Domain 3: System Design

Question 1

• Uses multiple security controls in a series

- i.e. pass one security control you enter into another

Answer 1

Layering

Question 2

Generic list of security architecture layers

Answer 2

1. Hardware
2. Kernel and device drivers
3. OS
4. Applications

Question 3

Hides unnecessary details from the user.

Answer 3

Abstraction

Question 4

List of objects a subject is allowed to access.

Answer 4

Security Domain

Question 5

• CPU hardware layering model that separates and protects domains from each other
• i.e. kernel mode and user mode

Answer 5

Ring Model

Question 6

Allow processes to communicate with the kernel and provide a window between the rings

Answer 6

System Calls

Question 7

List the rings in the Ring Model

Answer 7

Ring 0: Kernel
Ring 1: Other OS components that do not fit in Ring 0
Ring 2: Device drivers
Ring 3: User applications

Question 8

Uses open hardware and standards, using standard components from a variety of vendors

Answer 8

Open System

Question 9

Uses proprietary hardware or software

Answer 9

Closed System

Question 10

Another name for a computer case

Answer 10

System Unit

Question 11

Communication between the CPU, memory, and input/output devices (i.e. keyboard, mouse, and etc.) occurs here

Answer 11

Computer Bus

Question 12

Is the part of the CPU that performs math calculations

Answer 12

Arithmetic Logic Unit (ALU)

Question 13

Four steps of a CPU “fetch and execute (FDX)” process

Answer 13

1. Fetch instructions
2. Decode instruction
3. Execute instruction
4. Write (save) Result

Question 14

Combines multiple CPU steps into one process

Answer 14

Pipelining

Question 15

Causes the CPU to stop processing its current task, save the state and begin processing a new request.

Answer 15

Interrupt

Question 16

An executable program and its associated data loaded and running in memory

Answer 16

Process

Question 17

Parent process that spawns additional child processes

Answer 17

Threads

Question 18

Allows multiple tasks to run simultaneously on one CPU

Answer 18

Multitasking

Question 19

Runs multiple processes on multiple CPUs

Answer 19

Multiprocessing

Question 20

CPU design that uses a large set of complex machine language instructions

Answer 20

Complex Instruction Set Computer (CISC)

Question 21

CPU design that uses reduced set of simpler instructions

Answer 21

Reduced Interaction Set Computer (RISC)

Question 22

Memory logical control that prevents one process from interfacing with another

Answer 22

Process Isolation

Question 23

Uses virtual memory to copy contents of RAM to and from disk

Answer 23

Swapping

Question 24

Storage that can be written to once and read many times.

Answer 24

WORM Storage

Question 25

Hardware chip that provides random number generation for cryptographic operations

Answer 25

Trusted Platform Module

Question 26

Prevents code execution in memory locations that are not pre-defined to contain executable content

Answer 26

Data Execution Prevention (DEP)

Question 27

Randomizes memory addresses make exploitation difficult

Answer 27

Address Space Location Randomization (ASLR)

Question 28

Provides interface between hardware and rest of the OS

Answer 28

Kernel

Question 29

- Enforces system’s security policy - Logical part of the TCB - i.e. preventing a normal user from writing to a restricted file like the system password file

Answer 29

Reference Monitor

Question 30

Called bare metal, virtualization OS runs directly on server

Answer 30

Type 1 Hypervisor

Question 31

Virtualization application runs on a normal OS i.e. Windows 10

Answer 31

Type 2 Hypervisor

Question 32

- Customer configures OS, apps, and performs all required maintenance - Cloud service provider maintains the cloud infrastructure - i.e. servers, storage, some cases network resources

Answer 32

Infrastructure As A Service (IaaS)

Question 33

- Customer manages their apps - Cloud service provider is responsible for the maintenance of host OS and the underlying infrastructure - i.e. hardware, OS, applications

Answer 33

Platform As A Service (PaaS)

Question 34

- Completely configured, from the OS to apps - Customer does not manage or control any assets - i.e. Gmail

Answer 34

Software as a Service (SaaS)

Question 35

- Cloud that houses data for a single organization | - Can be operated by a third party or in-house

Answer 35

Private Clouds

Question 36

Attempts to harness the computational resources of a large number of dissimilar devices

Answer 36

Grid Computing

Question 37

Allows for increased performance through economies of scale

Answer 37

Large-Scale Parallel Systems

Question 38

- Any system can act as client, server or both, depending on data needs - No central servers in this model.

Answer 38

Peer-to-Per (P2P)

Question 39

Allows centralization of applications and their data, as well as the associated security costs of upgrades, patching, data storage, etc.

Answer 39

Thin Clients

Question 40

Form of computer management device that controls industrial processes and machines

Answer 40

Industrial Control Systems (ICS)

Question 41

Typically found in industrial process plants where the need to gather data and implement control over a large-scale environment from a single location is essential.

Answer 41

DCS Units

Question 42

- Typically deployed for management and automation of various industrial operations - i.e. Controlling systems on a assembly line, large digital light display (giant display system in a stadium)

Answer 42

PLC Units

Question 43

Can operate as a stand alone device, be networked together with other like systems, or be networked with traditional IT systems.

Answer 43

SCADA System

Question 44

Divides CPU time among child process (aka threads)

Answer 44

Multithreading

Question 45

Restricts a process to reading from and writing to certain memory locations

Answer 45

Confinement

Question 46

Limits of memory a process cannot exceed when reading or writing

Answer 46

Bounds

Question 47

The mode a process runs in when it is confined through the use of memory bounds

Answer 47

Isolation

Question 48

Collections of TCB components that implement the functionality of the reference monitor

Answer 48

Security Kernel