Domain Three: Architecture and Design

Question 1

What are the four main element of code quality and testing ?

Answer 1

Code Analysis, Stress Testing, Model Verification, Version Control

Question 2

What are the two types of code analysis ?

Answer 2

Dynamic and Static

Question 3

What is dynamic code analysis ?

Answer 3

Testing during execution by feeding inputs into the application
Fuzzing is a method of dynamic analysis in which a brute force test method is used to detect input and validation issues or vulnerabilities in the system

Question 4

What is static code analysis ?

Answer 4

Involves examining the code without execution

Question 5

What is model verification ?

Answer 5

Making sure that the systems does what it is intended to do in an expected manner. Do interdependencies with other functions and apps also behave as expected.

Question 6

What is stress testing ?

Answer 6

Testing the app for performance bottlenecks under normal conditions. Load testing is the testing under peak conditions over and above stress testing.

Question 7

What are embedded systems ?

Answer 7

Embedded systems are those that are incorporated into other systems examples are Smart TVs and Washing Machines.

Question 8

Describe IOT/Smart Devices ?

Answer 8

These are characterised by remote control of the system at hand. You can think of home automation and fitness sensors as being prime examples of this.

During the course of the history of IOT functionality over security was very much the design pattern and it now should be considering that they have access to our biometric data.

Question 9

What is the problem in terms of security with printers and MFD devices ?

Answer 9

Printers and MFDs are hackable. Printers communicate to servers and computers in a bidirectional manner taking jobs, queuing them and then sending back outcome notifications.

It is perfectly feasible that these devices can send malware back to the server especially as all to often they have been designed for functionality first and security was an afterthought.

Question 10

What are real time operating systems ?

Answer 10

Characterised by not queuing data and events but operating on them as soon as they arrive. Think of a robot arm in a car assembly plant. The biggest security risk is something interrupting the timing and this often means that they are difficult to take offline to patch and update which in turn increases the security risk.

Question 11

What are SCADA systems ?

Answer 11

Supervisory Control and Data Acquisition - These systems usually are part of another system that has a physical aspect to them an example being traffic lights.

Traditionally these systems were separated and air gapped so that the only access to them was via external media but they are increasingly becoming connected which has meant a greater security attack surface.

Question 12

What are the issues of Aircraft and security ?

Answer 12

Physical buttons, switches, gauges etc are replaced with digital devices such as touch screens.

Question 13

What are the issues of security with Medical devices ?

Answer 13

Often overlooked but these are critical and have to be re-certified everytime they are updated.

Question 14

What are the issues with unmanned vehicles ?

Answer 14

Popular with military controlled over network connection which makes it an attractive target for hacking.

Question 15

What are the security issues we should be aware of with vehicles ?

Answer 15

Vehicles are coming with more and more hackable technology.

Question 16

What is system on a chip ?

Answer 16

These are systems where the software and hardware instructions are all governed from a single chip. Computers are multi chip systems.

Question 17

What are the uses of benchmarks ?

Answer 17

These are usually guides on the best practice for configuring systems and components.
CIS (Centre for Internet Security)

Question 18

What are the three ways of implementing defence in depth ?

Answer 18

There are three ways to implement

Vendor Diversity - For example having both windows and linux devices
Control Diversity - Administration controls such as policies and risk assessments and technical controls such as firewalls and IDS/IPS
User Training - Policy and procedure awareness.

Question 19

Give an example of a non regulatory framework ?

Answer 19

NIST

Question 20

Give some examples of Physical security controls ?

Answer 20

Lighting - Important to give visibility of action
Signs - Demarcates dangerous or high security areas
Alarms - Warnings
Barricades - Protection of areas
Fencing - Physical around area Cage - Indoor fencing Gate - monitoring on entrance to cage
Bollard - Simple Barricade
Mantraps - Effective against tailgating
Faraday Cages - Used to stop emi
TEMPEST - DoD program to emi and eavesdropping
CCTV - Should be on separate network so they dont provide an entrance to corporate network
Physical Security Logs - Should be taken
Bump Key Resistant Locks - Bump keys are those where the notches are deeply cut allowing an attacker to force the key into the lock and open it

HVAC - Heating, Ventilation, air con
Hot aisles and cold aisles can be used to maintain a data centre temp
Fire suppression systems - dont prevent fires but limit damage

Question 21

Describe RAID 0

Answer 21

Striped Disks - Data is spread across multiple disks which increases speed but not redundancy

Question 22

Describe RAID 1

Answer 22

Mirrored Disks - Data is copied from one disk to another. If the disk is lost we dont lose the data. This is more expensive than other methods.

Question 23

Describe RAID 5

Answer 23

Block Striped with Error check - Most commonly used stripes data and parity checks across multiple drives; increased reliability and speed

Question 24

Describe RAID 10

Answer 24

Stripe of Mirrors - combines striping and mirroring

Question 25

What are distributive allocations ?

Answer 25

This is the mechanisms by which load is distributed across redundant resources. If the resources are servers then distributive load is the method that allocates work to those servers. If the resource is data then geographical locations can be used as a means of distribution.

Question 26

What is redundancy ?

Answer 26

Redundancy is the use of multiple independent elements to perform critical functions This can be done through multiple servers, connections or even ISPs and many organisations maintain a supply of spare parts to readily repair any failed hardware components.

Question 27

Describe high availability and fault tolerance ?

Answer 27

High Availability is the maintaining of a systems availability through an unusual event by the use of a hot systems. Fault Tolerance is the maintaining of a systems availability during an non critical event by the use of a warm system. The event is non critical because we should have built enough redundancy in the system to cover a foreseen eventuality such as a disk failure,

Question 28

What are the benefits of automation ?

Answer 28

Cuts down risks due to using humans. Releases operations team members back from routing tasks. Continuous Monitoring can be used to automatically respond to certain events Continuous validation - automated testing to resolve issues with configuration management

Question 29

What is elasticity and scalability ?

Answer 29

Scalability is the ability of the system to accommodate larger loads just by adding resources either making hardware stronger (scale up) or adding additional nodes (scale out). Elasticity is the ability to fit the resources needed to cope with loads dynamically usually in relation to scale out. So that when the load increases you scale by adding more resources and when demand wanes you shrink back and remove unneeded resources. Elasticity is mostly important in Cloud environments where you pay-per-use and don't want to pay for resources you do not currently need on the one hand, and want to meet rising demand when needed on the other hand.

Question 30

What is the concept of non persistence ?

Answer 30

These are machine images that changes are made to but are not expected to persists. Ephemeral storage is a good example. Snapshots are the point in time backups of VMs Rollback to known configuration - Microsoft term for rolling back to last known registry configuration that was saved by OS Live Boot Media - USBs that have a bootable OS on them

Question 31

What are templates and master images ?

Answer 31

Templates can be used to create master images of machine instances. You can use automation for post configuration task such as IP addresses, licensing and instance specific configuration.

Question 32

Describe the two software development lifecycles ?

Answer 32

Agile vs Waterfall, There are two forms of Agile - Scrum and XP or extreme programming Scrum has a 30 day sprint and a product backlog. Its crucial that developers know secure coding practices. XP has a more flexible definition of a sprint and there is a greater emphasis on user acceptance testing to create incremental advances.

Question 33

What is the reasoning around code re-use ?

Answer 33

We should aim to re-use code where possible and remove dead code as it can be a security risk.

Question 34

What is code signing ?

Answer 34

This is using PKI to digitally sign a code download in order to verify its source and integrity. A trusted CA should be used.

Question 35

What is data exposure ?

Answer 35

Data at rest and in transit should always be protected.

Question 36

What are the rules around encryption ?

Answer 36

Use the most up to date algorithms, dont craft your own.

Question 37

What is the rule around memory management ?

Answer 37

Memory should be reclaimed after use and appropriate values should be assigned to variable types.

Question 38

What is obfuscation ?

Answer 38

Is hiding element such as code or data items so if they are leaked hackers cant make use of them. Code obfuscation is sometimes frowned upon.

Question 39

What are the rules around proper error handling ?

Answer 39

Information when an application errors should never be relayed back to a user as it can be used against the system by a hacker. The main challenge is where to store the information. The ideal location is an acl controlled log file.

Question 40

Why use proper input handling ?

Answer 40

We should use proper input validation to make sure that malicious users cant inject values and code into our applications that could cause a security issue. All input should be viewed as hostile. Proper input validation will mitigate the following attacks Buffer Overflows Cross Site Scripting Cross Site Request Forgeries Injection Attacks Normalisation is the process of checking inputs and formatting them to be of the correct format - Postcodes, email, social security numbers.

Question 41

Where should we implement checks server or client ?

Answer 41

Both are ideal but because we cant be sure of the client environment we must always have server side validation and checking. We should always distrust anything coming from the client and validate it on the server side.

Question 42

Why use stored procedures ?

Answer 42

Stored Procedures on a database are preferred to dynamic queries sent from the application layer as they have a specific name and input structure and dont reveal the inner workings of the database as dynamic queries do. This technique prevents sql injection attacks.

Question 43

What is secure devops ?

Answer 43

Secure DevOps is about making sure that within the devops environment security has a first order place. Automation of highly repetitive tasks releases workers to concentrate on more high value work. Examples of automation are static code analysis and vulnerability scanning Immutable Systems (Cattle) vs Pets

Question 44

Describe the traditional four environment types ?

Answer 44

Dev, test, staging and prod

Question 45

What is sandboxing ?

Answer 45

Can be done for whole environment down to applications running on your phone. The idea is to provide security through isolation.

Question 46

What is emi/emp ?

Answer 46

EMI is electrical interference and EMP is a pulse of that interference and this can damage or prevent the operation of the affected device. Mitigated by the use of shielded cables and grounded circuits.

Question 47

What is HSM ?

Answer 47

Generate and store keys, can connect via usb and can be used as a means to authenticate and encrypt and apply digital signatures as well.

Question 48

What is secure boot ?

Answer 48

Malware targeting drivers present a problem because they get loaded before security tools and therefore can be missed. Secure boot only allows drivers signed and vetted to be installed.

Question 49

What is a trusted platform module ?

Answer 49

Trusted Platform Modules are chips on the motherboard to create and store keys. The TPM hashes sections of the hardware, firmware and software and on the next run compares the new hash against the previous to see if anything has changed if it has it may prevent authentication. TPM are not accessible via the normal channels so cannot be interfered with.

Question 50

What is bios ?

Answer 50

UEFI and BIOS its older counterpart are the firmware that aids interoperability between the OS and hardware. UEFI is more recent and more secure. Stored in non volatile memory so survives the powering down of the device.

Question 51

What arethe different types of OS ?

Answer 51

Networking OS - That which runs on networking hardware such as routers Server OS - Runs as an interface between hardware and applications normally doesnt have a gui Workstation OS - GUI Appliances - Machines dedicated to one task only Kiosks - Standalone machines that allow some limited functionality Mobile Operating Systems - Streamlined for mobile devices.

Question 52

Describe virtualisation ?

Answer 52

Virtualisation is the ability to run distinct os separately on one machine Type 1 - Hardware faster than type 2 alternative Type 2 - Software easier to get up and running Containerisations/Application Cells Less overhead than virtualisation as it doesnt clone an entire copy of the os. VM Sprawl is where we lose control over the amount of VMs that are being created and this can happen because it is just easy to spin up VMs. There should be proper policies and procedures in place to control VM sprawl. VM escape is where an attack escapes the confines of a VM to attack the base operating system. We should have the same controls on these systems as others. IDP/IDS

Question 53

When designing a network what are the major design considerations ?

Answer 53

Device Placement, Security Zones, Failure Modes, Connectivity

Question 54

What are the typical areas in Security Zones placement ?

Answer 54

Data and trust sensitivity.

Question 55

Give two examples of a security zone ?

Answer 55

Guest Network and Management VLAN

Question 56

Describe the failure mode consideration ?

Answer 56

When a security device fails should it fail so that no traffic passes (fail closed) or should it allow all traffic to pass (fail open)

Question 57

Why would I use a VLAN ?

Answer 57

A VLAN is a Virtual Local Area Network (https://www.makeuseof.com/wan-vs-lan/). It's a logical grouping of devices on a network, usually based on location or function. For example, all computers in a school's library could be assigned to the "Library" VLAN, while all computers in the school's computer lab could be assigned to the "Computer Lab" VLAN. In this way, VLANs can improve the efficiency and flexibility of a local area network. A VLAN can improve security and performance by isolating traffic on your network.

Question 58

Name the two ways of creating a logical segmentation in a network ?

Answer 58

VLAN and Subnetting

Question 59

Give an example of security through obscurity ?

Answer 59

Using non standard ports.

Question 60

What is software defined network ?

Answer 60

Software defined network separates the control plane from the data plane. Previously the software designed to control hardware devices was tightly coupled usually from the same provider. SDN breaks this by offering a more generic and flexible software layer that makes it easier to have dynamic configurations and security.

Question 61

What is SD-WAN ?

Answer 61

An incarnation of SDN for WAN good for routing via application and choosing a variety of connection based on cost.

Question 62

What is Secure Access Service Edge (SASE) ?

Answer 62

Secure access service edge, often abbreviated (SASE), is a security framework that converges software-defined wide area networking (SD-WAN) and Zero Trust security solutions into a converged cloud-delivered platform that securely connects users, systems, endpoints, and remote networks to apps and resources. SASE has four main traits: 1. Identity-driven: Access is granted based on the identity of users and devices. 2. Cloud-native: Both infrastructure and security solutions are cloud-delivered. 3. Supports all edges: Every physical, digital, and logical edge is protected. 4. Globally distributed: Users are secured no matter where they work.

Question 63

What is zero trust ?

Answer 63

Zero Trust assumes that there is no trust boundary and no network edge. Instead each action is validated and requested as part as a continuous authentication process and access is only allowed after policies are checked, including elements like identity, permissions, system configuration and security status, threat intelligence etc

Question 64

What is a subject in zero trust ?

Answer 64

Subjects are the user, systems and services that request access or attempt to use rights.

Question 65

In zero trust what is the policy administrator ?

Answer 65

Policy administrator are not individuals rather they are components that establish or remove the communication path between resources and subjects. In a deny situation the enforcement endpoint is instructed to drop the connection.

Question 66

In zero trust architecture what is the role of the policy engine ?

Answer 66

Policy engines make decisions based on rules and external systems such as identity management and SIEM. They use a trust algorithm that makes a decision to grant, deny or revoke access to a given resource. Once the decision has been made it is logged and then the policy administrator takes action.

Question 67

What is the role of a policy enforcement endpoint in a zero trust architecture ?

Answer 67

Communicated with administrators commonly deployed as both a client and a gateway element

Question 68

In a zero trust architecture what elements live in the control plane ?

Answer 68

Adaptive Identity, Policy Administrator, Policy Engine, Threat Scope Reduction

Question 69

In a zero trust architecture what elements live in the data plane ?

Answer 69

Subject, Policy Enforcement Endpoints, Enterprise Resources

Question 70

What is Adaptive Identity ?

Answer 70

leverages Context based authentication, considers where the user is logging in from, whether the device they are using meets security requirements and will either request additional info or request if standards are not met.

Question 71

What is threat scope reduction ?

Answer 71

Limiting the blast radius determined by least privilege and identity base network segmentation rather than the more traditional network segmentation methods such as VLAN and IP addresses

Question 72

What is the role of a Cloud Access Service Broker ?

Answer 72

Used to monitor cloud activity and usage and to enforce security policies on users of cloud services.

Question 73

Why should you be wary of downloaded images ?

Answer 73

They may be part of a steganography attack.

Question 74

What is the most common way of protecting a Real Time Operating System (RTOS) ?

Answer 74

Encrypted Firmware

Question 75

Why are firewalls and antimalware not a viable control for RTOS systems ?

Answer 75

RTOS systems often need to have updates downloaded and applied immediately.

Question 76

When should we use gait analysis to identify people ?

Answer 76

In crowded situations where facial and other biometric data is not clear

Question 77

What is the primary way to prevent powerloss in an outage ?

Answer 77

UPS

Question 78

What does an attacker hope to gain by setting of alarms repeatedly over a period of time ?

Answer 78

The generation of a false positive so that when the alarms trigger because of malicious activity people will be desensitised to their occurrence.

Question 79

What does XAAS mean ?

Answer 79

Anything as a service

Question 80

What is object detection ?

Answer 80

Object detection can detect specific types or classes of object to determine if an object has been moved.

Question 81

What security advantage do you get from managing your internal ip scheme ?

Answer 81

Identification of rogue or unknown devices.

Question 82

What is the most secure type of physical lock ?

Answer 82

Deadbolts

Question 83

What advantage do you receive with NIC teaming ?

Answer 83

Greater throughput and resiliency. NIC teaming is sending data through multiple cards.

Question 84

What critical feature is not a default one for most CCTV installations ?

Answer 84

DVR or the ability to record - This can then be used in evidence

Question 85

What does the term industrial camoflage mean ?

Answer 85

Making a building as non-descript as possible to avoid detection and attacks.

Question 86

What is the main security problem for static codes in MFA ?

Answer 86

Being stolen due to inproper storage. Brute force attacks are not likely as MFA should have built in backup algorithms

Question 87

Whats the best current way for making cryptographic algorithms safer ?

Answer 87

Increasing key length

Question 88

Are motion detectors and cameras a physical or detective control ?

Answer 88

Detective

Question 89

What is the main advantage of a inert gas system over a carbon dioxide one ?

Answer 89

Inert gas will remove oxygen out of the system without the same dangers to humans as carbon dioxide

Question 90

What cabling type is best to prevent tampering and prevent access ?

Answer 90

Protected cable distribution

Question 91

What is shielded cabling used for ?

Answer 91

Prevention of emi

Question 92

What is the most common threat to physical tokens ?

Answer 92

theft

Question 93

What is Fog computing ?

Answer 93

Cloud computing at edge of an enterprise network

Question 94

Name three key stretching algorithms ?

Answer 94

bcrypt, scrypt, PBKDF2

Question 95

What does ISO 27001 cover ?

Answer 95

Control Objectives for 14 different areas

Question 96

What does ISO 27002 cover ?

Answer 96

The actual controls to satisfy the objectives

Question 97

What does ISO 27701 cover ?

Answer 97

Privacy controls

Question 98

What does ISO 31000 cover ?

Answer 98

Risk management

Question 99

What is Role based user training ?

Answer 99

Organisations should use role based training to make sure that individuals receive the appropriate training for their job responsibilities.

Question 100

What are the three baselining phases in configuration management ?

Answer 100

Establishing a baseline with industry standards such as CIS Deploying using centrally managed tools Maintenance

Question 101

What is a self encrypted drive ?

Answer 101

A self encrypted hard drive implement encryption in hardware and firmware.

Question 102

Who is chiefly responsible for determining the purposes and means of processing personal data within an organization ?

Answer 102

Data Controller

Question 103

Define an embedded system ?

Answer 103

Computer systems that are build into other devices.

Question 104

Define a SCADA system ?

Answer 104

Normally a system responsible for critical infrastructure such as water and power and traffic. Scada is a type of system architecture that combines data acquisition and control devices and interfaces that control the entire architecture.

Question 105

What is the main security issue with complex systems such as scada ?

Answer 105

They were often not built with security in mind and therefore security can actively interfere with operation. Often the only effective security for such systems is isolation.

Question 106

Describe IOT systems ?

Answer 106

A type of embedded system but leverage other technologies such as cloud and machine learning

Question 107

What are the challenges of IOT systems ?

Answer 107

Not designed with security in mind, short patching cycles, poor vendor data practices

Question 108

Why is securing embedded systems difficult ?

Answer 108

They may not connect to a network making authorisation impossible. They may also have low CPU, memory and power options which makes cryptography, firewalls to expensive in resources. It also makes the ability to patch and monitor

Question 109

Why is asset management important ?

Answer 109

Knowing that a system contains processes and handles sensitive data is critical during incident response as well as day to day operations.

Question 110

What is usually a part of asset management ?

Answer 110

Asset Tagging, Inventory checking, Inventory creation.

Question 111

Which data role is responsible for determining why and how PII is processed in an organisation ?

Answer 111

Data Controller/Owner

Question 112

Which role is delegated to carry out the decisions of the data controller

Answer 112

Data Stewards

Question 113

What is the purpose of a data custodians ?

Answer 113

Have specific responsibility for security of data from data controller

Question 114

What is the difference between separation of duties and two person control ?

Answer 114

Separation of duties is two people doing two distinct tasks that make up an action. Whereas two person control is one task split between two people.

Question 115

Why should you place wireless APs near centre of building ?

Answer 115

Limiting the range to not go beyond perimeter walls

Question 116

What is the ideal placement for wireless APs ?

Answer 116

High points to avoid obstacles

Question 117

In Wireless technology what is Extended Service Set configurations ?

Answer 117

For large buildings it is the meshing together several APs to give a seamless connection experience.

Question 118

What in wireless techechnolgy co channel interference ?

Answer 118

Closely position ap with overlapping channel coverage

Question 119

What in wireless technology is adjacent channel interference

Answer 119

two aps using channels that are close together but maybe not overlapping

Question 120

In a 2.4 ghz wireless settings what channels should you use to avoid interference ?

Answer 120

1, 6, 11

Question 121

What are the major security technologies in wireless ?

Answer 121

EAP, Radius, WPA3, AAA

Question 122

Which Wireless protocol is considered deprecated because of its weak 24 bit initialisation vector ?

Answer 122

WEP

Question 123

What is TKIP ?

Answer 123

A part of WPA it is the generation of a 128 bit key for every packet thus avoiding key re-use

Question 124

Which protocol is insecure becuase of lack of sufficient data integrity checks in TKIP ?

Answer 124

WPA

Question 125

Which wireless protocol replaced TKIP with CCMP ?

Answer 125

WPA2

Question 126

Which two encryption protocols use AES ?

Answer 126

WPA2 and WPA3

Question 127

Which wireless protocol uses the enhanced open method ?

Answer 127

WPA3

Question 128

What is management frame protection ?

Answer 128

Protect management traffic in WPA3

Question 129

What two protocols for wireless authentication fall under AAA

Answer 129

Tacacs+ and Radius

Question 130

What architecture model does Radius follow to achieve AAA

Answer 130

Client Server

Question 131

How does TACACS+ differ from Radius ?

Answer 131

Separates out Authentication(A) Authorisation(A) and Accountability (A) so that you can apply more fine grained control unlike Radius and also encrypts the whole packet

Question 132

Whats the major difference between PEAP and EAP TLS

Answer 132

Peap needs a client certificate on client and server EAP TTLS only server

Question 133

Is EAP an implemented technology ?

Answer 133

No it is a specification that is implemented in PEAP, EAP-TTLS, EAP-Fast

Question 134

How does DKIM work ?

Answer 134

On reciept of the email the server can verify the digital key by using the sender public key on DNS server.