Flashcards in Domain 7 - Operations Security Deck (26):
3. A sensitivity label is a piece of information that represents the security level of an object and that describes the sensitivity (e.g., classification) of the date object. Sensitivity levels are used as a basis for:
a. Identifying the owner of the object.
b. Determining the retention period for the object.
c. Determining mandatory access control decisions of the object.
d. Providing a schedule for rotation of the object to an offsite location
Explanation: Answer c is the correct answer, and is taken from the cited reference. The other answers are incorrect because they are each too narrow or just plain wrong.
10. Audit trails maintain a record of activity, and in conjunction with appropriate tools and procedures can provide a means to accomplish which of the following?
a. Individual accountability and separation of duties.
b. Prudent man concept.
c. Physical security.
d. Reconstruction of events.
Explanation: Answer d is the correct answer, and is taken from the “NIST Generally Accepted Principles and Practices for Securing Information Technology Systems”, September 1996, Section 3.13. Answer a is incorrect as audit trails to not establish separation of duties, although they do provide for individual accountability, if set up properly. The prudent man concept incorporates concepts of due care and due diligence, and an audit trail alone does not accomplish this.
19. Cleanliness of media is important and as such it demands special handling and storage. All except one of the following media handling techniques should be considered:
a. Do not leave media that are to be shipped on the loading dock.
b. The media transport time should be as short as practical, preferably, no longer than five days.
c. Leave the tape cartridges in their protective packaging until ready to use them.
d. Use sharp instruments to unpack tape cartridges to avoid jagged cuts in packing materials.
Explanation: Answer d is the correct answer. One would want to avoid using sharp instruments altogether. The other answers are correct.
32. Which of these is a media-control task?
a. Off-site storage of backup media.
b. Erasing each Volume at the end of its retention period.
c. Cleaning and checking media on a regular basis.
d. Answers b and c.
Explanation: Answer d is the correct answer, and is taken from the cited reference. Every organization has a media control responsibility, and each Volume in the media library must be labeled in both human-readable and machine-readable forms. A correct inventory of all media is also important to track entry of a Volume into the library, removal of a Volume, and each return. Other media-control tasks include those listed in b and c (above). Answer a is a function of business continuity planning, even though media management is involved.
35. The “Orange Book” is the common name for:
a. The Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria, or TNI (U.S. DOD, 1987).
b. U.S. DOD, 1985d.
c. The Technical Rationale Behind CSC-STD-003-85 (U.S. DOD, 1985b).
d. All of the above.
Explanation: Answer b is the correct answer, as it’s the common name for the Department of Defense document containing the basic definition of the TCSEC, and the name is derived from the color of its cover. Answer a is the “Red Book”. Answer c is the “Yellow Book”, which contains guidance for applying the TCSEC to specific environments.
44. Magnetic media require environmental controls to protect it from the most common risks that include all but one of the following:
Explanation: Answer d is most correct answer. Air alone does not present a significant environmental risk to magnetic media. Temperature and liquid spillage can result in damage to the media itself, and magnetism can result in the loss of data contained on the media.
48. Computer support and operation refers to:
a. System planning.
b. System design.
c. System administration.
d. None of the above
Explanation: Answer c is the correct answer, and is taken from the “NIST Handbook” Special Publication 800-12. Answers a and b are related to applications development.
50. In configuration management the goal, from an operational security standpoint, is to:
a. Know what changes occur.
b. Prevent security from being changed.
c. Know when security can be reduced.
d. Know when security can be eliminated
Explanation: Answer a is correct answer the others are not the goal of security in configuration management. Security may or may not need to be changed at some point, but the most important concept is to be in a position to KNOW what changes have occurred.
56. Nonrepudiation is:
a. Something to which access is controlled.
b. Equivalent to administratively directed access controls.
c. An expression of policy in a form that a system can enforce, or that analysis can use for reasoning about the policy and its enforcement.
d. An authentication that with high assurance can be asserted to be genuine.
Explanation: Answer d is the correct answer, and is taken from the cited reference. Answer a refers to an object. Answer b refers to nondiscretionary access controls. Answer c refers to a model.
72. Which of the following does not need to be a part of the TCB?
a. The operating system kernel.
b. Protected subsystems
c. Trusted applications
d. Untrusted applications
Explanation: Answer d is the correct answer, and is taken from the reference below. Answers a, b, and c are all elements of an effective TCB. Keeping the TCB as small and simple as possible is the key to making it amenable to detailed analysis.
79. When considering Operations Security, controls should be placed on system software commensurate with the risk, including:
a. Authorization for system changes. A combination of logical and physical access controls can be used to protect software and backup copies.
b. Use of powerful system utilities that can potentially compromise the integrity of operating systems and logical access controls.
c. Policies for loading and executing new software on a system.
d. All of the above.
Explanation: Answer d is the correct answer, and is taken from the “NIST Generally Accepted Principles and Practices for Securing Information Technology Systems”.
93. The primary reasons that each aspect of computer support and operations should be documented include all but one of the following:
a. Ensure continuity and consistency.
b. Eliminate security lapses and oversights.
c. Provides new personnel with sufficiently detailed instructions.
d. Satisfy audit requirements.
Explanation: Answer d is the most correct answer. The reference for this is taken from the reference cited below. The other answers are reasons why computer support and operations should be documented.
97. According to “Orange Book” criteria, which of the following is required for C1 security?
b. Trusted recovery.
c. System architecture (software engineering).
d. Object reuse.
Explanation: Answer d is the correct answer, and is taken from the references cited below. The other answers are elements of Mandatory (B) Protection. Just for clarification on answer c, Discretionary (C) Protection does require system architecture, but only for process isolation, not software engineering.
104. The concept of “least privilege”, as it pertains to Operations Security, means:
a. An operator needs access to documentation about operating system internals.
b. An operator must have full access to the media library.
c. An operator must be able to adjust resource quotas.
d. A and C are both correct answers.
Explanation: Answer c is the correct answer, and is taken from the cited reference. Answer a is incorrect as it this is a system programmer responsibility. Answer b is incorrect in regard to sensitive data, in that the media need only be released to the operator at the job’s scheduled time.
108. The objective of separation of duties is to protect each of the following from compromise except for:
Explanation: Answer d is the correct answer, as it is the least likely of the four answers given to be the objective of separation of duties. Applications, activities, and controls are subject to be compromised by individuals acting alone, and therefore separation of duties can be effective in protecting them.
122. The concepts of due care and due diligence are key to Operational Security undertakings. Examples of due diligence include all but one of the following:
a. Good housekeeping.
b. Requesting that employee’s acknowledge and signoff on computer security requirements.
c. Issuing appropriate formalized security policies and procedures.
d. Allowing unrestricted access to both public and private spaces.
Explanation: Answer d is the correct answer. All others are all examples of due diligence and are taken directly from the cited reference.
127. In order to protect audit trails, the audit database must be protected. Which of the following techniques can help counter attacks on the audit database?
a. Write-once optical disks.
b. Cryptographic protection.
c. Remote storage of audit trails.
d. All of the above.
Explanation: Answer d is the correct answer, and is taken from the reference cited below. In addition to establishing accountability, an audit trail may also reveal suspicious patterns of access and so enable detection of improper behavior by both legitimate users and masqueraders. Limitations to this use of audit information often restrict its use to detecting unsophisticated intruders because sophisticated intruders have been known to circumvent audit trails in the course of penetrating systems. Techniques, such as those listed above in a, b, and c can help counter some of those attacks on the audit database itself, although these measures do not address all the vulnerabilities of audit mechanisms.
149. The portion of risk that remains due to management decisions, unconsidered factors and/or incorrect conclusions is termed:
b. Residual risk
d. Threat factors
Explanation: Answer b is the correct answer and can be found in the cited reference. Answer a is what occurs if corrective actions are inadequate, and c is a policy one buys to transfer the cost to a third-party. Answer d are factors that can impact an asset.
157. Configuration management is another important component of Operations Security and is defined as:
a. Controlling modification to system hardware, firmware, software and documentation against improper modification.
b. Security safeguards designed to detect and prevent unauthorized access.
c. Ensuring availability of critical systems components.
d. Maintenance of essential DP services after a major outage.
Explanation: Answer a is the correct answer. Answers b through d are either two narrow or describe the definitions of another component of the access control environment.
170. The security of a system should also be documented and would typically include all but one of the following:
a. IT facilities telephone books.
b. Security plans.
c. Risk analysis.
d. Security policies and procedures.
Explanation: Answer a is the correct answer. The reference for this is taken from the reference cited below. The other answers are correct. Answers b through d are clearly correct, while answer a has nothing to do with Operations Security.
174. Which of the following represents a Star Property in the Bell-LaPadula model?
a. Subject cannot read upwards to an object of higher secrecy classification
b. Subject cannot write upwards to an object of higher secrecy classification
c. Subject cannot write downwards to an object of lower secrecy classification
d. Subject cannot read or write upwards or downwards to an object outside of their own secrecy classification
Explanation: Answer a would represent a “Simple Security Property”. Answer b would represent a “Strong Star Property”. Answer c is correct – “No Write Down”. Answer d would represent a “Strong Star Property”
203. Every program or system component must operate with the minimum set of privileges it needs to accomplish its task. This is the definition of:
a. Least privilege
b. Open design
c. Separation of privilege
d. Economy of mechanism
Explanation: Answer a is the correct answer and is taken from the cited reference. Answer b is defined as: the design itself should not be a secret, and an open design can be reviewed by many experts and potential users, so deficiencies are more likely to be found and corrected. Passwords and encryption keys must be kept secret, but not designs. Answer c is defined as: two or more keys are needed to unlock a protection mechanism or if two independent mechanisms must agree before an action is allowed. Answer d is defined as: keeping the design as simple and small as possible.
222. Another component of Operational Security is logging of media for inventory purposes. The information contained in Media Logs include all but one of the following:
a. Control or tracking numbers
b. Times and dates of transfers
c. Names and signatures of individuals involved.
d. Number of bytes on information contained on the media.
Explanation: Answer d is most correct answer the others are the type of information you would expect to see on the log.
225. Computer operators should be able to:
a. Authorize users to access the system.
b. Set the time and date on the system.
c. Maintain and manage the audit log files.
d. Run tools to format, compress, and analyze data.
Explanation: Answer b is the correct answer and is taken from the reference cited below. Answer a is the role of a security administrator. Answer c and d are roles of an auditor.
232. Operational Security is:
a. Used to identify and define the physical security of computer facilities and media.
b. Used to define and control access to software.
c. Used to identify the controls over hardware, media and the operations with access privileges to any of these resources.
d. Used to define and control access to computer systems.
Explanation: Answer c is the correct answer, and is taken verbatim from the cited reference. The other answers are incorrect because they are each too narrow