Software

Question 1

ASIF

3 Facts

Answer 1

Sparse format
Delta layers
Plugin for Amber

Question 2

AMBER

Definition

Answer 2

Apple Modular Block Device Library

Question 3

AEBD

Definition

Answer 3

Apple Encrypted Block Device

Question 4

KNOX

2 facts

Answer 4

Asset database
Fast and secure storage

Question 5

NBD

Definition

Answer 5

Network block device

Question 6

FileVault

Definition, Use on ASM

Answer 6

Storage encryption with volume key
Class C protection on ASM

Question 7

Data Protection

Definition

Answer 7

File Encryption

Question 8

Data Vault

Definition

Answer 8

Restrict access to the data of an app from all other requesting apps

Question 9

Sandbox access controls

Definition

Answer 9

Restrict what data an app can access

Question 10

GCD

definition and description

Answer 10

Grand central dispatch
Execute code concurrently on multicore hardware by submitting work to dispatch queues managed by the system

Question 11

Forward secrecy

Definition

Answer 11

Ensures session keys will not be compromised even if long term secrets used in the session key exchange are compromised

Question 12

ARV

Definition

Answer 12

Authenticated root volume

Question 13

Evil Maid Attack

Description

Answer 13

An attack on an unattended device, in which an attacker alters it in some undetectable way so that they can later access the device, or the data on it.

Question 14

ABD

description

Answer 14

file format for external customers that support AMBER like functions

Question 15

ACS

Definition

Answer 15

Apple Cloud Service

Question 16

DT

Apple Team

definition, two goals

Answer 16

Developer Tools
Planning to use virtual machine to test different OS and Xcode
replace Xcode simulator

Question 17

MAC stadium

Purpose

Answer 17

Build and run with macOS in the cloud

Question 18

Journaling file system

Description

Answer 18

Keep track of uncommitted changes in a data structure to avoid data corruptions

Question 19

CAS

Apple Technology

Description

Answer 19

Build server

Question 20

What are the two ways to find build records?

Answer 20

xbs buildrecords
knox download/extract build-record

Question 21

Libkrun

Description

Answer 21

Rust based virtual machine monitor that links directly to hypervisor framework

Question 22

Orbstack

Purpose

Answer 22

Run docker container and Linux on macOS VM

Question 23

Accelerate framework

Apple Software Stack

Description

Answer 23

Make large scale mathematical computations and image calculations using SME and AMX

Question 24

define, who, what

ESP

Networking Technology

Answer 24

Encapsulating security payload
Member of IPSec set of protocols
encrypt and authenticate the data packets between computers using a VPN

Question 25

# Description VMNet | Apple Tech

Answer 25

Apple Framework for virtual machines to read and write packets

Question 26

# Description Stolen time

Answer 26

Time that guest is ready to run but not scheduled

Question 27

# Description Network link conditioner

Answer 27

Xcode tool to control bandwidth, latency and packet loss

Question 28

# Description VZVirtioSocketDevice

Answer 28

A device that manages port-based connections between guest and host

Question 29

Four trap controls for performance monitors | ARM

Answer 29

ARM PMU register CPMU, UPMU and CLPC registers

Question 30

How CPMU registers are partitioned | ARM

Answer 30

Guarded vs unguarded Host vs guest

Question 31

Two functions of PMCR0_EL1 | ARM

Answer 31

Enabling CPMU counters Configuring overflow interrupts

Question 32

# Description Apple framework

Answer 32

A bundled shared library (dylib), which contains code and miscellaneous files

Question 33

# 3 Facts libSystem | Apple Tech

Answer 33

Darwin’s most essential library Services provided by the lowest level of the C runtime Wrappers over kernel functions

Question 34

# Definition NMOS | Apple Term

Answer 34

Next mainline OS

Question 35

# Description Linux namespace

Answer 35

Partition kernel resources such that a process can only access resources of its namespace

Question 36

# protocol, request, handling VirtioFS

Answer 36

This uses the FUSE protocol, funnels requests through shared memory, and handles them on macOS

Question 37

# Description Recap | Apple Tech

Answer 37

API and CLI to Synthetically playback events or gestures on a device

Question 38

# what, how, who Virtio Net

Answer 38

Paravirtualized network device Use shared memory for data transmission Adopted in Linux and other operating systems

Question 39

# 3 Entitlements Impacts of entitlements on VM ISA | Apple Tech

Answer 39

security.hypervisor allows generic ISA Private.hypervisor.apple - allows Apple ISA private.hypervisor - allows Apple ISA at least but also internal ISA for Development kernel, AppleInternal, research guests

Question 40

Darwin’s four kernel interfaces | Apple Tech

Answer 40

System calls Mach traps Machine dependent calls (machdep) Comm page

Question 41

# definition, info, code, management ACPI | Standard

Answer 41

Advanced configuration and power interface Description of a computer’s configuration and its various components Associate drivers with its system peripherals Platform interfaces for power and system management

Question 42

# definition and four management functions PSCI | Standard

Answer 42

Power state coordination interface Core idle management Dynamic addition and removal of cores secondary core boot System shutdown and reset

Question 43

# 4 things defined SMCCC | ARM

Answer 43

Defines a common calling mechanism to be used with SMC and HVC Defines how registers are used to pass parameters and results Defines service types Defines Arm architectural calls

Question 44

# definition and description NAT | Networking Tech

Answer 44

Network address translation Map one address space to another by modifying address information in the IP header in transit across a routing device or virtual machine monitor

Question 45

# definition, what, vm, why TAP | Linux

Answer 45

Terminal access point Network device mode that allows the creation of a virtual network interface Support network backend for virtual machines More performant and capable than SLIRP (user networking)

Question 46

# Description CentOS | Linux

Answer 46

Linux distribution derived from Red Hat Enterprise Linux

Question 47

Three VMWare scheduling constraints

Answer 47

Shares Reservation Limit

Question 48

Two ways to put expiring workarounds | Apple Tech

Answer 48

_CFAppVersionCheckLessThan dyld_program_sdk_at_least

Question 49

Names of 1000 bytes to the power of 1 to 5

Answer 49

Kilobytes, megabytes, gigabytes, terabytes, petabytes

Question 50

Names of 1024 bytes to the power of 1 to 5

Answer 50

Kibibytes, Mebibytes, Gibibytes, tebibytes, pebibytes

Question 51

# what, where and how many PCIe BAR | Virtio Standard

Answer 51

Describe a memory region the CPU accesses to interact with a PCIe device Defined in configuration space Each device has 8 functions, and each has 6 BARs

Question 52

# Purpose Kali Linux

Answer 52

Debian based Linux distribution geared toward information security tasks

Question 53

# definition and description P2V

Answer 53

Physical to virtual Migration of physical machines to virtual machines

Question 54

# Description Libkern | Apple Tech

Answer 54

C++ runtime environment in XNU

Question 55

# what, find, interface, support IOKit | Apple Tech

Answer 55

Objected oriented kernel drivers A driver is looked up through IORegistry Driver properties are provided in IOUserClient Kernel APIs

Question 56

# definition and 4 features APFS | Apple Tech

Answer 56

Apple File System Full 64-bit mode, snapshots, encryption, volume management

Question 57

# what, why DMG | Apple Tech

Answer 57

Disk image bundling software distribution into single files and can be mounted as a block device

Question 58

# description FSEvent | Apple Tech

Answer 58

File system wide notifications

Question 59

Apple CLI to gather details about every aspect of the system

Answer 59

system_profiler

Question 60

Apple home applications

Answer 60

MacOS: finder iOS: SpringBoard TvOS: Pineboard WatchOS: carousel AudioOS: soundboard

Question 61

Apple HID monitor

Answer 61

MacOS: WindowServer Others: backboardd

Question 62

Visible view and user input of MacOS window

Answer 62

Visible view: IOSurface User input: Tactile layer

Question 63

# what and how to communicate VirtioBlk | Standard

Answer 63

Simple virtual block device Communication based on the virtio notification and queues

Question 64

Isochronous transfer in USB

Answer 64

Transmit at a constant rate for real time information such as audio and video

Question 65

# What, VM consequence Bridged networking

Answer 65

Replicate another node in the physical network VM will receive its own IP address if DHCP is enabled in the network

Question 66

# definition and function SMBIOS

Answer 66

System Management BIOS Reading management information produced by the BIOS of a computer

Question 67

# definition and 2 facts MDM

Answer 67

Mobile device management Securely and wirelessly configure a device by sending profiles and commands Administer managed preferences

Question 68

# protocol, usage Apple Open Directory

Answer 68

Light weight directory access protocol (LDAP) implementation from Apple Organize information about a network’s users and resources

Question 69

When isn’t APFS clone used?

Answer 69

Copy to a different volume Copy nested directory ## Footnote Extra: cp -c

Question 70

# Conforms, Integrate REST API | Standard

Answer 70

conforms to the representational state transfer principles Integrate applications and components in microservices architecture

Question 71

# Mediate, continue, narrow XPC services | Apple Tech

Answer 71

mediate access to a shared resource continue work beyond a client’s lifecycle narrow the scope of access for different functionality

Question 72

3 Apple service types

Answer 72

Launch agent Launch daemon XPC service

Question 73

# Definition GPTK | Apple Tech

Answer 73

Game porting kit

Question 74

# Description Ray tracing

Answer 74

Technique for rendering light transport

Question 75

# Symbols, Prove Turing machine

Answer 75

Abstract machine that manipulates symbols on a strip of tape according to a table of rules Prove properties of computation in general

Question 76

# definition and description IPSW | Apple Tech

Answer 76

iPhone software File format for most Apple firmware

Question 77

Apple three commands to debug memory usage

Answer 77

leaks —outputGraph Footprint Vmmap

Question 78

# Description Owned unmapped memory

Answer 78

Represent memory that your process allocated, shared with another process, unmapped from its own address space but not yet unmapped from the other process address space

Question 79

# Definition SFR | Apple Tech

Answer 79

System firmware and recovery

Question 80

# Description EBS | Amazon

Answer 80

Block storage service designed for Amazon Elastic Compute Cloud (EC2)

Question 81

# Description BSD interface name | Networking

Answer 81

Network driver name followed by a number. Ex. En0

Question 82

# Definition Thimble | Apple Tech

Answer 82

Trusted hybrid inference machine learning

Question 83

# definition and description TCB | Security

Answer 83

Trusted computer base Set of components that collectively enforce the system’s security properties

Question 84

# definition and description Inode | Linux

Answer 84

Index node Data structure that describes a file or directory

Question 85

# Description VHDX | Microsoft

Answer 85

Virtual hard disk drive of a virtual machine used by hyper-v

Question 86

# Description Universal binary | Apple Tech

Answer 86

Package with one binary for each architecture

Question 87

Apple CLI to see architectures of a universal binary

Answer 87

file

Question 88

Apple CLI to see details of a Mach O file

Answer 88

otool

Question 89

# Definition WASM

Answer 89

Web assembly

Question 90

# Description Shared library cache | Apple Tech

Answer 90

Prelink various commonly used Mach O dylibs into one file per architecture

Question 91

What does kevent do? | Apple Tech

Answer 91

Block current thread until any of the requested events occur

Question 92

# Definition SPRR | Apple Hardware

Answer 92

Shadow permissions remap registers

Question 93

# Definition APRR | Apple Hardware

Answer 93

Access permissions remap registers

Question 94

# Definition CTRR | Apple Hardware

Answer 94

Configurable text read only region

Question 95

# Definition, Description CDN | Networking

Answer 95

Content distribution network Geographically distributed network of proxy servers and their data centers

Question 96

# Definition UAF | Software Security

Answer 96

Use after free

Question 97

# Description Palladium | Hardware Tech

Answer 97

In circuit emulation for verification and debug

Question 98

# Definition AMI | Amazon

Answer 98

Amazon machine image

Question 99

# Description AWS Nitro | Amazon

Answer 99

Combination of dedicated hardware and lightweight hypervisor for running EC2 instances efficiently and securely

Question 100

# Link, Run Tart VM | 3rd Party

Answer 100

Link to virtualization framework Run locally or in the cloud

Question 101

# Description, Purpose AI quantization

Answer 101

Convert input values from a large set to output values in a small set Reduce computation demands of AI models

Question 102

# Description NumPy | Python

Answer 102

Python package for scientific computing

Question 103

# Two keywords and their meanings Swift structured concurrency

Answer 103

Async to define a method for doing asynchronous work Await to call an async method

Question 104

# what and why Apple VideoToolbox

Answer 104

Low level framework that provides direct access to hardware encoders and decoders For video compression and decompression, and for conversion between raster image formats

Question 105

# Description Rasterization | Graphics

Answer 105

Converting images in a vector graphics format to raster format used by display monitors

Question 106

# Definition, Description TBB | C++

Answer 106

Thread building block C++ template library from Intel for parallel programming on multi core processors

Question 107

# Description Future | Programming

Answer 107

place holder for the result of an asynchronous operation

Question 108

# Description Promise | Programming

Answer 108

Set the value of a future once an asynchronous operation is complete

Question 109

# Do, Don't Pure function | Programming

Answer 109

Return the same result given the same argument Cannot be affected by mutable states or other side effects

Question 110

# define, what, why VFS | File

Answer 110

Virtual file system Standard interface for all file systems Enable Linux to support large number of file systems

Question 111

# define, push, pop SQ | Apple Software

Answer 111

DI2 submission queue Producer pushes a SQE for a new IO request, which rings the doorbell Consumer pops a SQE to service the request

Question 112

# define, push, pop CQ | Apple Software

Answer 112

DI2 Complete Queue Push a CQE for a completed IO operation, which may invoke a callback function. Pop CQE to acknowledge

Question 113

# Description Upward dependency | Programming

Answer 113

Two software modules that have link dependencies on each other

Question 114

# definition, user perspective, OS perspective TCC | Apple Software

Answer 114

Transparency, consent and control OS perspective: manager of authorizing system User perspective: decision input point

Question 115

# Definition, trade mark ACIO | Apple Tech

Answer 115

Apple Converged Input Output Apple trade-mark for USB 4.0

Question 116

# definition, connections, routing OVS | Networking

Answer 116

Open vSwitch Connecting different VMs and Internet Route packets from vhost net and NIC

Question 117

# configuration, daemon Libvirt | Linux QEMU

Answer 117

Translate XML configurations to QEMU CLI calls Provide admin daemon to manage QMU child processes

Question 118

# Description vhost protocol | Networking

Answer 118

Allows the virtio data plane implementation to be offloaded to another element (user process or kernel module) for performance

Question 119

# Two meanings virtio net | Networking

Answer 119

Virtio networking device implementation Guest kernel front end described in the vhost net protocol

Question 120

# Definition, device, library DPDK | Networking

Answer 120

Data plane development kit Bypass the kernel to access network devices Libraries to accelerate data processing workloads running on a wide variety of CPUs.

Question 121

# definition, two checks AMFI | Apple Software

Answer 121

Apple Mobile files integrity Check code signatures Check they are signed by a trusted authority

Question 122

# Description ABA problem in concurrency | Programming

Answer 122

A value is read is twice and it’s having the same value is used to conclude nothing has happened in the interim

Question 123

# what, each letter REMITS | Security

Answer 123

Chain of trust pipeline Root of trust Endorsement Measurement Identity Trust Secrets

Question 124

# Definition, Description TCG | QEMU

Answer 124

Tiny Code Generator Dynamic translation backend that translates guest code to host code

Question 125

# what, trust, 3 services COCONUT SVSM | Linux

Answer 125

Secure VM service module same trust boundary but isolated from guest operating system vTPM UEFI variable store Live migration for CVMs

Question 126

# definition, 2 facts IGVM | Linux

Answer 126

Independent guest virtual machine Encapsulate all the information required to launch a virtual machine on any virtualization stack Contain measurement

Question 127

# define, how, so what ARC | Apple Programming

Answer 127

Automatic reference counting Retain and release are inserted at compile time Deallocate objects with zero reference

Question 128

# Definition, Description VPC | Netwoking

Answer 128

Virtual private cloud An isolated and customizable network within a public cloud

Question 129

# Description Syntactic sugar | Programming

Answer 129

Programming syntax that’s easier to read and write

Question 130

# Description Mersenne twister | Software

Answer 130

Pseudo number generator

Question 131

# security, function Paravisor

Answer 131

Executed within the VM but higher privilege than the guest OS Provide virtualization and device services

Question 132

# Description OpenVMM

Answer 132

Modular cross-platform virtual machine monitor written in Rust

Question 133

# what, parts, why OpenHCL

Answer 133

Open source paravisor Consists of OpenVMM, boot loader and Linux kernel Confidential compute for non enlightened guests

Question 134

# 5 Steps Progression of kernel memory corruption exploit

Answer 134

vulnerability → memory corruption → memory read/write → control flow integrity bypass → arbitrary code execution

Question 135

# what, why Monad | Programming

Answer 135

Structure that combines program fragments and wraps their return values in a type with additional computations Simplifying common operations and abstracting control flows

Question 136

# what, who Hyperlight | Microsoft Tech

Answer 136

Open Source Rust library enabling fast and secure execution of small functions using hypervisor based protection Developed by Microsoft Azure

Question 137

Virtio initialization: Four Status Bits

Answer 137

Acknowledge Driver Features OK Driver OK

Question 138

Five parts of virtio device

Answer 138

Device status field Feature bits Notifications Device configuration space At least one virt queues

Question 139

Three virtio notifications

Answer 139

Configuration change Available buffer Used buffer

Question 140

Three parts of a virtqueue

Answer 140

Descriptor area - describe buffers Driver area - data from driver Device area - data from device

Question 141

Two virtqueue formats

Answer 141

Split Packed

Question 142

Five steps for a buffer to transfer from driver to device and back on split virtqueue

Answer 142

• Driver fills a slot in the descriptor table. • Driver writes the descriptor index into the available ring. • Driver sends an available buffer notification. • Device writes the descriptor index into the used ring. • Device sends a used buffer notification.

Question 143

Three parts of packed virt queues

Answer 143

Descriptor ring Driver event suppression Device event suppression

Question 144

Four steps for sending a buffer to a device and back via a packed virtqueue

Answer 144

- Driver writes an available descriptor for the buffer in the descriptor ring. - Driver sends an available buffer notification. - Device writes a used descriptor in the descriptor ring, thereby overwriting a descriptor previously made available. - Device sends an used buffer notification.

Question 145

# DD, why vDSO | Linux

Answer 145

Virtual dynamic shared object Mechanism to export kernel routines to user space Avoid costs of system calls

Question 146

# Definition, description, 3 components ATS | PCIe

Answer 146

Address translation service Converts device IO address to physical address Translation agent, address translation page table, address translation cache

Question 147

PCI: PRI: d2 | PCIe

Answer 147

Page request interface Sent by an endpoint to request a page be mapped into system memory for an ATS transaction

Question 148

CXL: define, 3 facts | PCIe

Answer 148

Compute express link Open standard interconnect high speed, high capacity CPU to memory and CPU to device connections For data center computers

Question 149

SFINAE: d2 | Programming

Answer 149

Substitution failure is not an error It's a powerful technique used in template metaprogramming to enable conditional compilation based on the properties of types.

Question 150

Suppress buddy flow | Apple Software

Answer 150

defaults write com.apple.purplebuddy SetupFinishedAllSteps -bool YES

Question 151

#graphics Vulkan | description

Answer 151

Low level, Low overhead cross platform API and open standard for 3D graphics and computing

Question 152

#graphics MoltenVK | description

Answer 152

Software library that allows Vulkan software to run on top of metal on Apple devices

Question 153

#graphics Metal | description

Answer 153

low-level, low-overhead hardware-accelerated 3D graphic and compute shader API created by Apple

Question 154

RO Used | XNU HV State

Answer 154

Indicate a set of registers used by the guest

Question 155

RW Dirty | XNU HV State

Answer 155

Indicate a set of registers to be set to user provided values

Question 156

RO Dirty | XNU HV State

Answer 156

Indicate a set of registers to be modified with kernel validated values

Question 157

RO Valid | XNU HV State

Answer 157

Indicate a set of register value already saved in memory

Question 158

# what, when is it used? `GXF_CONFIG_EL2.HVAC`

Answer 158

Disallow writes to guarded mode registers in EL2 Prevent XNU from hosting guarded mode guests

Question 159

Two types uncategorized errors | XNU

Answer 159

ARM uncategorized exceptions DTrace