, utilities, and systems to evolve and merge over time.

Answer 50

Technology convergence

Question 51

This clearly defines the response time a vendor will provide in the event of an equipment failure emergency.

Answer 51

service-level agreement (SLA)

Question 52

The expected typical functional lifetime of the device given a specific operating environment.

Answer 52

mean time to failure (MTTF)

Question 53

The average length of time required to perform a repair on the device.

Answer 53

mean time to repair (MTTR)

Question 54

A box, mobile room, or entire building designed with an
external metal skin, often a wire mesh that fully surrounds an area on all sides (in other words, front, back, left, right, top, and bottom).

Answer 54

Faraday cage

Question 55

A momentary loss of power

Answer 55

Fault

Question 56

A complete loss of power

Answer 56

Blackout

Question 57

Momentary low voltage

Answer 57

Sag

Question 58

Prolonged low voltage

Answer 58

Brownout

Question 59

Momentary high voltage

Answer 59

Spike

Question 60

Prolonged high voltage

Answer 60

Surge

Question 61

An initial surge of power usually associated with connecting to a power source, whether primary or alternate/secondary

Answer 61

Inrush

Question 62

A steady interfering power disturbance or fluctuation

Answer 62

Noise

Question 63

A short duration of line noise disturbance

Answer 63

Transient

Question 64

Nonfluctuating pure power

Answer 64

Clean

Question 65

The wire in an electrical circuit that is grounded

Answer 65

Ground

Question 66

Class A fire extinguishers can be used on what? And what is the suppression material used?

Answer 66

Common combustibles; Water, soda acid (a dry powder

or liquid chemical)

Question 67

Class B fire extinguishers can be used on what? And what is the suppression material used?

Answer 67

Liquids; CO2 , halon (or EPA approved halon substitue), soda acid

Question 68

Class C fire extinguishers can be used on what? And what is the suppression material used?

Answer 68

Electrical; CO2 , halon (or EPA approved halon substitue)

Question 69

Class D fire extinguishers can be used on what? And what is the suppression material used?

Answer 69

Metal; Dry powder

Question 70

This suppression system is always full of water. Water

discharges immediately when suppression is triggered.

Answer 70

Wet Pipe System

Question 71

This suppression system contains compressed air. Once suppression is triggered, the air escapes, opening a water valve that in turn causes the pipes to fill and discharge water into the environment.

Answer 71

dry pipe system

Question 72

This suppression system is another form of dry pipe system that uses larger pipes and therefore delivers a significantly larger volume of water. They are inappropriate for environments that contain electronics and computers.

Answer 72

Deluge system

Question 73

This suppression system is a combination dry pipe/wet pipe system. The system exists as a dry pipe until the initial stages of a fire (smoke, heat, and so on) are detected, and then the pipes are filled with water. The water is released only after the sprinkler head activation triggers are melted by sufficient heat. If the fire is quenched before sprinklers are triggered, pipes can be manually emptied and reset. This also allows manual intervention to stop the release of water before sprinkler triggering occurs.

Answer 73

Preaction system

Question 74

The art of creating and implementing secret codes and ciphers.

Answer 74

Cryptography

Question 75

The study of methods to defeat codes and ciphers.

Answer 75

Cryptanalysis

Question 76

Specific implementations of a code or cipher in hardware and Software.

Answer 76

Cryptosystems

Question 77

What are the main goals of cryptography?

Answer 77

confidentiality, integrity, authentication, and nonrepudiation

Question 78

Cryptosystems that use a shared secret key available to all users of the cryptosystem.

Answer 78

Symmetric Key Systems

Question 79

Cryptosystems that use individual combinations of public and private keys for each user of the system.

Answer 79

Asymmetric Cryptosystems

Question 80

Cryptographic systems of symbols that represent words or phrases and are sometimes secret but don’t always provide confidentiality.

Answer 80

Codes

Question 81

These use a variety of techniques to alter and/or rearrange the characters or bits of a message to achieve confidentiality. They are always meant to hide the true meaning of a message.

Answer 81

Ciphers

Question 82

Ciphers that use an encryption algorithm to rearrange the letters of a plaintext message, forming the ciphertext message.

Answer 82

Transposition Ciphers

Question 83

Ciphers that use the encryption algorithm to replace each character or bit of the plaintext message with a different character.

Answer 83

Substitution ciphers

Question 84

In this cipher, the encryption key is as long as the message itself and is often chosen from a common book.

Answer 84

Running Key Ciphers

Question 85

These ciphers operate on “chunks,” or blocks, of a message and apply the encryption algorithm to an entire message block at the same time.

Answer 85

Block ciphers

Question 86

These ciphers operate on one character or bit of a message (or data stream) at a time.

Answer 86

Stream ciphers

Question 87

An extremely powerful type of substitution cipher. It uses a different substitution alphabet for each letter of the plaintext message.

Answer 87

One-time pad

Question 88

This occurs when the relationship between the plain text and the key is so complicated that an attacker can’t merely continue altering the plain text and analyzing the resulting ciphertext to determine the key.

Answer 88

Confusion

Question 89

This occurs when a change in the plain text results in multiple changes spread throughout the ciphertext.

Answer 89

Diffusion

Question 90

Mathematical operation that easily produces output values for each possible combination of inputs but makes it impossible to retrieve the input values.

Answer 90

One-way Function

Question 91

Boolean representation of AND operation

Question 92

Boolean representation of OR operation

Answer 92

˅

Question 93

Boolean representation of NOT operation

Answer 93

~

Question 94

Boolean representation of Exclusive OR operation. Most commonly used in cryptographic applications.

Answer 94

© (Looks similar to this symbol)

Question 95

Returns a true value when only one of the input values is true. If both values are false or both values are true, the output is false.

Answer 95

XOR (Exclusive OR)

Question 96

A random number that acts as a placeholder variable in mathematical functions. When the function is executed, it is replaced with a random number generated at the moment of processing for one-time use. It must be a unique number each time it is used.

Answer 96

Nonce

Question 97

A random bit string that is the same length as the block size and is XORed with the message. They are used to create unique ciphertext every time the same message is encrypted using the same key.

Answer 97

Initialization Vector (IV)

Question 98

Prove your knowledge of a fact to a third party without revealing the fact itself to that third party. This is often done with passwords and other secret authenticators.

Answer 98

Zero-Knowledge Proof

Question 99

The information or privilege required to perform an operation is divided among multiple users. This ensures that no single person has sufficient privileges to compromise the security of the environment.

Answer 99

Split Knowledge

Question 100

A way to measure the strength of a cryptography system by measuring the effort in terms of cost and/or time to decrypt messages. The security and protection offered by a cryptosystem is directly proportional to this value.

Answer 100

Work Function or work Factor

Question 101

DES Operational Modes

Answer 101

• Electronic Codebook (ECB) – Least secure
• Cipher Block Chaining (CBC)
• Cipher Feedback (CFB) -
• Output Feedback (OFB) –

Question 102

Uses three iterations of DES with 2 or 3 different keys to increase the effective key strength to 112 or 168.

Answer 102

3DES (Triple DES)

Question 103

The US government standard for the secure exchange of sensitive but unclassifi ed data. It uses the Rijndael algorithm.

Answer 103

AES

Question 104

This system relies on pairs of keys assigned to each user of the cryptosystem. Every user maintains both a public key and a private key.

Answer 104

Public Key Cryptosystems

Question 105

The most famous public key cryptosystem; it was developed by Rivest, Shamir, and Adleman in 1977. It depends on the difficulty of factoring the product of prime numbers.

Answer 105

RSA

Question 106

An extension of the Diffie-Hellman key exchange algorithm that depends on modular arithmetic.

Answer 106

El Gamal

Question 107

Algorithm depends on the elliptic curve discrete logarithm problem and provides more security than other algorithms when both are used with keys of the same length. Often used when hardware resources are low.

Answer 107

Elliptical Curve

Question 108

They take a potentially long message and generate a unique output value derived from the content of the message. This value is commonly referred to as the message digest.

Answer 108

Hash Functions

Question 109

This and its successors are government standard hash functions developed by the National Institute of Standards and Technology (NIST) and are specified in an official government publication.

Answer 109

SHA

Question 110

Hashing algorithm that takes an input of virtually any length and produces a 160-bit message digest. The SHA-1 algorithm processes a message in 512-bit blocks. Therefore, if the message length is not a multiple of 512, the SHA algorithm pads the message with additional data until the length reaches the next highest multiple of 512.

Answer 110

SHA-1

Question 111

Latest version of government standard hash functions. It supports variable length, ranging up to 512 bits.

Answer 111

SHA-2

Question 112

A hash algorithm was developed by Ronald Rivest in 1989. It was later proved that it is not a one-way function. Therefore it should no longer be used.

Answer 112

MD2

Question 113

Enhanced version of MD2 hashing algorithm. It processes 512-bit blocks of the message in three rounds of computation. The final output is a 128-bit message digest.

Answer 113

MD4

Question 114

Latest version of MD2 algorithm. It uses four distinct rounds of computation to produce a digest of the same length as the MD2 and MD4 algorithms.

Answer 114

MD5

Question 115

These are added to passwords before hashing them to reduce the effectiveness of rainbow table attacks.

Answer 115

Cyrptographic Salts

Question 116

These have two distinct goals: assure the recipient that the message truly came from the claimed sender and assure the recipient that the message was not altered while in transit between the sender and recipient.

Answer 116

Digital Signatures

Question 117

First use a hashing function to generate a message digest. Then encrypt the digest with your private key. To verify the digital signature on a message, decrypt the signature with the sender’s public key and then compare the message digest to one you generate yourself. If they match, the message is authentic.

Answer 117

Digital Signatures Implementation

Question 118

uses the SHA-1 and SHA-2 message digest functions along with the one of three encryption algorithms: the Digital Signature Algorithm (DSA); the Rivest, Shamir, Adleman (RSA) algorithm; or the Elliptic Curve DSA (ECDSA) algorithm.

Answer 118

Digital Signature Standard (DSS)

Question 119

Certificate Authorities (CAs) generate digital certificates containing the public keys of system users. Users then distribute these certificates to people with whom they want to communicate. Certificate recipients verify a certificate using the CA’s public key.

Answer 119

Public Key Infrastructure (PKI)

Question 120

These are the glue that binds the public key infrastructure together. These neutral organizations offer notarization services for digital certificates.

Answer 120

Certificate authorities (CAs)

Question 121

These are maintained by the various certificate authorities and contain the serial numbers of certificates that have been issued by a CA and have been revoked along with the date and time the revocation went into effect.

Answer 121

Certificate revocation lists (CRLs)

Question 122

This protocol eliminates the latency inherent in the use of certificate revocation lists by providing a means for real-time certificate verification.

Answer 122

Online Certificate Status Protocol (OCSP)

Question 123

A protocol that has emerged as a de facto standard for encrypted email. It relies on the use of X.509 certificates for exchanging cryptographic keys. The public keys contained in these certificates are used for digital signatures and for the exchange of symmetric keys used for longer communications sessions.

Answer 123

S/MIME

Question 124

Secure email system developed by Phil Zimmerman.

Answer 124

Pretty Good Privacy (PGP)

Question 125

Based on SSL technology. It provides secure communications on the Internet.

Answer 125

TLS

Question 126

Developed by Netscape to provide client/server encryption for web traffic. It relies on the exchange of server digital certificates to negotiate encryption/decryption parameters between the browser and the web server. Its goal is to create secure communications channels that remain open for an entire web browsing session.

Answer 126

SSL

Question 127

A security architecture framework that supports secure communication over IP. It establishes a secure channel in either transport mode or tunnel mode. It can be used to establish direct communication between computers or to set up a VPN between networks. It uses two protocols: Authentication Header (AH) and Encapsulating Security Payload (ESP).

Answer 127

IPsec

Question 128

Provides assurances of message integrity and nonrepudiation. It also provides authentication and access control and prevents replay attacks. Part of IPSec

Answer 128

Authentication Header

Question 129

Provides confidentiality and integrity of packet contents. It provides encryption and limited authentication and prevents replay attacks. Part of IPSec

Answer 129

Encapsulating Security Payload

Question 130

In IPSec only packet contents are encrypted for peer-to-peer communication

Answer 130

Transport Mode

Question 131

In IPSec the entire packet, including header information, is encrypted for gateway-to-gateway communications

Answer 131

Tunnel Mode

Question 132

an attack that attempts every possible valid combination for a key or password. They involve using massive amounts of processing power to methodically guess the key used to secure cryptographic communications.

Answer 132

Brute-force attacks

Question 133

The attacker has a copy of the encrypted message along with the plaintext message used to generate the ciphertext (the copy). This knowledge greatly assists the attacker in breaking weaker codes.

Answer 133

Known Plaintext attacks

Question 134

the attacker has the ability to encrypt plaintext messages of their choosing and can then analyze the ciphertext output of the encryption algorithm.

Answer 134

Chosen plaintext attacks

Question 135

the attacker has the ability to decrypt chosen portions of the ciphertext message and use the decrypted portion of the message to discover the key.

Answer 135

Chosen ciphertext attacks

Question 136

Used to defeat encryption algorithms that use two rounds of encryption.

Answer 136

Meet-in-the-middle attack

Question 137

a malicious individual sits between two communicating parties and intercepts all communications (including the setup of the cryptographic session).

Answer 137

Man-in-the-middle attack

Question 138

also known as a collision attack or reverse hash matching seeks to find flaws in the one-to-one nature of hashing functions. In this attack, the malicious individual seeks to substitute in a digitally signed communication a different message that produces the same message digest, thereby maintaining the validity of the original digital signature.

Answer 138

Birthday attack

Question 139

attack is used against cryptographic algorithms that don’t incorporate temporal protections. In this attack, the malicious individual intercepts an encrypted message between two parties (often a request for authentication) and then later “replays” the captured message to open a new session. This attack can be defeated by incorporating a time stamp and expiration period into each message.

Answer 139

Replay attack

Question 140

These allow content owners to enforce restrictions on the use of their content by others. They commonly protect entertainment content, such as music, movies, and e-books but are occasionally found in the enterprise, protecting sensitive information stored in documents.

Answer 140

Digital rights management (DRM)

Question 141

A system that is always secure no matter what state it is in. It ensures that all instances of subjects accessing objects are secure.

Answer 141

State Machine model

Question 142

This model is focused on the flow of information. Designed to prevent unauthorized, insecure, or restricted information flow. Bell-LaPadula and Biba are both examples of this model.

Answer 142

Information Flow model

Question 143

prevent the actions of subject A at a high level of security classification from affecting the system state at a lower level.

Answer 143

Noninterference model

Question 144

employs a directed graph to dictate how rights can be passed from one subject to another or from a subject to an object.

Answer 144

Take-Grant model

Question 145

a table of subjects and objects that indicates the actions or functions that each subject can perform on each object.

Answer 145

Access Control Matrix

Question 146

subjects have a clearance level that allows them to access only those objects with the corresponding classification levels. Developed by the Department of Defense. It is focused on maintaining the confidentiality of objects. “No read up”. Concerned with confidentiality.

Answer 146

Bell-LaPadula

Question 147

prevents subjects with lower security levels from writing to objects at higher security levels. “No Write Up”. Concerned with Integrity

Answer 147

Biba

Question 148

Bell-LaPadula Simple Security Property

Answer 148

states that a subject may not read information at a higher sensitivity level (no read up).

Question 149

Bell-LaPadula * Star Security Property

Answer 149

states that a subject may not write information to an object at a lower sensitivity level (no write down).

Question 150

Bell-LaPadula Discretionary Security Property

Answer 150

states that the system uses an access matrix to enforce discretionary access control.

Question 151

Biba Simple Security Property

Answer 151

states that a subject cannot read an object at a lower integrity level (no read-down).

Question 152

Biba * star Security Property

Answer 152

states that a subject cannot modify an object at a higher integrity level (no write-up).

Question 153

an integrity model that relies on auditing to ensure that unauthorized subjects cannot access objects and that authorized users access objects properly. It allows modifications through only a small set of programs.

Answer 153

Clark-Wilson

Question 154

also known as Chinese Wall. it creates a class of data that defines which security domains are potentially in conflict and prevents any subject with access to one domain that belongs to a specific conflict class from accessing any other domain that belongs to the same conflict class.

Answer 154

Brewer and Nash Model

Question 155

the technical evaluation of each part of a computer system to assess its concordance with security standards.

Answer 155

Certification

Question 156

is the process of formal acceptance of a certified configuration from a designated authority.

Answer 156

Accreditation

Question 157

systems that are designed using industry standards and are usually easy to integrate with other open systems.

Answer 157

Open Systems

Question 158

systems that are generally proprietary hardware and/or software. Their specifications are not normally published, and they are usually harder to integrate with other systems.

Answer 158

Closed Systems

Question 159

restricts a process to reading from and writing to certain memory locations. Also known as sandboxing.

Answer 159

Confinement

Question 160

the limits of memory a process cannot exceed when reading or writing. Also the area within which a process is confined or contained.

Answer 160

Bounds

Question 161

the mode a process runs in when it is confined through the use of memory bounds.

Answer 161

Isolation

Question 162

the user or process that makes a request to access a resource.

Answer 162

Subject

Question 163

the resource a user or process wants to access.

Answer 163

Object

Question 164

use access rules to limit the access by a subject to an object. Also allows subjects to access only authorized objects. Primary goal is to ensure the confidentiality and integrity of data by disallowing unauthorized access by authorized or unauthorized subjects.

Answer 164

Security Controls

Question 165

Static attributes of the subject and the object are considered to determine the permissibility of an access. Each subject possesses attributes that define its clearance, or authority, to access resources. Each object possesses attributes that define its classification.

Answer 165

Mandatory Access Controls

Question 166

Allows the creator/owner of an object to grant access as he or she sees fit.

Answer 166

Discretionary Controls

Question 167

Provides access to resources based on profiles connected to a user’s role in an organization.

Answer 167

Role Based Access Control

Question 168

Predefined rules state which subjects can access which objects. Often used in firewalls.

Answer 168

Rule-Based access control

Question 169

Also known as the Rainbow Series.

Answer 169

TCSEC

Question 170

Europe’s version of the Rainbow Series.

Answer 170

ITSEC

Question 171

defines various levels of testing and confirmation of systems’ security capabilities, and the number of the level indicates what kind of testing and confirmation has been performed. Designed as a product evaluation model.

Answer 171

Common Criteria

Question 172

the combination of hardware, software, and controls that form a trusted base that enforces the security policy.

Answer 172

Trusted Computing Base (TCB)

Question 173

is the imaginary boundary that separates the TCB from the rest of the system. TCB components communicate with non-TCB components using trusted paths.

Answer 173

Security Perimeter

Question 174

is the logical part of the TCB that confirms whether a subject has the right to use a resource prior to granting access.

Answer 174

Reference Monitor

Question 175

is the collection of the TCB components that implement the functionality of the reference monitor.

Answer 175

Security Kernel

Question 176

A cryptoprocessor chip on a motherboard that stores the encryption key that is used to encrypt the hard drive. This helps prevent hard drives being stolen from PC and the data accessed.

Answer 176

Trusted Platform Module (TPM)

Question 177

the ability of a system to suffer a fault but continue to operate.

Answer 177

Fault tolerance