Domain 5: Security Architecture and Design Flashcards

Question

What is the difference beetween an Open and Closed System?

Answer 1

An open system uses open hardware and standards from a variety of vendors. A closed system uses proprietary hardware.

Answer 2

An open system uses open hardware and standards from a variety of vendors. Open source makes source code publicly available.

Answer 3

System Unit: The case and all the internal electronic computer parts including the motherboard, disk drives, power supply, etc. Motherboard: hardware components like the CPU, memory slots, firmware, and peripheral slots

Answer 4

Primary communications channel between all components.

Answer 5

Northbridge & Southbridge: Two buses

Answer 6

* *Northbridge** 1: Memory Controller Hub – MCH) 2: Connects CPU to RAM and Video Memory The Northbridge Bus is directly connected to the CPU and is faster than southbridge **Southbridge** 1: I/O Controller Hub – ICH) 2: Connects input/output devices.

Answer 7

Memory Controller Hub – MCH

Answer 8

I/O Controller Hub – ICH

Answer 9

Central Processing Unit

Answer 10

ALU performs mathematical calculations Control Unit feeds instructions to the ALU

Answer 11

Arithmetic Logic Unit

Answer 12

Also called Fetch – Decode – Execute (FDX)

Answer 13

Fetch – Decode – Execute (FDX)

Answer 14

1: Fetch Instruction 1 2: Decode Instruction 1 3: Execute Instruction 1 4: Write (save) Result

Answer 15

Combines multiple steps into one process allowing simultaneous FDX and increasing throughput.

Answer 16

The pipeline depth is the number of simultaneous stages which may be completed at once.

Answer 17

Indicate that an asynchronous event has occurred that causes the CPU from processing its current task, save the state, and begin processing a new request. When the new task is complete, the CPU will complete the prior task.

Answer 18

An executable program and its associated data loaded and running in memory.

Answer 19

(HWP) is called a task.

Answer 20

LWP is called a thread

Answer 21

Light Weight Process

Answer 22

Heavy Weight Process

Answer 23

HWPs do not share memory while LWPs share memory resulting in low overhead.

Answer 24

A Parent process may spawn child processes called Threads.

Answer 25

A child process whose parent has terminated.

Answer 26

1: New: A process being created 2: Ready: Processes waiting to be executed by the CPU 3: Running: Processes being executed by the CPU 4: Blocked: Processes waiting for I/O 5: Terminated: Process that are complete.

Answer 27

Multitasking: Allows multiple HWP (Heavy Weight Processes) to run simultaneously on one computer.

Answer 28

Allows multiple programs to run simultaneously on one computer.

Answer 29

Multithreading: Allows multiple LWP (Light Weight Processes - threads) to run simultaneously on one computer.

Answer 30

Multiprocessing: Allows multiple processes to run simultaneously on multiple CPUs.

Answer 31

Symmetric Multiprocessing (SMP): One operating system manages all CPUs.

Answer 32

Asymmetric Multiprocessing (ASMP or AMP): One operating system essentially all independent systems.

Answer 33

1: Multitasking: Allows multiple HWP (Heavy Weight Processes) to run simultaneously on one computer. 2: Multiprogramming: Allows multiple programs to run simultaneously on one computer. 3: Multithreading: Allows multiple LWP (Light Weight Processes - threads) to run simultaneously on one computer. 4: Multiprocessing: Allows multiple processes to run simultaneously on multiple CPUs. 5: Symmetric Multiprocessing (SMP): One operating system manages all CPUs. 6: Asymmetric Multiprocessing (ASMP or AMP): One operating system essentially all independent systems.

Answer 34

Watchdog Timer: Design to recover a system by rebooting after critical processes hang.

Answer 35

CISC (Complex Instruction Set Computer): Low-level commands are longer and powerful using less individual instructions to perform a complex task. RISC (Reduced Instruction Set Computer): Low-level commands are shorter and simpler using more individual instructions to perform a complex task but allowing less cycles per instruction and more efficient code.

Answer 36

CISC (Complex Instruction Set Computer): Low-level commands are longer and powerful using less individual instructions to perform a complex task.

Answer 37

RISC (Reduced Instruction Set Computer): Low-level commands are shorter and simpler using more individual instructions to perform a complex task but allowing less cycles per instruction and more efficient code.

Answer 38

No correct answer CISC used in x86 CPUs RISC used in smart phones, powerPCs, SPARC

Answer 39

No correct answer CISC used in x86 CPUs RISC used in smart phones, powerPCs, SPARC

Answer 40

Random Access memory

Answer 41

Yes but some RAM has remanence for seconds or minutes after loss.

Answer 42

Like a tape, must sequentially read memory.

Answer 43

Like RAM, loses integrity after power loss.

Answer 44

Like ROM, Disk or tape, does not lose integrity after power loss.

Answer 45

ROM (Read Only Memory).

Answer 46

ROM is Nonvolatile while RAM is volatile.

Answer 47

Yes - Some types of ROM may be overwritten in a process called flashing

Answer 48

Real or Primary: Like RAM, directly accessible by the CPU and is used to hold data and instructions for currently running processes.

Answer 49

Secondary: Like disks, is not directly accessible.

Answer 50

Fastest memory on the system, the data most frequently used by the CPU.

Answer 51

1: Register File: The fastest portion of the cache, small storage locations used to store instructions and data. 2: Level 1: Next Fastest, Located on the CPU. 3: Level 2: Next Fastest, connected to the CPU but Located outside. 4: SRAM (Static Random Access Memory): Expensive and Fast, uses small latches called flip-flops to store bits. 5: DRAM (Dynamic Random Access memory):: Stores bits in small capacitors (like batteries) and is slower and cheaper than SRAM.

Answer 52

Register File: The fastest portion of the cache, small storage locations used to store instructions and data.

Answer 53

Reallyy fast memory Located on the CPU.

Answer 54

Reallyy fast memory Located outside the CPU but directly connected.

Answer 55

SRAM (Static Random Access Memory): Expensive and Fast, uses small latches called flip-flops to store bits.

Answer 56

SRAM (Static Random Access Memory):

Answer 57

Dynamic Random Access memory

Answer 58

Dynamic Random Access memory

Answer 59

Stores bits in small capacitors (like batteries) and is slower and cheaper than SRAM. Leak charge and must be refreshed

Answer 60

Synchronous SRAM is designed to exactly match the speed of the CPU, while asynchronous is not. That little bit of timing makes a difference in performance. Matching the CPU's clock speed is a good thing, so always look for synchronized SRAM.

Answer 61

General Rule: the closer memory is to the CPU, the faster and more expensive it is. As you move away from the CPU (SRAM, DRAM to Disk, tape, etc) it becomes slower and less expensive.

Answer 62

The CPU adds the values stored here (at this memory location).

Answer 63

Indirect Addressing (**Pointer**): The CPU adds the **value** stored in memory location here.

Answer 64

The same as Direct Addressing except that it references a CPU register.

Answer 65

The same as InDirect Addressing except the pointer is stored in the register.

Answer 66

Prevents one process from affecting the CIA of other processes.

Answer 67

Memory Protection

Answer 68

A logical control that attempts to prevent one process from interfering with another.

Answer 69

A lack of process isolation means that one process crash could crash the entire operating system or that an attacker could affect the CIA of any transaction

Answer 70

Interference attacks are CIA attacks on process isolation.

Answer 71

**Confidentiality**: read your credit card number during an online purchase. **Integrity**: Change your credit card number during an online purchase **Availability**: Stopping an online purchase

Answer 72

1: Virtual memory 2: Object Encapsulation 3: Time Multiplexing 4: Hardware Segmentation

Answer 73

Provides virtual address mapping between applications and hardware memory. where process A's address space is different from process B's address space - preventing A to write into B.

Answer 74

No - it has Multiple Functions: 1: Multitasking (multiple tasks on one CPU) 2: Shared library for multiple processes 3: Swapping

Answer 75

1: Multitasking (multiple tasks on one CPU) 2: Shared library for multiple processes 3: Swapping

Answer 76

No - it has three functions: 1: Multitasking (multiple tasks on one CPU) 2: Shared library for multiple processes 3: Swapping

Answer 77

Paging: Copies blocks of memory between RAM and secondary memory.

Answer 78

Swap space is often a dedicated partition on the hard drive and is used to extend the amount of available memory.

Answer 79

If the kernel attempts to access a page (fixed-length block of memory) located in swap space, a page fault occurs telling the computer to swap the page from the Swap Space into RAM.

Answer 80

Designed as a protective measure to handle occasional bursts of memory usage.

Answer 81

1: Computers keep filling RAM until almost filled. 2: The system will Swap idle processes to Swap Space. 3: As both RAM and Swap Space fills up, the system will start thrashing by swapping active processes to Swap space.

Answer 82

As both RAM and Swap Space fills up, the system will start thrashing by swapping active processes to Swap space.

Answer 83

1: Add more memory 2: Remove processes

Answer 84

Stores small programs that do not change that often in ROM.

Answer 85

1: PROM (Programmable Read Only Memory): Can be written once typically at the factory. 2: EPROMS (Erasable Programmable Read Only Memory): 3: EEPROMS (Electrically Erasable Programmable Read Only Memory):

Answer 86

PROM (Programmable Read Only Memory): Can be written once typically at the factory.

Answer 87

Erasable Programmable Read Only Memory that May be flashed or erased or written many times.

Answer 88

Flashing derived from EPROMs because they were erased by flashing ultraviolet light onto a small window on the chip.

Answer 89

Flashing is the process of erasing and re-writing EPROMs.

Answer 90

EEPROMS (Electrically Erasable Programmable Read Only Memory): May be flashed or erased or written many times

Answer 91

EEPROMS are a Modern type of ROM, electrically erasable via flashing programs. Any byte of a EEPROM can be overwritten.

Answer 92

EPROMs can be flashed but it is all or nothing. EEPROMS are a Modern type of ROM, electrically erasable via flashing programs. Any byte of a EEPROM can be overwritten.

Answer 93

Programmable Logic Device (PLD) are programmed after it leaves the factory.

Answer 94

1: EPROMS 2: EEPROMS 3: Flash memory are all PLDs.

Answer 95

Chip-based media is not like magnetic disks; Degausers may not work.

Answer 96

Basic Input Output System

Answer 97

Code in firmware that is executed when the PC is turned on,

Answer 98

WORM (Write Once Read Many) Storage

Answer 99

Insures Integrity because there is some assurance that the data cannot be modified.

Answer 100

1: CD-R: Compact Disc Recordable 2: DVD-R: Digital Versatile Disk Recordable 3: Some Digital Linear Tape (DLT) drives and media

Answer 101

1: CD-RW 2: DVD-RW

Answer 102

Provides a secure interface between the hardware and application layers.

Answer 103

Operating systems provide memory, resource and process management.

Answer 104

Provides interface between the Operating System and the hardware.

Answer 105

Usually runs at Ring 0

Answer 106

1: Monolithic 2: Microkernel

Answer 107

Monolithic: compiled into one static executable and runs in supervisor mode.

Answer 108

Microkernel: Modular kernels; smaller, less native functionality compared to Monolithic kernels. Can add new functionality via loadable kernel modules. May run modules at User Level – Ring 3

Answer 109

Mediates access between subjects and objects.

Answer 110

Enforces system security policy like restricting SECRET subjects from accessing TOP SECRET objects

Answer 111

Always enabled and cannot be bypasses

Answer 112

Secure systems can evaluate the security of the reference monitor.

Answer 113

Both LINUX/UNIX and Windows Operating systems usually grant read, write and execute permissions. Windows has more: Modify and full control.

Answer 114

Normal users can’t edit the system files like the password file but they need to be able to change their password.

Answer 115

In Unix, setuid programs let normal users run Privileged Programsas as the file’s owner. Setgid runs with the permission’s of the file’s group.

Answer 116

Adds a software layer between an operating system and the underlying computer hardware. Allows multiple guest operating systems to run simultaneously on one physical host.

Answer 117

1: Transparent 2: Paravirtualization

Answer 118

runs stock operating systems

Answer 119

runs specially modified operating systems with modified kernel system calls.

Answer 120

Advantage:Can be more efficient Disadvantage: Requires changing the guest operating systems; may not be possible for closed systems like windows.

Answer 121

1: Lower hardware costs by consolidation and lower power and cooling requirements 2: Snapshots allows admins to create OS images that can be restore at the click of a mouse. 3: Testing becomes simple 4: Clustering virtual guests is easier than clustering Operating Systems directly on hardware.

Answer 122

1: Technology complex and relatively new. 2: It is not a replacement for a firewall; never combine guests with different security requirements (like a DMZ and an Internal Box) 3: Risk of virtualization escape is of high interest to the research community

Answer 123

Runs on a full operating system but uses a web browser as a universal client.

Answer 124

1: Simplify client server architecture and design 2: Improve Performance 3: Lower costs 4: All data is stored on servers

Answer 125

1: Client must patch the browser and operating system for security. 2: Applications are patched in the server.

Answer 126

Energy that escapes electronic systems.

Answer 127

A codename by the US NSA for a standard for shielding emanations

Answer 128

Any communications that violates security policy

Answer 129

1: Storage Channels: The storage of an item has some secret meeting that has nothing to do with the item itself. 2: Timing Channels: The response times to various scenarios may indicate unintended information.

Answer 130

Storage Channels: The storage of an item has some secret meeting that has nothing to do with the item itself.

Answer 131

Timing Channels: The response times to various scenarios may indicate unintended information.

Answer 132

The opposite of a Covert Channel is a Overt Channel; authorized communications that complies with policy.

Answer 133

Occur when a programmer fails to perform boundary checking.

Answer 134

Another name for Buffer Overflow, Smashing the Stack is what an attacker does when he tries to insert information into a variable that is much larger than the programmer intended.

Answer 135

Mitigated by secure application development.

Answer 136

TOCTOU: Time of Check / Time of Use Race Conditions

Answer 137

A race condition is when an attacker attempts to alter a condition after it has been checked by the operating system but before it is used.

Answer 138

Shortcut in the system that allows a user to bypass security controls.

Answer 139

Attackers will often install a backdoor once they compromise a system.

Answer 140

Yes- Maintenance hooks are a type of backdoor; shortcuts installed by system designers to allow developers to bypass security during development.

Answer 141

Generic term for any type of software that attacks an application or system.

Answer 142

1: Viruses 2: Worms 3: Trojans 4: Logic bombs

Answer 143

Malcode that does not spread automatically; they require a carrier like a USB drive or floppy disk.

Answer 144

1: Macro Virus: written in a macro language like MS Office. 2: Boot Sector Virus: Installs itself in the boot sector of the hard drive ensuring that the virus loads every time the system is started. 3: Stealth Virus: Hides itself from the OS and AV systems. 4: Polymorphic Virus: a virus that changes its signature upon infection to evade AV 5: Multipartite Virus (Multipart): spreads via multiple vectors

Answer 145

Macro Virus: written in a macro language like MS Office.

Answer 146

Boot Sector Virus: Installs itself in the boot sector of the hard drive ensuring that the virus loads every time the system is started.

Answer 147

Stealth Virus: Hides itself from the OS and AV systems.

Answer 148

Polymorphic Virus: a virus that changes its signature upon infection to evade AV

Answer 149

Multipartite Virus (Multipart): spreads via multiple vectors

Answer 150

Malware that self-propagates. Coined by John Brunner in 1975’s “The Shockwave Rider”

Answer 151

Cause damage in two ways: 1: with the malicious code they carry and 2: Also with the generated network traffic from aggressive worms self-propagation.

Answer 152

First Widespread Worm: Morris Worm of 1988.

Answer 153

Also called a Trojan Horse (derived from Virgil’s poem “ The Aeneid”) Performs two functions; one benign (like a game) and the other, the Malcode.

Answer 154

Malicious code triggered when a logical condition is met. Malcode often contain logic bombs that behave one way until a specific condition is met and then completely change tactics.

Answer 155

A Zero day exploit is Malcode for which there is no vendor-supplied patch.?

Answer 156

Malware that replaces portions of the kernel and/or operating system.

Answer 157

A user-mode (Ring 3) rootkit replaces operating system components like ls or ps.

Answer 158

A kernel mode (Ring 0) rootkit replaces kernel modules.

Answer 159

Provide runtime compression of executable.

Answer 160

Runtime compression works by compressing the original executable and appending a small decompresser the now compressed exe. Upon execution, the decompresser unpacks the original exe and executes it.

Answer 161

No- Neutral technology; not malicious code per se. but attackers use the technology to avoid AV detection.

Answer 162

Software that is designed to prevent and detect Malicious Code

Answer 163

1: Signature-based av uses static signatures of known malware 2: Heuristic-based av uses anomaly-based detection

Answer 164

Signature-based av uses static signatures of known malware

Answer 165

Heuristic-based av uses anomaly-based detection

Answer 166

Launched by an attacker at a listening service. Exploit vulnerabilities in installed services but this is not exclusively a server problem.

Answer 167

1: Patching 2: Firewalls 3: Other Defense in Depth measures

Answer 168

Launched when a user downloads malicious content; initiated from the victim The flow of data is reversed compared to server-side.

Answer 169

Client Side Attacks are initiated from the victim. The flow of data is reversed compared to server-side. Server side attacks are Launched by an attacker at a listening service.

Answer 170

1: Patching but more difficult than server side attacks 2: Firewalls but more difficult; designed to restrict inbound traffic, not outbound. 3: Other Defense in Depth measures

Answer 171

Web 2.0 technology presents dynamic content and has increased the attack surface. Dynamic Web languages like PHP (Recursive name that stands for Hypertext Processor) enables web pages to be more dynamic.

Answer 172

Example: remote file inclusion attack

Answer 173

Like HTML, a standard to encode documents and data but more universal. Users can define their own formats.

Answer 174

Security Assertion Markup Language (SAML) is an XML-based framework for exchanging security information including authentication data. Some forms of Single-Sign-On use SAML to exchange data.

Answer 175

Security Assertion Markup Language (SAML) is an XML-based framework for exchanging security information including authentication data. Some forms of Single-Sign-On use SAML to exchange data.

Answer 176

Small pieces of mobile code that are embedded in other software like browsers.

Answer 177

Unlike HTML and XML, applets are executables downloaded from servers and run locally.

Answer 178

Malicious Applets are like Malicious Code Can be written in a variety of languages: Java and ActiveX

Answer 179

An Object Oriented programming langauage used to build Applets and general purpose programming

Answer 180

Java bytecode is platform independent. It is interpreted by the Java Virtual Machine (JVM) available for a variety of Operating Systems.

Answer 181

Run in a sandbox that segregates the code from the OS. Designed to prevent the attacker that compromises an Applet from gaining access to the Operating System.

Answer 182

Code that runs in a sandbox must be self-sufficient meaning that it cannot rely on the Operating system to function.

Answer 183

Trusted Shell is a statically compiled shell which can be used in sandboxes. It does not rely on the OS shared libraries.

Answer 184

Java has two parts: the runtime that runs on your computer (and lets you run Java apps), and the browser plug-in that comes along with it. When people talk about Java being insecure, they're talking about the browser plug-in. Java apps themselves aren't inherently insecure, it's the browser plug-in that causes problems.

Answer 185

ActiveX is a software component of Microsoft Windows. ActiveX controls are small programs, sometimes called add-ons that are used on the Internet.

Answer 186

ActiveX uses digital certificates instead of sandboxes to provide security.

Answer 187

Range from USB flash drives to Laptops. Infected with Malware outside the perimeter and then carried into an organization.

Answer 188

Admin Controls like 1: Policy preventing or 2: limiting use.

Answer 189

Technical control like 1: preventing USB devices rom functioning. 2: Authentication via OSI Layer 2 802.1X 3: Patch Verification 4: Up to Date AV signatures 5: Network Access Control (NAC): Device based solution supported by vendors 6: Network Access Protection (NAP): OS solution supported by MS.

Answer 190

Allows two different objects to have the same name; means that two rows may have the same primary key but will have different data.

Answer 191

Databases normally require rows to contain a unique primary key. The multi-level secure database cannot do that without allowing the manager to infer Top Secret Information. Means that the database will create a row with a duplicate key: one labeled SECRET and one Labeled TOP SECRET.

Answer 192

Occurs when a user is able to use lower level access to learn restricted information.

Answer 193

Inference requires deduction; lower level details provide clues

Answer 194

Aggregation is a mathematical process; a user asks every question and receives every answer deriving restricted information

Answer 195

Mitigation: Polyinstantiation

Answer 196

Searching large amounts of data to determine patterns that would otherwise get lost in the noise.

Answer 197

Defense in Depth

Answer 198

Reading Down occurs when a subject reads an object at a lower security level Writing Up occurs when a subject passes an object at a higher security level; the subject does not see any of the information in the object. The difference between Reading Down and Writing Up is the direction flow.

Answer 199

Protects Confidentiality at the expense of integrity. The subject passes the object to a higher security level without reading it. The subject does not read it (Confidentiality) but does not know if the information is valid (Integrity).

Answer 200

A State Machine is a mathematical model that groups all possible occurrences called states. If every state is proven to be secure, then the system is secure.

Answer 201

It is probably better known as the “no read up, no write down” model. It uses a set of access control rules which use security labels on objects and clearances for subjects. Security labels range from Unclassified, For Official Use Only, Confidential, Secret, Top Secret, etc.

Answer 202

The model, however, has no clear distinction of protection and security.

Answer 203

The model emphasizes data confidentiality and controlled access to classified information. To control access to this information the clearance of the subject is compared to the classification of the objects in order for the subject to be granted access to the object.

Answer 204

Simple Security Policy – A subject at a given security level may not read an object at a higher security level. The subject may not “read up”. For example, a person with a Secret clearance level may not read a report that is labeled with Top Secret. The \*-property or Confinement property – A subject at a given security level may not write to any object with a lower security level. The subject may not “write down”. Note: Trusted subjects are not restricted by this property.

Answer 205

Simple Security Policy – A subject at a given security level may not read an object at a higher security level. The subject may not “read up”. For example, a person with a Secret clearance level may not read a report that is labeled with Top Secret.

Answer 206

A subject at a given security level may not write to any object with a lower security level. The subject may not “write down”. Note: Trusted subjects are not restricted by this property.

Answer 207

Allows security controls for complex environments. Allows subjects to reach higher and lower security classifications.

Answer 208

For every relationship between subject ad object, there are defined upper and lower access limits by the system.

Answer 209

Depends on three things: 1: The Subject’s Need 2: The Object’s Label 3: The Subject’s Role

Answer 210

1: Least Upper Bound (LUB) 2: Greatest Lower Bound (GLB)

Answer 211

The Biba Model also carries a clever catch phrase: “no read down, no write up”. The Biba model addresses integrity which was missing in the confidentiality focused Bell-La Padula model. Much like the Bell-La Padula model, the Biba model uses objects and subjects. However, objects and subjects are grouped into integrity levels instead of given security labels.

Answer 212

In order to preserve integrity, subjects may create content at or below their own integrity level and view content at or above their own integrity level. This helps to prevent data corruption thus preserving integrity.

Answer 213

1: Simple Integrity Axiom: A subject at a given level of integrity must not read an object at a lower integrity level (no read down). 2: (star) Integrity Axiom: A subject at a given level of integrity must not write to any object at a higher level of integrity (no write up).

Answer 214

Simple Integrity Axiom: A subject at a given level of integrity must not read an object at a lower integrity level (no read down).

Answer 215

A subject at a given level of integrity must not write to any object at a higher level of integrity (no write up).

Answer 216

The Clark-Wilson model is concerned with information integrity using an integrity policy that defines enforcement rules (E) and certification rules (C).

Answer 217

The basic principle of the model revolves around the idea of a transaction which is a series of operations. The model essentially boils down to data items and processes that operate on these data items

Answer 218

A Constrained Data Item (CDI) is considered the key data item in the model.

Answer 219

An Integrity Verification Procedure (IVP) ensures that all CDIs in the system are valid.

Answer 220

Transformation Procedures (TPs) are the transactions that enforce the integrity policy. A Transformation Procedure takes as input a Constrained Data Item or Unconstrained Data Item (UDI) (possible system input from users) and produces a Constrained Data Item. A Transformation Procedure must transition the system from one valid state to another valid state via certification.

Answer 221

The Clark-Wilson triple is the relationship that exists between the components of an authenticated principal, a set of programs (Transformation Procedures), and data items (Constrained Data Items and Unconstrained Data Items).

Answer 222

1: Separation of duties 2: Transformation procedures within the system

Answer 223

Initially designed to address the risks inherent with employing consultants to work on financial systems Generally designed to avoid conflicts of interest by prohibiting one person from accessing multiple Conflict of Interest Categories (COI).

Answer 224

COIs (Conflict of Interest Categories) pertain to accessing company-sensitive information from different companies that are in direct competition with one another.

Answer 225

Requires that COIs be identified so that one consultant gains access to one COI, they cannot access opposing COIs.

Answer 226

Ensures that data from different security domains remain separate.

Answer 227

Controls against covert channel communications because the information cannot cross boundaries

Answer 228

Each data access attempt is independent and has no connection to previous data access attempts.

Answer 229

Refers to rules that govern interactions between subjects and objects

Answer 230

1: Create Privileges: (Alice Creates Privileges for Docs) 2: Remove Privileges: (Alice Removes Privileges for Docs) 3: Grant Privileges: (Alice Grants Privileges to Carol) 4: Take Privileges: (Bob Takes Privileges from Alice)

Answer 231

A Table that defines what access permissions exist between subjects and objects. A data structure that acts as a lookup table for the Operating System

Answer 232

Provides six frameworks for providing information security. 1: Who 2: What 3: When 4: Where 5: Why 6: How

Answer 233

1: Objects 2: Subjects 3: Rules

Answer 234

R1: Transfer Access R2: Grant Access R3: Delete Access R4: read Object R5: Create Object R6: destroy Object R7: Create Subject R8: Destroy Subject

Answer 235

Maps subjects, objects and access rights to an access matrix.

Answer 236

A variation of the Graham-Denning Model; different in that it considers subjects to be objects.

Answer 237

1: Create Object 2: Create Subject 3: Destroy Subject 4: Destroy Object 5: Enter Right into Access Matrix 6: Delete Right from Access matrix

Answer 238

1: Dedicated: 2: System high 3: Compartmented 4: Multilevel

Answer 239

Contains objects of one classification only. All subjects must have equal clearance or higher: Appropriate Clearance Formal access approval Kneed to Know

Answer 240

1: Objects 2: Subjects 3: Rules

Answer 241

1: Create Object 2: Create Subject 3: Destroy Subject 4: Destroy Object 5: Enter Right into Access Matrix 6: Delete Right from Access matrix

Answer 242

1: Dedicated: 2: System high 3: Compartmented 4: Multilevel

Answer 243

Contains objects of one classification only. All subjects must have equal clearance or higher: Appropriate Clearance Formal access approval Kneed to Know

Answer 244

System contains an object-mix of clearance levels Subjects must have the same level of clearance as the highest object

Answer 245

All subjects have the same clearance level of the objects but do not have the formal approval authority nor a need to know. Objects are places in compartments Use technical controls to enforce as opposed to policy.

Answer 246

Stores objects of different sensitivity labels and allows subject access with differing clearances The reference Monitor mediates access

Answer 247

Yes May use a Discretionary Access Control (DAC) or Mandatory Access Control (MAC)

Answer 248

Designed to gauge real-world security systems and products.

Answer 249

The Trusted Computer System Evaluation Criteria (TCSEC – the Orange Book) is the granddaddy of evaluation models developed by DOD in the 1980s.

Answer 250

1: The Trusted Computer System Evaluation Criteria (TCSEC – the Orange Book) 2: ITSEC (Information Technology Security Evaluation Criteria) 3: The International Common Criteria

Answer 251

The First significant attempt to define differing levels of security and access control.

Answer 252

Beginning with the The Trusted Computer System Evaluation Criteria (TCSEC – the Orange Book), the Rainbow series is a set of 35 different security standards with widely ranging topics.

Answer 253

Divisions (Higher Numbers and Letters are more secure) D: Minimal Protection; systems that do not meet the requirements of higher divisions C: Discretionary Protection; DAC (Discretionary Access Control) C1: Discretionary Security Protection C2: Controlled Access Protection B: Mandatory Protection; MAC (Mandatory Access Controls) B1: Labeled Security Protection B2: Structured Protection B3: Security Domains A: Verified Protection A1: Verified Design (everything in B3 plus more controls)

Answer 254

Old and no longer actively used but used as a reference for other models.

Answer 255

Does not address networked issues.

Answer 256

Brings Orange Book concepts to networked systems

Answer 257

The first successful international evaluation model

Answer 258

Refers to Orange Book but separates functionality from assurance (Effectiveness and Correctness)

Answer 259

ITSEC TCSEC (Orange) E0 D F-C1 E1 C1 F-C2 E2 C2 F-B1 E3 B1 F-B2 E4 B2 F-B3 E5 B3 F-B3 E6 A1

Answer 260

Additional Functionality Ratings F-IN: High Integrity Requirements AV: High Availability Requirements DI: High Integrity Requirements for Networks DC: High Confidentiality Requirements for Networks DX: High Integrity and Confidentiality Requirements for networks.

Answer 261

The second major international criteria effort behind ITSEC

Answer 262

1: Designed to avoid requirements beyond state of the art 2: Intended to evaluate commercially available as well as government produced 3: Primary Objective is to eliminate known vulnerabilities of the target for testing.

Answer 263

1: Target of Evaluation (ToE): the system which is being evaluated 2: Security Target (ST): The documentation describing the ToE including the security requirements and operational environment 3: Protection Profile (PP): an independent set of security requirements and objectives for a specific category of products 4: Evaluation Assurance Level (EAL): The score of the tested product.

Answer 264

EAL1: Functionally Tested EAL2: Structurally Tested EAL3: Methodically Tested and Checked EAL4: Methodically designed, tested and reviewed EAL5: Semi-formally designed and tested EAL6: Semi-formally verified, designed and tested EAL7: Formally verified, designed and tested

Answer 265

Created by the Payment Card Industry Security Standards Council (PCI-SCC) Seeks to protect credit cards by requiring vendors to take specific security precautions.

Answer 266

1: Security Management 2: Policies 3: Procedures 4: Network Architecture 5: Software Design

Answer 267

1: Build and Maintain a secure network 2: Protect cardholder data 3: Maintain a vulnerability management program 4: Implement strong access control measures 5: Regularly monitor and test networks 6: Maintain an Information Security Policy

Answer 268

Certification means that a system has been certified to meet the security requirements of the data owner. Certification considers the system, the security measures taken to protect the system and the residual risk represented by the system. Accreditation is the data owner’s acceptance of the certification and the residual risk required before the system is put into action,

Answer 269

A: Bella-LaPadulla

Answer 270

C: Multilevel Security

Answer 271

C: layering

Answer 272

A: Multiprocessing

Answer 273

C: inference

Answer 274

B: A System built from industry-standard parts

Answer 275

A: Graham-Denning