Udemy-Domain 3 Flashcards
1
Q
ABAC stands for ___, and attributes could belong to ___ (3)
A
Attribute-Based Access Control;
subject (user - role, clearance..);
object (resource - owner, creation date…);
Environment (time, location, threat level)
2
Q
RUBAC means ___, and is based on ___
A
Rule-Based Access Control; if, then statements
3
Q
RBAC means ___
A
Role-Based Access Control
4
Q
the ___ security model is Mandatory Access Control, and only concerned with the Confidentiality part of the CIA triad
A
Bell-LaPadula
5
Q
the ___ security model is Mandatory Access Control and mainly focused on the Integrity part of the CIA triad
A
Biba
6
Q
in the Bell-LaPadula security model,
the Simple Security Property is signified by ___,
the * Security Property by ___ and
the Strong * Property by ___
A
“No Read Up”;
“No Write Down”;
“No Read or Write Up and Down”
7
Q
in the Biba security model,
the Simple Integrity Property is signified by ___,
the * Integrity Property by ___ and
the Invocation Property by ___
A
“No Read Down”;
“No Write Up”;
“No Read or Write Up”
8
Q
LBAC means ___
A
Lattice Based Access Control
9
Q
the ___ security model assigns permissions by security clearance and subject clearance
A
Lattice Based Access Control
10
Q
the 8 rules of the Graham-Denning security model are:
- ___
- ___
- ___
- Read Object
- Create Object
- Destroy Object
- Create Subject
- Destroy Subject
A
- Transfer Access
- Grant Access
- Delete Access
11
Q
the 8 rules of the Graham-Denning security model are:
- Transfer Access
- Grant Access
- Delete Access
- ___
- ___
- ___
- Create Subject
- Destroy Subject
A
- Read Object
- Create Object
- Destroy Object
12
Q
the 8 rules of the Graham-Denning security model are:
- Transfer Access
- Grant Access
- Delete Access
- Read Object
- Create Object
- Destroy Object
- ___
- ___
A
- Create Subject
8. Destroy Subject
13
Q
The HRU security model is an extension of the ___ model, but differs in that it ___
A
Graham-Denning; considers Subjects to be Objects too
14
Q
the 6 primitive operations in the HRU security model are:
A
- Create Object
- Create Subject
- Destroy Object
- Destroy Subject
- Enter into access matrix
- Delete from access matrix
15
Q
the ___ security model separates end users from the backend data through “well-formed transactions” and “separation of duties”
A
Clark-Wilson
16
Q
While most security models describe a Subject/Object dynamic, the ___ model uses Subject/Program/Object
A
Clark-Wilson
17
Q
in the Clark-Wilson security model, a ___ is a series of operations that transition a system from one consistent state to another consistent state
A
well-formed transaction
18
Q
the ___ security model acknowledges that when a Subject accesses an Object, they are mediated by a Program which limits the interface
A
Clark-Wilson
19
Q
the ___ security model is designed to mitigate conflict of interest in commercial organizations
A
Brewer-Nash (aka “Chinese Wall”)
20
Q
the ___ security model creates an Information Barrier to ensure that actions at a higher security level are not noticed by a lower security level, to avoid interference
A
Brewer-Nash (aka “Chinese Wall”)
21
Q
the 4 rules of the Take-Grant Protection Model are:
A
- Take (one subject can take rights from another)
- Grant (a subject can grant their rights to another)
- Create (a subject can create new objects)
- Remove (a subject can remove its rights over an object)
22
Q
an Access Control Matrix is a table with columns for ___ and rows for ___. The cells indicate ___ for each subject toward each object
A
Objects; Subjects; Rights
23
Q
The six columns/frameworks of the Zachman Framework are:
A
- What (data)
- How (function)
- Where (Network)
- Who (people)
- When (time)
- Why (motivation)
24
Q
The six rows/roles of the Zachman Framework are:
A
- Planner
- Owner
- Designer
- Builder
- Programmer
- User
25
the Trusted Computer System Evaluation Criteria (TCSEC) was developed by the Department of Defense in the 1980's and is commonly called ___ (no longer used for evaluating security systems)
the Orange Book
26
the currently used International Common Criteria for evaluating computer security products and systems is the ___
ISO/IEC 15408
27
in the ISO/IEC 15408 (International Common Criteria), the subject of the evaluation is called the ___,
the document identifying security criteria for a class of devices is called the ___,
and the properties of the thing being evaluated is called the ___
TOE (Target Of Evaluation)
PP (Protected Profile)
ST (Security Target)
28
in the ISO/IEC 15408 (International Common Criteria), the 7 levels a system or product could score is called it's ___
Evaluation Assurance Level (EAL)
29
the 3 main Secure Systems Design Concepts are:
1. Layering (separating hardware and software functionality)
2. Abstraction (hiding unnecessary details from the user)
3. Security Domains (groups of objects and subjects with similar security requirements)
30
the 3 main Security Domain concepts in Secure Systems Design are:
1. Kernel/Supervisor mode vs User mode
2. Open Standards vs Closed Standards (proprietary)
3. The Ring Model that separates Users from the Kernel
31
the layers of the Ring Model in Secure Systems Design are:
```
[Ring (-1) - Hypervisor]
Ring 0 - the Kernel
Ring 1 - other OS components
Ring 2 - device drivers
Ring 3 - user applications
```
32
Newer computer hardware segments the bus into a ___, which contains the core components and slower ___ containing the peripherals and hard disk
Northbridge (or Host Bridge); Southbridge
33
modern CPU's are divided into a ___ and ___ which fetches instructions from memory and delivers them
ALU (Arithmetic Logic Unit); CU (Control Unit)
34
the 4 basic functions of a CPU are:
1. Fetch (get instruction from memory)
2. Store (store the result into another register)
3. Execute (adds or subtracts values in a register)
4. Decode
35
an ___ can be sent to the CPU by either hardware or software when another process needs to take priority
interrupt
36
a ___ carried out by a CPU is called a Task
Heavy Weight Process (HWP)
37
as a CPU carries out processes, a parent process can spawn child processes called ___, which in contrast to Tasks are considered ___ and often share memory in an operation called ___
threads; Light Weight Processes (LWP); multithreading
38
a computer process can exist in 5 states:
1. New
2. Ready (waiting to be executed)
3. Running
4. Blocked (waiting for I/O
5. Terminate (completed)
39
___ is a system using more than one CPU at a time
multiprocessing
40
___ is when tasks share a common resource (like a CPU)
multitasking
41
___ is when more than one program is running at the same time
multiprogramming
42
___ in a CPU prevents one process from affecting the confidentiality, integrity or availability of another, particularly in multi-use and multi-taking environments
memory protection
43
___ in a CPU is a logical control that tries to prevent one process from interfering with another
process isolation
44
___maps processes in a CPU to specific memory locations in order to protect the integrity, confidentiality and availability of each process
hardware segmentation
45
___ provides virtual address mapping between applications and hardware memory
virtual memory
46
___ moves entire processes from primary memory (RAM) to/from secondary memory (Disk)
swapping
47
___ copies a block from primary memory (RAM) to/from secondary memory (Disk)
paging
48
the ___ is the low level OS (boot sector), which runs a basic ___ on startup to verify the integrity of the system prior to loading and executing the ___ and then the rest of the OS
BIOS (Basic Input Output System); POST (Power On Self Test); kernel
49
a ___ can be used to ensure the integrity of the boot sector, storing cryptographic keys, hashes and algorithms, but also used in random number generation
TPM (Trusted Platform Module)
50
___ prevents viruses from using memory locations reserved for Windows and other authorized programs
DEP (Data Execution Prevention)
51
___ guards against buffer overflow attacks by randomizing the memory locations where system executables are loaded
ASLR (Address Space Layout Randomization)
52
a kernel can be either ___ (one static executable) or ___ (modular - which may run in user mode/ring 3)
monolithic; microkernels
53
one advantage of microkernels is ___
they can load and execute modules to run non pre-compiled hardware
54
the ___ is a core function of the kernel which handles all access between subjects and objects and cannot be bypassed
reference monitor
55
```
Windows NTFS (New Technology File System) has 4 basic file permissions:
and one called ___ which includes the ability to change permissions
```
Read, Write, Read & Execute, Modify;
| Full Control
56
in UNIX/Linux, the 3 file permissions are ___ and can be set at the 3 levels for the ___
read(r), write(w) and execute(x);
| owner, group and world
57
when multiple OS kernels run on the same hardware, this is called ___, and when multiple machines/locations are used for a single process, this is called ___
virtualization; distributed computing
58
clients on a virtualized network should always be on the same ___ but ___ separated if they belong to different groups
```
network segment (internal, DMZ, etc.);
logically (different VLANS)
```
59
on a virtualized network, clients with different trust levels should be on separate hosts, to minimize the damage caused by ___ leading to privilege escalation
VM Escape
60
the main security concerns for virtualized networks are:
VM Escape, Hypervisor Security, Resource Exhaustion
61
Resource Exhaustion on a virtualized network can lead to ___
server crashes and/or slowed performance
62
___ is a specific form of distributed computing which uses the down time of a large number of computers for very complex tasks
grid computing
63
in a ___ arrangement, any system can be a client and a server - and for security each system also carries the index, removing a single point of failure
P2P (Peer to Peer)
64
___ clients contain the boot sector but not the complete OS
Thin
65
a ___ workstation/node downloads the kernel and higher level OS
diskless
66
a ___ application uses a web browser to connect to the application rather than on the PC
thin client
67
if a hacker is using the timing difference between the system returning an error due to invalid username or invalid password, the hacker is using ___
Covert Timing Channels
68
if a hacker is adding a payload to an ICMP packet he is using a ___
Covert Storage Channel
69
___ viruses spread themselves across multiple vectors
multipart
70
___ are used to compress .exe files, but can also contain viruses
Packers
71
___ attacks include all attacks that "come to you"
Server Side
72
___ attacks include all attacks that you pick up online
Client Side
73
___ are small applications often embedded into other software (mostly browsers). The most common are written in ___, which run in a sandbox environment and are OS agnostic; or ___ which run with certificates and are specific to MS
Applets; Java; ActiveX
74
___ lists the Top 10 web security issues
OWASP (Open Web Application Security Project) 2017
75
___ is a markup language primarily used for webpages, but has many other applications as well
XML
76
___ is a software design intended to provide services to multiple different application components over a network
SOA (Service-Oriented Architecture)
77
___ attacks are malware embedded in data that has been prepared for storage or transport, and the malicious code executes as the data is reconstructed
insecure deserialisation
78
___ refers to 2 or more instances of a file open at the same time. What can be done with that file in each case depends upon the permissions of the user
polyinstantiation
79
___ is the gathering of data for statistical analysis
aggregation
80
___ is looking for patterns in large data
data mining
81
___ is using a baseline of normal operations to identify abuse or compromised accounts
data analytics
82
___ is deducing from indirect evidence rather than explicit statements
inference
83
one good security practice is to disable ___ on CD's and DVD's
autorun
84
___ is the general term for several types of control systems used in industrial production
ICS (Industrial Control System)
85
The common types of ICS are:
- SCADA (Supervisory Control And Data Acquisition) - for monitoring devices over distance, controlled by network nodes
- DCS (Distributed Control Systems) - has autonomous controllers are distributed throughout a system/plant (especially when over 1000 devices are involved)
- PLC (Programmable Logic Controllers) - an industrial computer, ruggedized for use on assembly lines
86
SCADA systems are most likely to utilize the ___ (protocol) to connect Master Stations (Control Centers), Remote Terminal Units (RTU's) and Intelligent Electronic Devices (IED's)
DNP3 (Distributed Network Protocol)
87
- the science of securing communications is ___
- creating messages with hidden content is ___
- the science of breaking encryption (either the algorithm or the implementation is ___
- a cryptographic algorithm is a ___
Cryptology;
Cryptography;
Cryptanalysis;
Cipher
88
- an unencrypted message is ___
- an encrypted message is ___
- the use of a well-known text/book as the key (referencing page#, sentence#, word#.. is a ___
- adding the characters of a known text in sequence is a ___
plaintext/cleartext;
ciphertext;
book cipher;
running-key cipher
89
- simple character substitutions which can be easily broken with letter frequency analysis are___
- character substitutions which rotate to a different starting point with each round are ___
Monoalphabetic Ciphers;
| Polyalphabetic Ciphers
90
- a message written lengthwise on a long thin piece of parchment wrapped around a stick of a certain size is called a ___
- an alphabetical substitution based on moving forward or backward a certain number of spaces is called a ___
Spartan Scytale;
| Caesar Cipher
91
the ___ is a early cipher which uses a polyalphabetic matrix (26x26) combined with a repeating key
Vigenere Cipher
92
a ___ is an early cipher using two concentric disks with alphabets (like decoder rings) but rotated a certain number of positions after a certain number of letters
Cipher Disk
93
the ___ was a cipher disk system used during WWII using 3, then later 4 disks
Enigma
94
___ was a Japanese cipher used during WWII very similar to Enigma
Purple
95
the only truly unbreakable encryption is a ___
one-time pad
96
the first known use of a one-time pad for encryption was the ___
Vernam Cipher
97
a ___, aka ___ was a cipher system using a stacked set of disks with the alphabet written on the edges so they could be rotated in specific ways to scramble text
Jefferson Disk; Bazeries Cylinder
98
___ was a multiple rotor-based cryptographic machine used by the US throughout the '40s and '50s
SIGABA
99
___ was an export control policy during the Cold War which prevented critical technologies, including encryption, from being sold to "iron curtain" countries
COCOM (Coordinating Committee of Multilateral Export Controls)
100
the number of keys required for n users using asymmetric encryption is ___, but for symmetric encryption it is ___
2xn; n(n-1)/2
101
a ___ is an arbitrary number than may only be used once
Nonce
102
___ helps security by adding to the time it takes for password verification
key stretching
103
a ___ attack looks for common pairs of letters in passwords
Digraph
104
```
an a MITM attack, the attacker ___
in a (TCP) Session Hijacking attack, the attacker ___
```
- passes communication through between 2 people so they think they are communicating directly;
- masquerades as the authorized user (if the SessionID is predictable)
105
in a ___attack, you know the plaintext and the ciphertext, and use those to try to determine the key
Known Plaintext
106
in a ___ attack, you choose the plaintext and try to determine the key
Chosen Plaintext
107
in a ___ attack, you choose the plaintext and adapt your rounds depending on the previous results to determine the key
Adaptive Chosen Plaintext
108
in a ___ attack, you know some parts of the plaintext and ciphertext, and determine multiple secret keys (i.e. for 3DES)
Meet-in-the-Middle
109
in a ___ attack, you know some things about the key
Known Key
110
in a ___ attack, you look for patterns and differences between related plaintexts
Differential Cryptanalysis
111
in a ___ attack, you have a great deal of plaintext and cyphertext created with the same key to analyze
Linear Cryptanalysis
112
in a ___ attack, you combine the techniques of Linear and Differential Cryptanalysis
Differential Linear Cryptanalysis
113
in a ___ attack, you use physical data to break a crypto system, like CPU cycles or power consumption
Side Channel
114
in a ___ attack, some vulnerability is found in the application, system or service, like the key stored in plaintext somewhere, or something left in memory
Implementation
115
in a ___ attack, two different symmetrical keys used on the same plaintext produce the same ciphertext
Key Clustering
116
a public key signed with a digital signature is a ___
digital certificate
117
digital certificates can be either ___ based or ___ based
server (stored on the server);
| client (assigned to a person and stored on a PC)
118
digital certificates can be authenticated by a ___ or ___ (within an organization)
CA (Certificate Authority);
| ORA (Organizational Registration Authority)
119
the ___ was a chipset that was developed and promoted by the NSA to secure "voice and data messages" but with a built-in backdoor
Clipper Chip
120
in IPSEC the ___ acts like a digital signature, providing authentication and integrity but not confidentiality,
the ___ provides confidentiality, and can also provide authentication and integrity
AH (Authentication Header);
| ESP (Encapsulation Security Payload)
121
___ provides a standard way to format email, and ___ uses PKI to encrypt and authenticate email
MIME (Multipurpose Internet Mail Extensions); S/MIME
122
___ combines a shared key with hashing to provide integrity and authenticity
HMAC
123
ATSM Standards for fencing covers:
Class I: ___
Class II: ___
Class III: ___
Class IV: ___
Class I: Residential
Class II: Commercial/General Access (parking garage)
Class III: Industrial/Limited Access (trucking loading dock)
Class IV: Restricted Access (airport or prison)
124
lighting is usually measured in ___ per square meter
lumens
125
modern cameras use either a ___ or ___ for storing video
DVR; NVR (Network Video Recorder)
126
modern cameras are digital and use ___ for imaging
CCD (Charged Couple Discharge)
127
the cuts on a physical key is determined by the ___, a set of 5 numbers
Key Bitting Code
128
a ___ lock mechanism uses pins of varying lengths to prevent a lock from opening without the correct key
pin tumbler
129
locks can usually be opened without the proper key by picking or ___
bumping
130
in a ___ lock, the entire lock mechanism (which has a figure 8 shape) is removed using a ___ key
core; control
131
smart cards that require contact use an ___, or chip
ICC (Integrated Circuit Card)
132
smart cards that do not require contact but only proximity use an ___ tag, also called a ___
RFID (Radio Frequency ID); transponder
133
RFID tags can be picked up from ___ away unless they are stored in an ___
1 or 2 feet; RFID wallet/purse
134
usually outside vendors doing work in a data center should be ___
accompanied by an employee
135
undeveloped land being where a site might be built is called a ___
greenfield
136
walls that are shared with a neighbor can be a serious security concern, especially around wiring closets or ___, where the ISP meets your network
demarc, or POD (Point Of Demarcation)
137
Power Fluctuation Terms:
```
___ - long loss of power
Fault - short loss of power
___ - long low voltage
Sag - short low voltage
___ -long high voltage
Spike - short high voltage
```
Blackout - long loss of power
Brownout - long low voltage
Surge -long high voltage
138
Power Fluctuation Terms:
```
Blackout - long loss of power
___ - short loss of power
Brownout - long low voltage
___ - short low voltage
Surge -long high voltage
___ - short high voltage
```
Fault - short loss of power
Sag - short low voltage
Spike - short high voltage
139
a ___ will protect the quality of electrical power in a data center, and a ___ will ensure that there is time to shut down properly or engage a generator in the event of a power outage
PDU (Power Distribution Unit);
| UPS (Uninterruptible Power Supply)
140
if cables (data and/or power) are run too close to each other it can result in ___, so always manage cables and use ___ cables for data, or even better use ___
crosstalk; STP (Shielded Twisted Pair); fiber optic
141
optimal temperatures for data centers are __ degrees, there should always be ___ air pressure and humidity should be at ___
68 - 77; positive; 40-60%
142
in addition to cold air moving from cold aisles to hot aisles (back of servers), it should also move ___
from floor to ceiling
143
smoke detectors can be either ___ or ___
Ionization; photoelectric
144
flame detectors detect ___ emitted by fire, so they require ___ to work properly
infrared or ultraviolet light; line of sight
145
if sprinklers are used for fire suppression in a data center, they should be ___ so no water is released until there is a fire alarm AND the sprinkler head is open
double interlock
146
CO2 might be used for fire suppression in a data center if the center is ___
unmanned
147
possible gases that could be used for fire suppression in a data center are:
1. ___
2. ___
3. ___
4. ___
1. Argon (50% Nitrogen)
2. FE-13 (flouroform)
3. FM-200
4. Inergen (Nitrogen, Argon and 8% CO2)
148
Fire Extinguishers can be:
1. ___
2. ___
3. ___
1. Soda-Acid (no longer used)
2. Dry Powder (primarily for metal fires)
3. Wet Chemical (foam blanket, common)
