Domain 6 - Security Architecture And Design Flashcards

1
Q

Is a volatile hardware memory that loses integrity after loss of power

A

Random Access Memory or RAM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

It mediates all access between objects and subjects. It enforces the system’s security policy, such as preventing normal user from writing to a restricted file such as e system password file.

A

Reference Monitor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Is a non volatile memory that maintains integrity after loss of power

A

Read Only Memory or ROM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Trusted Computer System Evaluation Criteria is also known as ——

A

The Orange book

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The security relevant portions of computer system

A

Trusted Computing Base - TCB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An interface between computer hardware and the operating system, allowing multiple guest operating systems to run on one host computer

A

Virtualisation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

This separates hardware and software functionality into modular tiers

A

Layering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Complexity is the enemy of security; the more complex the process is, the less secure it is. Computers are tremendously complex machine, ——- provides a way to manage that complexity and hides unnecessary details from the user.

A

Abstraction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Is the list of objects a subject is allowed to access.

A

Security Domain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the two domains of a Kernel?

A
  1. Kernel mode

2. User mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

It is where the Kernel lives allowing low level access to memory, CPU, disk etc. It is the most trusted and powerful part of the system.

A

Kernel mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

It is where user accounts and their processes lives.

A

User mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Is a form of CPU hardware layering that separates and protects domains (such as Kernel and user mode) from each other

A

Ring model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the four theoretical rings of the ring model?

A

Ring 0 - Kernel
Ring 1 - other OS components that do not fit ring 0
Ring 2 - Device drivers
Ring 3 - User applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Processes communicates between the rings via —-, which allow processes to communicate with the kernel and provide a window between the rings

A

System calls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Is a system that uses open hardware standards, using standard components from variety of vendors

A

Open system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Is a system that uses proprietary hardware or software

A

Closed system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Is the primary communicant channel on a computer system

A

Computer bus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Also called the Memory Controller Hub (MCH) which connects. He CPU to RAM and video memory

A

Northbridge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Also called the IO Controller Hub (ICH) which connects input/output devices such as disk, keyboard, mouse etc…

A

Southbridge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Is a part of CPU that performs mathematical calculations

A

Arithmetic Logic Unit (ALU)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Part of the CPU that sends instructions to the ALU

A

Control Unit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Combines multiple steps into one combined process, allowing simultaneous fetch, decode, a d write steps for different instructions

A

Pipelining

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

This indicates that an asynchronous event has occurred. It is a form of hardware interrupt that cause the CPU to stop processing its current task, save the state, and began processing a new request

A

CPU interrupts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
---- is an executable program and its associated data loaded and running in memory
Process
26
This allow multiple tasks (heavy weight processes) to run simultaneously on one CPU
Multitasking
27
This runs multiple processes on multiple CPU
Multiprocessing
28
Is designed to recover a system by rebooting after critical processes hangs or crash
Watchdog timer
29
What are the two forms of CPU designs?
1. Complex Instruction Set Computer - CISC | 2. Reduced Instruction Set Computer - RISC
30
Is a form of CPU design that uses a large set of complex machine language instructions
CISC
31
Is a form of CPU design that uses reduced set of simpler intructions.
RISC
32
Is the fastest memory on the system required to keep up with the CPU as it fetches and executes intructions.
Cache memory
33
Is a logical control that attempts to prevent one process from interfering with another
Process Isolation
34
Techniques used to provide process isolation
1. Virtual Memory 2. Object encapsulation 3. Time multiplexing
35
This takes process isolation one step further by mapping processes to specific memory locations.
Hardware Segmentation
36
This provides virtual mapping between applications and hardware memory
Virtual Memory
37
This uses virtual memory to copy contents in primary memory (RAM) to or from secondary memory ( not directly addressable by the CPU, on disk)
Swapping
38
T or F. Flash memory drives are disk drives.
False
39
T or F. Secure destruction method used for magnetic drives, such as degaussing may not work with flash drives.
True
40
---- are energy that escape an electronic system, and which may be remotely monitored under certain circumstances.
Emanations
41
Is any communication that violates security policy.
Covert channel
42
Is an authorised communication that complies with security policy.
Overt channel
43
Two specific types off covert channel
1. Storage channel | 2. Timing channels
44
Is a covert channel that uses shared storage such as temporary directory to allow two subjects to signal each other.
Covert storage channel
45
Is a covert channel that relies on the system clock to infer sensitive information.
Covert Timing channel
46
------ can occur when a programmer fails to perform bounds checking
Buffer Overflow
47
An attack where attackers attempts to alter condition after it has been checked by the Operating System, but before it is used. It is an example of state attack where attacker capitalises on a change in operating system
Time of check/Time of use - TOCTOU or race conditions
48
Is a shortcut in a system that allows a user to bypass security checks (such username/password authentication ) to login
Backdoor
49
Is a type of backdoor typically shortcuts installed by system designers/programmers to allow developers to bypass normal system checks during development, such as requiring users to authenticate.
Maintenance Hook
50
Is the generic term for any type of software that attacks an application of system
Malicious code or Malware
51
----- are malware that does not spread automatically and require a carrier such as human
Computer Viruses
52
----- is a virus written in macro language such as MS office macros
Macro virus
53
Is a virus that infects the boot sector of a PC, which ensures the virus loads upon system startup
Boot Sector virus
54
Is a virus that hides itself from the OS and other protective software, such AV software
Stealth virus
55
Is a virus that change its signature upon infection of new system, attempting to evade signature based anti virus software
Polymorphic virus
56
Is a virus that spreads via multiple vectors
Multipartite virus
57
------ -are malware that self propagates
Worm
58
Is a malware that performs two functions: one benign (such as a game), and one malicious
Trojans
59
Is a malware which replaces portions of the kernel and/or operating system
Rootkits
60
This provides run time executables . The original exe is compressed and a small decompresser is prepended to the EXE.
Packers
61
Is a malicious program that is triggered when a logical condition is met, such as after a number of transactions have been processed, or on a specific date
Logic bombs
62
An attack that is launched directly from an attacker (the client) to a listening service
Server (service) side attacks
63
This occurs when a user downloads malicious content. Attacks initiate from the victim who downloads contents from the attacker
Client side attack
64
Is a small piece of mobile code that are imbedded in other software such as web browser. Primary security concern is this are downloaded from servers and run locally.
Applets
65
Is an object oriented language used not only to write applets, but also as a general purpose programming language. Applets written run in a sandbox which segregates the code for the OS thus preventing malicious applet to access file system
Java
66
Is a Microsoft functional equivalent of java applets but use digital certificate instead of a sandbox to provide security .
ActiveX
67
----- allows two difference objects have the same name. In databases, it means two rows may have the same primary key but different data
Polyinstantiation (multiple instances)
68
This occur when a user is able to use lower level access to learn restricted information. It requires deduction; there is a mystery to be solved and lower level clues are available. One example is when there are plenty of cars and pizza delivery in the White House in the middle of the night
Inference
69
This searches large amounts of data to determine patterns that would otherwise get 'lost in the noise'.
Data Mining
70
This occurs when a subject reads an object at lower sensitivity level such as top secret subject reading a secret object
Reading down
71
This occurs when a subject has information and passes that information up to an object which has higher sensitivity than the subject has permission to access
Writing up
72
Is a mathematical model that groups all possible system occurrences, called states. Every possible state of the system is evaluated, showing all possible interactions between subjects and objects. The system is proven to be secure if all the state is proven to be secure.
State Machine Model
73
-------- is a security model developed by US Dept of Defense focusing on maintaining the confidentiality of objects. It means not allowing users at lower security levels to access objects at higher security level. No Read-up and no write down
Bell-LaPadula
74
What are the two properties/rule that operates Bell LaPadula?
1. Simple Security property | 2. Star Property
75
A security property that states "no read up". A subject at a specific classification level cannot read an object at a higher classification level.
Simple Security Property
76
Is a security property that is "no write down". A subject at a higher classification level cannot write to a lower classification level.
* Security Property
77
Within the Bell-LaPadula access control model, what are the two properties which dictates how the system will issue security labels for objects.
1. The Strong Tranquility property | 2. The Weak Tranquility property
78
In Bell-LaPadula access control model, this states that security models will not change while the system is is operating
Strong Tranquility Property
79
In Bell-LaPadula access control model, this states that security models will not change in a way that conflicts with defined security properties
Weak Tranquility Model
80
------ is a security access control model that defines upper (least Upper Bound - LUB) and lower access limits ( Greatest Lower Bound - GLB) . This allows reaching higher and lower data classification based on the need of the subject, label of the object, and the role of the subject.
Lattice Based Access Control
81
Is a security model focusing on integrity that protects integrity by requiring subjects to access objects via programs.
Clark-Wilson
82
This security model focuses on integrity of information at the highest level by using two primary rules : No read down No write up
Biba model.
83
What are the two primary rules of BIBA model?
1. Simple Integrity Axiom | 2. * Integrity Axiom
84
In BIBA security model, this specifies that a subject at specific classification level cannot read data at a lower classification - thus "no read down". This prevents subject from accessing information at a lower integrity level. This protects integrity by preventing bad information from moving up from lower integrity levels.
Simple Integrity Axiom
85
In BIBA model, at subject at a specific classification level cannot write to data at a higher classification. "No write up". This protects integrity by preventing bad information from moving up to a higher integrity level
* Integrity Axiom