CISSP - Security Architecture and Engineering
What is a security control? A. A security component that stores attributes that describe an object B. A document that lists all data classification types C. A list of valid access rules D. A mechanism that limits access to an object
D. A mechanism that limits access to an object
Which security models are built on a state machine model? A. Bell-LaPadula and Take-Grant B. Biba and Clark-Wilson C. Clark-Wilson and Bell-LaPadula D. Bell-LaPadula and Biba
D. Bell-LaPadula and Biba
What form of attack abuses a program's lack of length limitation on the data it receives before storing the input in memory, which can lead to arbitrary code execution? A. ARP poisoning B. XSS C. Domain hijacking D. Buffer overflow
D. Buffer overflow A buffer overflow attack occurs when an attacker submits data to a process that is larger than the input variable is able to contain. Unless the program is properly coded to handle excess input, the extra data is dropped into the system's execution stack and may execute as a fully privileged operation.
What type of motion detector senses changes in the electrical or magnetic field surrounding a monitored object? A. Wave B. Photoelectric C. Heat D. Capacitance
D. Capacitance A capacitance motion detector senses changes in the electrical or magnetic field surrounding a monitored object.
When a trusted subject violates the star property of Bell-LaPadula in order to write an object into a lower level, what valid operation could be taking place? A. Perturbation B. Polyinstantiation C. Aggregation D. Declassification
D. Declassification
What is the concept of a computer implemented as part of a larger system that is typically designed around a limited set of specific functions (such as management, monitoring, and control) in relation to the larger product of which it's a component? A. IoT B. Application appliance C. SoC D. Embedded system
D. Embedded system An embedded system is a computer implemented as part of a larger system. The embedded system is typically designed around a limited set of specific functions in relation to the larger product of which it's a component. It may consist of the same components found in a typical computer system, or it may be a microcontroller.
Which of the following is not a security-focused design element of a facility or site? A. Separation of work and visitor areas B. Restricted access to areas with higher value or importance C. Confidential assets located in the heart or center of a facility D. Equal access to all locations within a facility
D. Equal access to all locations within a facility
Which security principle mandates that only a minimum number of operating system processes should run in supervisory mode? A. Abstraction B. Layering C. Data hiding D. Least privilege
D. Least privilege
Which of the following is typically not a culprit in causing damage to computer equipment in the event of a fire and a triggered suppression? A. Heat B. Suppression medium C. Smoke D. Light
D. Light
What is the most common form of perimeter security devices or mechanisms? A. Security guards B. Fences C. CCTV D. Lighting
D. Lighting
Which one of the following encryption algorithms is now considered insecure? A. El Gamal B. RSA C. Elliptic Curve Cryptography D. Merkle-Hellman Knapsack
D. Merkle-Hellman Knapsack The Merkle-Hellman Knapsack algorithm, which relies on the difficulty of factoring super-increasing sets, has been broken by cryptanalysts.
When correctly implemented, what is the only cryptosystem known to be unbreakable? A. Transposition cipher B. Substitution cipher C. Advanced Encryption Standard D. One-time pad
D. One-time pad
Which one of the following Data Encryption Standard (DES) operating modes can be used for large messages with the assurance that an error early in the encryption/decryption process won't spoil results throughout the communication? A. Cipher Block Chaining (CBC) B. Electronic Code Book (ECB) C. Cipher Feedback (CFB) D. Output feedback (OFB)
D. Output feedback (OFB) Output feedback (OFB) mode prevents early errors from interfering with future encryption/decryption. Cipher Block Chaining and Cipher Feedback modes will carry errors throughout the entire encryption/decryption process. Electronic Code Book (ECB) operation is not suitable for large amounts of data.
Brian computes the digest of a single sentence of text using a SHA-2 hash function. He then changes a single character of the sentence and computes the hash value again. Which one of the following statements is true about the new hash value? A. The new hash value will be one character different from the old hash value. B. The new hash value will share at least 50% of the characters of the old hash value. C. The new hash value will be unchanged. D. The new hash value will be completely different from the old hash value.
D. The new hash value will be completely different from the old hash value
Symmetric algorithms
DES 3DES IDEA Blowfish Skipjack AES
Explain the basic operational modes of the Data Encryption Standard (DES) and Triple DES (3DES)
DES operations in five modes: Electronic code book (ECB) Mode Cipher Block Chaining (CBC) mode Cipher Feedback (CFB) mode Output Feedback (OFB) mode Counter (CTR) mode ECB mode is considered the least secure and is used only for short messages. 3DES uses three iterations of DES with two or three different keys to increase the effective key strength to 112 or 168 bits, respectively.
Explain the componetns of the Digtial Singaure Standard (DSS)
DSS uses SHA-1, SHA-2 and SHE-3 message digests functions along with one of the three ecnryption algorithms: Digital Signature Algorithm (DSA) RSA (ECDSA) Elliptireu Curve DSA
Which of the following relational database terms would include a central repository of metadata and data relationships? File Database management system Data dictionary Table
Data dictionary The data dictionary is a central repository of metadata and data relationships. A data dictionary, or metadata repository, as defined in the IBM Dictionary of Computing, is a "centralized repository of information about data such as meaning, relationships to other data, origin, usage, and format". Oracle defines it as a collection of tables with metadata
A tables _______ is the number of columns in the table
Degree
PEAP
EAP encapsulated inside TLS tunnel WPA and WPA2
ECB
Electronic Code Book - each block is encrypted independently ex: with DES each 64 bit block size is encrypted independently.
What is EEPROM
Electronically Erasable Programmable read only memory
Encrypt a message by using recipient's = key Decrypt a message by using recipient's = key digitally sign a message = key verify a digitally signed message = key
Encrypt a message by using recipient's = public key Decrypt a message by using recipient's = private key digitally sign a message = sender's private key verify a digitally signed message = sender's public key
What is EPROM
Erasable Programmable read only memory
EAP
Extensible Authentication Protocol port based network access control supported by WPA and WPA2
Explain XMl
Extensible Markup Language is a standard document description language for databases and common on the web. - XML injection attack occurs due to failure to screen / sanitize XML input (SQL Injection) - To enhance security use PKI and SSL/TLS to encapsulate and encrypt XML data.
Rubber Hose Attacks
Extortion, bribery or threats of violence
Users sending data to cloud storage systems from corporate systems is not considered a security risk. TRUE It depends on the Security Policy FALSE
FALSE
Virtual memory used by the hypervisor is on DIMMs. True or false? TRUE FALSE
FALSE Virtual memory is most often used on HDDs. DIMMs, the memory cards you put in slots next to your CPU, are standard volatile memory.
Explain the fundametnal requirements of a hash function
Good hash functions have five requirements - they must allow input of any length - provide fixed length output - make it relatively easy to compute the hash function for any input - provide one way functionality - be collision free
Biba Security Model
INTEGRITY ONLY - will show you the data but it can't be changed NO READ DOWN NO WRITE UP - focuses on protecting objects from external threats - does not address access control - does not provide a way to classify level of a subject or object - does not prevent covert channels
Clark-Wilson Security Model
INTEGRITY ONLY - takes a different approach than Biba - uses a three part relationship (subject | program | object) called triple or access control triple
Explain the common applications of cryptography to secure networking
IPsec protocol standard provides a common framework for encrypting network traffic and is built into a number of common operating systems. IPsec transport mode, packet content are encrypted for per to peer communication In tunnel mode, the entire packet, including hearer information is encrypted for gateway to gateway communication.
The three Cloud Service Models are:
IaaS, PaaS, SaaS
An __________ is used to find records within a table more quickly.
Index
What database confidentiality issue occurs when the attacker logically deduces the missing details of a database? Relational Inference Interference Aggregation Attack
Inference An Inference Attack is a data mining technique performed by analyzing data in order to illegitimately gain knowledge about a subject or database. NEXT
Explain IaaS
Infrastructure as a service - renting infrastructure on annual contract - you rent hardware and you do everything else - don't manage network, hardware, hvac, power, etc.
client based vulnerabilities and threats are?
Insufficient input validation Man in the middle attacks Cookies XSS Adware Spyware
Explain Browser Add-ons weaknesses
Java, Flash, Apple QuickTime and Adobe Acrobat reader have shown numerous vulnerabilities
protection rings
Level 0 Security Kernel reference monitor level 1 and 2 device drivers level 3 user mode
What is Encryted viruses
Load and decrypt themselves once on the system
128 bit hashing is _________ hash algorithm
MD5
Microsoft protected passwords with hashes using?
MSCHAP, NTLM, NTLMv2 and Kerberos
what is Polymorphic viruses
Modify their code ("signature") when infecting a new system
type 1 hypervisor
Native or Bare metal. Used for server virtualization
Computer PROCESS states?
New > Ready > Waiting > Running > Terminated
one time pad
Only TRULY UNBREAKABLE Cryptosystem, but only if implemented correctly.
John is looking to setup his business and wants to deploy his application on the Cloud with minimal effort what investment should he make SaaS IaaS PaaS HaaS
PaaS
four cloud deployment models
Private - on prem or aws/azure, google, etc. Community - cloud within a cloud, like ADP for HR. group of users with a common goal or service to use Public - paid and free server. Example dropbox Hybrid - two or more cloud models
What is PROM
Programmable read only memory
WEP uses RC __________ algorithm
RC 4
the more faster symmetric algorithms are?
RC4 AES IDEA DES 3DES Blowfish
Explain the three major public key cryptosystems
RSA is the most famous Diffie Hellman key exchange depends on modular arithmetic Ellipic curve algorithm depend son the elliptic curve discrete logarithm problem and provider more security than other algorithms when both are use with key of the same length.
the more scalable (growth) Asymmetric algorithms are?
RSA, ECC, ElGamal, Diffie-Hellman - to help learn : A REED
What is ROM
Read Only Memory
When working with relational databases and data storage, which of the following terms is associated with data that is represented by a collection of tables? Tuple Relation Element Stored procedure
Relation
Relational Database
Relational Database Management System (DBMS) is a suite of software programs that maintains and provides controlled access to records - Oracle, SQL Server, DB2, MySQL, Cloud etc. - Data and relations are stored in a series of tables - Rows and columns in a table structure
Which program includes 'log scrubbers' that remove traces of attacker's activities from system logs. Rootkit Backdoor Adware Spyware
Rootkit
RSA hashing algorithms is:
SHA -SHA 1 = 160 bits - SHA 2 - 224 - 256 - 384 - 512 MD 2, 4 or 5 = all produce a 128 bit output HAVAL - 128, 160, 192, 224 or 256 HMAC - variable RIPEMD 160
160 bit hashing is ____________ hash algorithm
SHA 1
256 bit hashing is ___________ hash algorithm
SHA 256
Explain the different hashing algorithms
SHA-1 and SHA-2 make up the government standard message digest function. SHA-1 produces a 160 bit message digest whereas SHA-2 support variable lengths ranging up to 512 bits. SHA-3 improves upon the security of SHA-2 and support the same hash lengths
weaknesses of asymmetrical system
SLOW
Software designers use process confinement to restrict the actions of a program. Simply put, process confinement allows a process to read from and write to only certain memory locations and resources. This is also known as: Sandboxing Bounds Isolation Controls
Sandboxing
Explain SAML
Security Assertions Markup Language is a XML based framework for exchanging security related ifnormation and SSO between business partners
Define object and subject in terms of access
Security controls use access rules to limit the access by a subject to an object
SLA
Service level agreement. An agreement between a company and a vendor that stipulates performance expectations, such as minimum uptime and maximum downtime levels.
common formal security models
State machine - Based on object and attributes. System bootup, any activity and system failure all secure Lattice Based - Defined Upper and Lower Bounds. Non Interference Model - Barriers between levels to prevent data leakage Information Flow Models - Data flow between objects at various security levels
Explain the access control methods
State machine model - ensures that all instances of subjects accessing objects are secure. Information flow model - prevent unauthorized, insecure, or restricted information flow. noninterference model - prevents the actions of one subject from affecting the system state or actions of another subject. take grant model - dictates how rights can be passed from one subject to another or from a subject to an object.
Explain the difference in symmetric and asymmetric cryptosystems
Symmetric key cryptosystems (or secret key cryptosystems) rely on the use of a shared secret key. They are much faster than asymmetric algorithms, but they lack support for scalability, easy key distribution and non repudiation. Asymmetric cryptosystems use public - private key pairs for communication between parties but operate much more slowly than symmetric algorithms.
_____________ encryption or decryption request is performed immediately
Synchronous
List the classes of TCSEC, ITSEC and the common criteria
TCSEC include verified protection, mandatory protection, discretionary protection and minimal protect. ITSEC have no corresponding rating in TCSEC
Computers can have several different applications as one time, which means that many PROCESSES or applications can be running at once. PROCESSES are made up of _______________ of computer code and each PROCESS can handle something different.
THREADS
Which criminal law was the first to implement penalties for creators of viruses, worms, and other types of malicious code that would harm computer systems? The Computer Fraud and Abuse Act Privacy Act 1974 USA PATRIOT Act The Uniform Computer Information Transactions Act
The Computer Fraud and Abuse Act
Mean Time to Repair (MTTR)
The average amount of time a computer repair technician needs to resolve the cause of a failure through replacement or repair of a faulty unit.
Mean time to failure (MTTF)
The average amount of time expected until the first failure of a piece of equipment.
Explain the common applications of cryptography to secure email
The emerging standard of encrypted message is the S/MIME protocol. Another popular email security tools is PGP. Most users of email encryption rely on having this technology built into there email client or there web based email service.
Explain how digital signatures are generated and verified
To digitally sign a message, first use a hashing function to generate a message digest. Then encrypt the digest with your private key. To verify the digital signature on a message, decrypt the signature with the senders public key and then compare the message digest to one you generate yourself. If they match, the message is authentic
Polyinstantiation
To protect sensitive data such as top secret, users lower-level users received fake view of the data vs "you don't have access" message
What is TPM? and What is it used for?
Trusted Platform Module and part of motherboard. It adds advanced cryptographic functions. It is used by full disk encryption software, and may be a separate module or integrated into the motherboard.
Which type of security zone prevents more than one person from gaining entry at a time and often restricts movement in one direction Turnstile Mantrap Gate Fence
Turnstile
VMware ESXi is what type of hypervisor? Type 1 Type 2
Type 1
Explain the two layered operating modes used by most modern processors
User applications operate in a limited instruction set environment know as user mode. The operating system performs controlled operations in privileged mode, also know as system mode, kernel mode and supervisory mode.
Explain the Advanced Encryption Standard (AES)
Uses the Rijindael algorithm and is the U.S. government standard for the secure exchange of sensitive but unclassified data. AES uses key lengths of 128, 192 and 256 bits and a fixed block size o f128 bits to achieve a much higher level of security than that provided by older DES algorithm.
What is it called if an attacker runs a malware or code on a virtual machine that allows the operating system running on the VM to break out and interact directly with the hypervisor? VLAN hopping VM hopping VM escaping None of these
VM escaping
Explain the basic terminology of cryptography
When a sender wants to transmit a private message to a recipient, the sender takes the plaintext (unencrypted) message and encrypts it using an algorithm and a key. This produces a ciphertext message that is transmitted to the recipient. The recipient then uses a similar algorithm and key to decrypt the cipher text and re-create the original plaint text message for viewing.
Explain how cryptographic salts improve the security of password hashing
When straight forward hashing is used to store passwords in a passwords file, attackers may use rainbow table of precomputed values to identify commonly used passwords. Adding salts to the passwords before hashing them reduces the effectiveness of rainbow table attacks. Common password hashing algorithms that us key stretching to further increase the difficulty of attack include PBKDF2, bcrypt and scrypt
State machine model
Will guarantee that the system will transition only from one secure state to another secure state. ex: approved policy that defines bank vault to be open during business hours and another approved policy defining the secure policy while being closed.
Explain work function (work-factor)
Work function or work factor is a way to measure the strength f a cryptography system by measuring the effort tin terms of cost and/or time to decrypt messages. Usually the time and effort required to perform a complete brute force attack against an encryption system is what a work function rating represents. The security and protection offered by a cryptosystem is directly proportional to the value of it's work function/factor.
What is a trojan horse
a computer program that appears to have a useful function, but also has a hidden and potentially malicious function - many various forms and functionality - Games - Fake anti-virus - Utilities / productivity tools - the benign component may actually provide the advertised functionality or may not work at all.
What is a Tuple
a row or record in a database
A Database Table is?
a set of rows and columns that contains related information - looks like a spreadsheet
What is database Inference
ability to guess restricted information from observing available information
strengths of asymmetrical system
adding users ONLY requires the generation of the key pair uses can be removed easily, without having to regenerate keys ONLY time you typically regenerate a key is if the PRIVATE KEY of a user has been compromised provides CIA and non repudiation
A state machine model all choices describes the behavior of the system to different inputs allow a state transition when the objects security attributes and the access rights of the subject are reviewed and allowed by the operating system provides mathematical constructs that represents sets and sequences
all choices
Explain the uses of digital rights management (DRM)
allow content owners to enforce restrictions on the use of there context by others. DRM solutions commonly protect entertainment content, such as music, movies and e books but are occasionally found in the enterprise protecting sensitive information stored in documents.
Cipher Feedback (CFB)
allows encryption of partial blocks rather than requiring full blocks for encryption. This eliminates the need to pad a block to get to 64 bits like in CBC
brute force attacks
always successful but not timely - can be accomplished by applying every possible combination of characters within a key space that could be the key
_____________ encrypt or decrypt request is processed in queues
asynchronous
Explain Email threats
attachments, HTML links, phishing and social engineering are forms of email threats
what is tailgating
attacker sneaks' in unnoticed when an employee does not shut the door after entering / exiting the facility
Rainbow Tables
attempt to shortcut using tables of pre computed hash values - use of specialized hardware
What is a candidate key in databases?
attribute that could uniquely identify the rows in a table. A given table may have many candidate keys.
in databases what are columns called
attributes
what is salt
automatically add padding to passwords before they are hashed
Gas Systems - operate to starve the fire of oxygen. Halon used to be used in most systems, as it is a very effective suppression agent. However, it is problematic for several reasons, and has been banned by International Treaty (Montreal Protocol). A variety of alternates are now used, including: a. FM-200 b. CEA-410 or CEA-308 c. Argon d. Aero-K
banned by International Treaty (Montreal Protocol)
stream ciphers
bit by bit
International Data Encryption Algorithm (IDEA)
block cipher like DES 64 bit blocks to encrypt like DES starts with 128 bit key NOT like DES
block ciphers
block or chunks of text
Dictionary attacks
break many passwords - a list of common passwords is tried to determine a key - hybrid attacks do common letter substitution and append letters
Open systems?
built upon publish standard, protocols, and interfaces
What is a foreign key in databases?
cell value in one table that refers to a unique key in a different tables in the same database. This linking key enables the create of table relations
certificates are issued from ________________ templates
certificate
difference between certification and accreditation
certification is the technical evaluation of each part of a computer system to assess its concordance with security standards. Accreditation is the process of formal acceptance of a certified configuration from a designated authority.
CBC
cipher block chaining each ciphertext output becomes input for the next cycle each block is prefixed with previous ciphertext block before encrypted.
what is a cloud access security broker (CASB)
cloud access security broker is a security policy enforcement that may be installed on premises or may be cloud based
explain risks with cloud computing and virtualization
cloud computing and vitalization especially when combined have serious risk associated with them. Once sensitive, confidential or proprietary data leaves the confines of the organization, it also leaves the protections imposed by the organizational security policy and resultant infrastructure. Cloud service and ether personnel might not adhere to the same security standards as your organization.
What is an Attribute
column or field in a database
Understand the security capabilities of information systems
common security capabilities include memory protection, virtualization and trusted platform module (TPM)
registration CAs
confirming accuracy of the information in the CA request and user validation if no registration CA is available it will go directly to LDAP server or directory server aka Active Directory.
explain abstraction
creates black box interfaces for programmers to use without requiring knowledge o fan algorithm's or devices' inner workings.
explain layering
creates difference realms of security within a process and limits communication between them
broken authentication
credentials being cached in the clear replay attacks because of bad cookie and session management imbedded credentials
Explain XSS
cross site scripting attack injects malicious script in Web Pages - common way to steal a users web server login credentials - Cross Site Forgery Request - Authenticated user must take unwanted action
Explain the importance of key security
cryptographic keys provide the necessary element of secrecy to a cryptosystem. Modern cryptosystems utilize keys that are at least 128 bit long to provide adequate security. It's generally agreed that he 56 bit key of the data Encryption Standard (DES) is no longer sufficiently long to provide security.
explain the four security modes approved by the federal government for processing classified information
dedicated systems required that all users have appropriate clearance, access permission, and need to know for all the information stored on the system. System high mode removes the need to know requirement compartmented modes removes the need to know requirement and the access permission requirement. Multilevel mode removes all three requirements.
Symmetric Multiprocessing (SMP)
each processor performs all tasks within the OS, processors are peers, there are no peers. Symmetric means "single"
Explain Data Normalization
eliminates duplicates and ensure that attributes in a table depend only on the unique primary key
Digital Rights Managements
encrypt and secure: music e-books video games document movies
explain hardware segmentation
enforces process isolation with physical controls
explain isolation
ensures that individual processes can access only their own data
what is cardinality
equal to the number of rows in the table
Explain PaaS
everything with IaaS BUT: - we specify the operating system we want loaded and the basic configuration of that environment. - we control and deploy applications on top of that - consumer does not manage or control the underlying cloud infrastructure, including network, servers, operating systems or storage. - CLOUD handles patch management, operating system upgrades, software driver updates
What is a hoax virus?
false information about virus threats, waste of time / resources
social engineering
fool someone into disclosure
symmetric
for someone to decrypt my data I would have to give them a copy of my key to decrypt the message. One key
cross site request forgery
forces a logged on victim's browser to send a forged HTTP request including cookie, authentication to vulnerable web application.
mobile device security include
full device encryption remote wiping lockout screen locks GPS application control storage segmentation asset tracking inventory control mobile device management device access control removable storage disabling of unused features
crypto collision
hash function generates the same output for different inputs just like key cluster
message digest are also called
hashes hash values hash total CRC fingerprint checksum digital ID
what is stealth viruses
hide by modifying various OS component
what is piggybacking
holding the door open for someone following you
type 2 hypervisor
hosted on a client O/S VMware Hyper V Xen
explain security concerns of a wiring closet
if an unauthorized intruder gains access to the area, they may be able to steal equipment, pull or cut cables or even plant a listening device.
Explain the public key infrastructure (PKI)
in PKI CA's generate digital corticates containing the public keys of the system users. User then distribute these certificates to people with how they want to communicate Corticate recipients verify a certificate using the CA's public key
Explain Database denormalization
involves adding extra information to the tables for performance or security
Explain the concept of zero knowledge proof
is a communication concept. A specific type of information is exchanged but no real data is transferred as with digital signatures and digital certificates.
Viruses are?
is a small application, or string of code that infects applications - requires a host application and can't replicate on its own virus propagation techniques - master boot record viruses - attacks the MBR used by computer to load the OS - File infector viruses - infect executable files (EXE, COM, etc.) - Macro Viruses - exploit scripting functionality of applications - Service injection viruses - inject themselves into trusted runtime processes
Explain data flow control
is essentially information flow control - this is a procedure to ensure that information transfer within an information system are not made in violation of the security policies. Isolation of processes in layer based on sensitivity for security
Define a trusted computing based (TCB)
is the combination of hardware, software and control that form a trusted base that enforces the security policy.
Explain what a security permeter is
is the imaginary boundary that separates the TCB from the rest of the system. TCB components communicate with non TCB components using trusted paths.
insufficient input validation
is when we don't properly validate the input we receive from a user we can have many different types of attacks on our web servers and/or our databases.
subordinate ca's
issues certificates to users and/or computers on behalf of the root ca
what is a worm
it is malware that is able to self propagate - NO "host" application needed - NO human interaction required
Weaknesses of symmetric-key cryptography
key distribution is a challenge / not scalable NO non-repudiation is possible because everyone has a copy of the key key must be regenerated whenever anyone leaves the group of keyholders
Algorithm Errors
known weakness in programs
insecure deserialization
leads to remote code execution
What are rainbow tables
list of passwords and their calculated hashes
Frequency analysis
look for more a or e in English looking at blocks of an encrypted message to determine if any common patterns exist
Security Kernel
made up of all the components of the TCB (OS) and is responsible for implementing and enforcing the reference monitor A security kernel is responsible for enforcing a security policy.
XML External Entities (XXE) vulnerabilities
many older or poorly configured XML processors evaluate external entity references within XML documents. External entities can be used to disclose internal files using the file URI handler, internal file shares, internal port scanning, remote code execution and denial of service attacks.
hash function
mathematical operation that reduces a message or data file into a smaller FIXED length output or hash value
algorithms on asymmetric
merkle-hellman knapsack el Gamal Elliptic curve Cryptography (ECC)
security misconfiguration
most common seen issue not by impactful but most common malpractice insecure default configurations incomplete or ad hoc configurations open cloud storage misconfigured HTTP headers verbose error messages containing sensitive information not only must all operating systems, frameworks, libraries and applications be securely configured but they must be patched and upgraded in a timely fashion.
directory traversal
moving from one directory to others without the knowledge of the system owner
Difference between multitasking, multithreading, multiprocessing and multiprogramming
multitasking is the simultaneous execution of more than one application on a computer and is managed by the operating system. Multithreading permits multiple concurrent tasks to be performed within a single process Multiprocessing is the use of more than one caresser to increase computer power Multiprogramming is similar to multitask but tases place on mainframe system and required specific programming
Symmetric - how many keys do I need for 4 participants
n(n-1)/2 keys 4(4-1)/2 = 6
Output Feedback (OFB)
no block but instead works on the individual block in the STREAM as they come through. synchronous
explain buffer overflow and input violation
occurs when the programmer fails to check the size of input data prior to wiring the data into a specific memory location any failures to validate input data could result in a security violation
what is a database DEAD LOCK
occurs when two users try to access the information at the same time and both are denied.
What is registers in memory
onboard memory available to the CPU
explain the requirements for successful use of a one time pad
one time pad to be successful, the key must be generated randomly without any known pattern. The key must be at least as long as the message to be encrypted. The pads must be protected against physical disclosure and each pad must be used only one time and then discarded.
root CA's
only issues certificates to subordinate CA's
describe open and closed systems
open systems are designed using industry standards and are usually easy to integrate with other open systems. closed systems are generally proprietary hardware and/or software. Their specifications are not normally publish and they are usually harder to integrate with other systems.
Your first line of defense is?
physical security
What is a Logic Bomb
piece of code intentionally inserted into a software system that will set off a malicous function when specified conditions are met - often planted by disgruntled employees - May be programmed into applications by developers to destroy their work after leaving the company - Often serve as a trigger for loading other malware
explain Applets
platform independent programs sent froma server to a client to perform an action - JavaScript Sandbox for memory isolation - None on Microsoft's Active X
explain BYOD
policy that allows employees to bring their own personals mobile devices to work and then use those devices to connect to (or through) the company network to business resources and/or the internet. security issues include: data ownership support ownership patch management antivirus management forensics privacy on board off boarding adherence to corporate policies user acceptance architecture infrastructure considerations legal concerns acceptable use policies on board cameras / video
what helps to prevent adware and spyware
pop up blockers in the browser adware is more of nuisance while spyware is a bigger threat as it steals the users data
explain data hiding
prevents information from being read from a different security level
Each table has one __________ key that is the candidate key selected by the dba to uniquely identify each row (tuples or records) or the table
primary
what is serialization
process of translationg data structures or object state into a format that can be stored or transmitted and reconstructed later.
Digital Signatures
provide assurance that a message does indeed come from the person who claims to have sent it, it has not been altered, both parties have a copy of the same document and the person sending the document cannot claim that he/she did not send it.
Digital signature or digital signing
provides authentication of a sender and integrity of sender's message. A MESSAGE is INPUT into a HASH function. Then the HASH value is ENCRYPTING using the PRIVATE key of the SENDER. The result of these two steps yields a digital signature. "digital signing a message doesn't encrypt the message or payload but instead encrypting the hash value that represents the integrity of the message" safely ensure integrity through transmission verify who it came from and verify where it went but doesn't encrypt data
Explain the key types used in asymmetric crypography
public keys are feely shared among communicating parties, whereas private key are kept secret. To encrypt a message use the recipient's public key To decrypt a message use your own private key. To sign a message, use your own private key. To validate a signature, use the sender's public key.
initialization vector (IV)
randomized sequence that is added to plain text before we generate key and crypt data.
what is RAM
read and writing allowed
explain reference monitor and the security kernel
reference monitor is the logical part of the TCB that confirms where a subject has the right to use a resource prior to granting access. The security kernel is the collection of the TCB components that implement the functionality of the reference monitor.
Security issues surrounding secondary storage devices
removable media can be used to steal data access controls and encrypted must be applied to protect data data can remain on the media even after ile deletion or media formatting.
what is a crypto system
represents the entire cryptographic operation. This includes the algorithm, key and key management functions
Broken Access Controls
restrictions on what authenticated users are allowed to do are often not properly enforced.
ways to defeat cryptographic attacks
salt the passwords - add random values to the end of the password and then hash. stored in database like this pepper - large constant number stored separately from the hashed password. key stretching meet in the middle - only two rounds of encryption man in the middle - sitting in the middle of the communication birthday attack - collision attack | reverse hash
Propagating Cipher Block Chaining (PCBC)
same as cipher block chaining other than plaintext and ciphertext is prefixed before encrypting.
Explain IPsec
security architecture framework that supports secure communication over IP. IPsec establishes a secure channel in either transport mode or tunnel mode. It can be used to establish direct communication between computer or to setup a VPN between networks. IPsec uses two protocols: Authentication Header (AH) Encapsulating Security Payload (ESP)
what is a SECaaS
security as a service is a cloud provider concept in which security is provided to an organization through or by an online entity
explain types of security models
security models focus on defining allowed interactions between subjects (users) and objects (assets/data) at a particular moment in time.
Explain Cloud Access Security Broker (CASB)
security policy enforcement between cloud provider and customer
Explain Security as a Service (SECaaS)
security provided by third party cloud provider outside of current cloud provider hosting environment
What is flash memory
similar to EEPROM, difference is that EEPROM must be FULLY erased to be rewritten, while flash can be erased and rewritten in blocks or pages.
Difference between single state processor and multi state processors
single state processors are only able to operate at one security level at a time multi-state processors can simultaneously operating at multiple security levels
Explain SaaS
software as a service - includes IaaS and PaaS - software packages in the cloud
Explain mobile code
software downloaded and executed on a PC web based vulnerabilites and threats
Explain the common applications o cryptography to secure web activity
standard to secure HTTP traffic over TLS or older SSL
sensitive data exposure
stealing sensitive data by weak protected security policies and/or extra protection like encryption
object oriented databases
store objects rather than data such as integers, strings or real numbers - used in C++ and/or Java
RC4
stream not block
Injection attacks
such as SQL, NoSQL, OS and LDAP injection - accessing data via command or query without proper authorization a. input validation b. limit account privileges
Explain split knowledge
that information or privilege required to perform an operation is divided among multiple users. This ensures that no single person has sufficient privileges to comprise the security of the environment. M of N Control is an example of split knowledge.
Mean Time Between Failures (MTBF)
the average length of time between failures of a product or component
longer keys are more secure because?
the larger the key space the more possible key value and much harder to break.
Explain directory traversal attacks
this is within web servers - attackers moves from root directory into restricted directories
work factor
time and effort required to break a protective measure to break crypto keys
in databases what are rows called
tuples
Counter (CTR) mode encryption
turns a block cipher into a stream cipher. It generates the next keystream block by encrypting successive values of a "counter"
what is multipartite viruses
use more than one propagation technique
S/MIME
use of digital signature's and digital certificates to secure email
Digital Signature Standard (DSS)
used by US Federal Government - All digital signatures must use SHA 3 - Digital signature algorithm for encryption - RSA algorithm for encryption - Elliptic Curve DSA for encryption
PGP
used by email security Phil Zimmerman
Sensible cooling - the ability of the air-conditioning system to remove heat that can be measured by a thermometer
used by thermometer
WPA2
uses AES & TKIP up to 256bit CCMP KRACK
RC5
variable BLOCK size (32, 64 or 128 bits) with variable key length of 0 bits to 2048 bits.
strengths of symmetric key cryptography
very fast
massively parallel processing (MPP)
very large collections of CPUs, each having its OWN O/S, a data bus and memory. multiple devices
What is database concurrency
when concurrent processes happen and the possibility of old data. example: if account has been locked out but the that lockout hasn't propagated to all systems and the user is still able to process data for a period of time.
WPA
wifi protected access based on LEAP and TKIP
closed system?
work only with specific range of other systems ex: apple ios - software is optimized for specific hardware not to be confused with open source and closed source software
Bell-LaPadula Model
- Confidentiality - uses MAC or mandatory access control rules - uses security/sensitivity labels on objects and clearances for subjects - defined by DoD in TCSEC - restricted to no read up and no write down
Explain how network resource abuse is a major problem
- Impersonation attacks where the attacker pretends to be a user - interception attacks is where individuals capture our network traffic and looks to sensitive data that may be transmitted - Denial of service attack where a attacker attempts to take our systems offline - theft of network resources to reduce these types of threats we can use - MFA - Secure authentication (Kerberos) - Accountability through policies and auditing
Web based vulnerabilities and threats
- Mobile code - Applets - Browser add-ons - XML - Security Assertions Markup Language - Email
Explain some server based vulnerabilities and threats
- Network resource abuse - Data flow control - Privilege escalation - Directory traversal attack
what are known examples of worms
- The internet worm - Code Red worm - Nimda - Stuxnet
Biba model
- integrity model - rules control transfer of data between integrity levels - MAC and lattice model - no read down but can read up - no write up but can write down
explain man in the middle attack
- intercept traffic between two parties - passive attack is usd to only monitor or capture information - Active attack - is when TCP/IP Hi-Jacking take over authenticated session
Hashing
- is not encryption - ensure integrity - hash is unique like a fingerprint - MD5, SHA-1, SHA-2 or SHA-3 are for hashing or message digest
Explain privilege escalation vulnerability
- to much access - by security of ACL or reference monitor - Audit to detect this common vulnerability
Certificate Lifecycle:
1. Enrollment 2. Verification 3. Revocation
processors CPU perform four key tasks:
1. Fetching 2. Decoding 3. Executing 4. Storing
distribute symmetric keys in this three ways?
1. Offline Distribution 2. Public Key Encryption 3. Diffie-Hellman algorithm - secure way to exchange keys
Applications and in particular XML based web services or downstream integrations might be vulnerable to attack IF:
1. The application accepts XML directory or XM uploads, especially from UNTRUSTED sources, or inserts UNTRUSTED data into XML documents, which is then parsed by an XML processor. 2. Any of the XML processors in the application or SOAP based web services has document type definitions (DTDs) enabled. As the exact mechanisms for disabling DTD processing varies by processor, it is good practice to consult a reference such as the OWASP cheat sheet 'XXE Prevention' 3. If your application uses SAML for identity processing within federated security or single sign on (SSO) purposes. SAML uses XML for identity assertions and my be vulnerable. 4. If the application uses SOAP prior to version 1.2, it is likely susceptible to XXE attacks if XML entities are being passed to the SOAP framework. vulnerable to XXE attacks, likely means that the application is vulnerable to DoS attacks
Five essentials of cloud computing
1. on demand self service - portal to execute tasks vs calling in. "Self Service" 2. Broad network access 3. resource pooling - CPU, memory, storage, network 4. rapid elasticity - scale up or scale down as needed 5. measured service - for cost on metrics on resources
operations of AES
1. substitute bytes 2. shift rows 3. mix columns 4. add round key
twofish
128-bit block cipher with up to 256 bit length
3DES
168 Bit Key, 64 Bit block size
One way to consider an architecture to implement defense in depth is the rings approach to physical security. There are __________ rings and they are the following: 4 Rings Ring 1 - Areas on the perimeter of the business building Ring 2 - Immediate area around the business building/environmental (fire, floods, moisture, power) Ring 3 - Internal location of the business building Ring 4 - Human factors 2 Rings Ring 1 - Areas on the perimeter of the business building Ring 2 - Immediate area around the business building/environmental (fire, floods, moisture, power) 3 Rings Ring 1 - Areas on the perimeter of the business building Ring 2 - Immediate area around the business building/environmental (fire, floods, moisture, power) Ring 3 - Criminal factors
4 Rings Ring 1 - Areas on the perimeter of the business building Ring 2 - Immediate area around the business building/environmental (fire, floods, moisture, power) Ring 3 - Internal location of the business building Ring 4 - Human factors
DES
56 bit
key clustering
A weakness in cryptography where a plain-text message generates identical cipher-text messages using the SAME algorithm but different keys.
John wants to produce a message digest of a 2,048-byte message he plans to send to Mary. If he uses the SHA-1 hashing algorithm, what size will the message digest for this particular message be? A. 160 bits B. 512 bits C. 1,024 bits D. 2,048 bits
A. 160 bits The SHA-1 hashing algorithm always produces a 160-bit message digest, regardless of the size of the input message. In fact, this fixed-length output is a requirement of any secure hashing algorithm.
Acme Widgets currently uses a 1,024-bit RSA encryption standard companywide. The company plans to convert from RSA to an elliptic curve cryptosystem. If it wants to maintain the same cryptographic strength, what ECC key length should it use? A. 160 bits B. 512 bits C. 1,024 bits D. 2,048 bits
A. 160 bits The elliptic curve cryptosystem requires significantly shorter keys to achieve encryption that would be the same strength as encryption achieved with the RSA encryption algorithm. A 1,024-bit RSA key is cryptographically equivalent to a 160-bit elliptic curve cryptosystem key.
What is the length of the cryptographic key used in the Data Encryption Standard (DES) cryptosystem? A. 56 bits B. 128 bits C. 192 bits D. 256 bits
A. 56 bits
Which one of the following is not a possible key length for the Advanced Encryption Standard Rijndael cipher? A. 56 bits B. 128 bits C. 192 bits D. 256 bits
A. 56 bits
Which of the following describes a community cloud? A. A cloud environment maintained, used, and paid for by a group of users or organizations for their shared benefit, such as collaboration and data exchange B. A cloud service within a corporate network and isolated from the internet C. A cloud service that is accessible to the general public typically over an internet connection D. A cloud service that is partially hosted within an organization for private use and that uses external services to offer resources to outsiders
A. A cloud environment maintained, used, and paid for by a group of users or organizations for their shared benefit, such as collaboration and data exchange
What is an access object? A. A resource a user or process wants to access B. A user or process that wants to access a resource C. A list of valid access rules D. The sequence of valid access types
A. A resource a user or process wants to access
Which security model addresses data confidentiality? A. Bell-LaPadula B. Biba C. Clark-Wilson D. Brewer and Nash
A. Bell-LaPadula Only the Bell-LaPadula model addresses data confidentiality. The Biba and Clark-Wilson models address data integrity. The Brewer and Nash model prevents conflicts of interest.
What type of electrical component serves as the primary building block for dynamic RAM chips? A. Capacitor B. Resistor C. Flip-flop D. Transistor
A. Capacitor Dynamic RAM chips are built from a large number of capacitors, each of which holds a single electrical charge. These capacitors must be continually refreshed by the CPU in order to retain their contents. The data stored in the chip is lost when power is removed.
To be secure, the kernel must meet these three basic conditions:
A. Completeness: all accesses to information must go through the kernel B. Isolation: the kernel itself must be protected from any type of unauthorized access C. Verifiability: The kernel must be proven to meet design specifications
What type of federal government computing system requires that all individuals accessing the system have a need to know all of the information processed by that system? A. Dedicated B. System high C. Compartmented D. Multilevel
A. Dedicated
What is system accreditation? A. Formal acceptance of a stated system configuration B. A functional evaluation of the manufacturer's goals for each hardware and software component to meet integration standards C. Acceptance of test results that prove the computer system enforces the security policy D. The process to specify secure communication between machines
A. Formal acceptance of a stated system configuration
Which security principle takes the concept of process isolation and implements it using physical controls? A. Hardware segmentation B. Data hiding C. Layering D. Abstraction
A. Hardware segmentation
You are the IT security manager for a retail merchant organization that is just going online with an e-commerce website. You hired several programmers to craft the code that is the backbone of your new web sales system. However, you are concerned that while the new code functions well, it might not be secure. You begin to review the code, the systems design, and the services architecture to track down issues and concerns. Which of the following do you hope to find in order to prevent or protect against XSS? (Choose all that apply.) A. Input validation B. Defensive coding C. Allowing script input D. Escaping metacharacters
A. Input validation B. Defensive coding D. Escaping metacharacters
Which of the following does not need to be true in order to maintain the most efficient and secure server room? A. It must be human compatible. B. It must include the use of nonwater fire suppressants. C. The humidity must be kept between 40 and 60 percent. D. The temperature must be kept between 60 and 75 degrees Fahrenheit.
A. It must be human compatible.
John recently received an email message from Bill. What cryptographic goal would need to be met to convince John that Bill was actually the sender of the message? A. Nonrepudiation B. Confidentiality C. Availability D. Integrity
A. Nonrepudiation
Which one of the following cannot be achieved by a secret key cryptosystem? A. Nonrepudiation B. Confidentiality C. Authentication D. Key distribution
A. Nonrepudiation
What is the minimum number of cryptographic keys required for secure two-way communications in symmetric key cryptography? A. One B. Two C. Three D. Four
A. One
You have three applications running on a single-core single-processor system that supports multitasking. One of those applications is a word processing program that is managing two threads simultaneously. The other two applications are using only one thread of execution. How many application threads are running on the processor at any given time? A. One B. Two C. Three D. Four
A. One A single-processor system can operate on only one thread at a time. There would be a total of four application threads (ignoring any threads created by the operating system), but the operating system would be responsible for deciding which single thread is running on the processor at any given time.
Which of the following is the most important aspect of security? A. Physical security B. Intrusion detection C. Logical security D. Awareness training
A. Physical security
Which of the following is not a typical type of alarm that can be triggered for physical security? A. Preventive B. Deterrent C. Repellant D. Notification
A. Preventive There is no such thing as a preventive alarm. Alarms are always triggered in response to a detected intrusion or attack.
Which of the following tools can be used to improve the effectiveness of a brute-force password cracking attack? A. Rainbow tables B. Hierarchical screening C. TKIP D. Random enhancement
A. Rainbow tables Rainbow tables contain precomputed hash values for commonly used passwords and may be used to increase the efficiency of password cracking attacks.
Which of the following is not a disadvantage of using security guards? A. Security guards are usually unaware of the scope of the operations within a facility. B. Not all environments and facilities support security guards. C. Not all security guards are themselves reliable. D. Prescreening, bonding, and training do not guarantee effective and reliable security guards.
A. Security guards are usually unaware of the scope of the operations within a facility.
What encryption technique does WPA use to protect wireless communications? A. TKIP B. DES C. 3DES D. AES
A. TKIP WiFi Protected Access (WPA) uses the Temporal Key Integrity Protocol (TKIP) to protect wireless communications. WPA2 uses AES encryption.
What is a security perimeter? (Choose all that apply.) A. The boundary of the physically secure area surrounding your system B. The imaginary boundary that separates the TCB from the rest of the system C. The network where your firewall resides D. Any connections to your computer system
A. The boundary of the physically secure area surrounding your system B. The imaginary boundary that separates the TCB from the rest of the system
A Type B fire extinguisher may use all except which of the following suppression mediums? A. Water B. CO2 C. Halon or an acceptable halon substitute D. Soda acid
A. Water Water is never the suppression medium in Type B fire extinguishers because they are used on liquid fires.
examples or protocols of local caches
ARP or DNS
What is database aggregation
Ability to combine non sensitive data from separate sources to create sensitive information. recipe - taking salt and water to create something sensitive.
Explain multilevel lattice models
According t this type of model, the clearance of the subject is compared with the classification of the data to determine access. They will also look at the what they subject is trying to do to determine whether access should be allowed.
Security Controls implemented to manage Facilities security can be divided into what three groups? Intrusion detection, access controls, and alarms Detective, Deterrent, and Delay controls Administrative, Technical, and Physical Infrastructure, secure architecture, and physical access
Administrative, Technical, and Physical
AES
Advanced Encryption Standard derived from Rijndael algorithm 128 | 192 | 256 bit options 128 bit block
Birthday Attacks
Against hashed passwords - reverse hash matching using a rainbow table
Inference and __________ are methods which involve using lower level access to learn restricted information. Aggregation Detection Collection Non-repudiation
Aggregation
Information flow models do not allow information to flow in a way that puts the system in danger. Select the following true statements about information flow models Bell LaPadula is an information flow model Biba is an information flow model All statements are True Information flow models ensure safety by ensuring no covert channels exist in the code
All statements are True
The Biba model implements security policies that support integrity, while the Bell-LaPadula model implements confidentiality. The Clark-Wilson Model addresses the following goals: Enforced separation of duties Access triple because subjects can access objects only through authorized programs Auditing requirements All the above
All the above
Elliptic Curve Cryptography (ECC)
An algorithm that uses elliptic curves instead of prime numbers to compute keys. harder to solve than RSA
Cryptographic attacks
Analytic Attack Implementation Attack Statistical Attack Brute Force Attack
approaches to secure mobile devices are:
Around phones, tablets and laptops Full device encryption remote wiping lockout screen locks GPS Application Controls Storage Segmentation Asset Tracking / Inventory Control MDM Device based Access Control removable storage disable unused features / device hardening
Explain how cryptosystems can be used to achieve authentication goals
Authentication provides assurances as to the identity of a user. One possible scheme that uses authentication is the challenge response protocol, in which the remote user is asked to encrypt a message using a key known only to the communicating parties. Authentication can be achieved with both symmetric and asymmetric cryptosystems.
A coworker was frying chicken in the datacenter and caused a grease fire. Which fire extinguisher type should be used to put out the fire? K A D C B
B
What is the output value of the mathematical function 16 mod 3? A. 0 B. 1 C. 3 D. 5
B. 1 Option B is correct because 16 divided by 3 equals 5, with a remainder value of 1.
How many encryption keys are required to fully implement an asymmetric algorithm with 10 participants? A. 10 B. 20 C. 45 D. 100
B. 20 In an asymmetric algorithm, each participant requires two keys: a public key and a private key.
What is the ideal humidity range for a computer room? A. 20-40 percent B. 40-60 percent C. 60-75 percent D. 80-95 percent
B. 40-60 percent The humidity in a computer room should ideally be from 40 to 60 percent.
What block size is used by the 3DES encryption algorithm? A. 32 bits B. 64 bits C. 128 bits D. 256 bits
B. 64 bits
What does IPsec define? A. All possible security classifications for a specific configuration B. A framework for setting up a secure communication channel C. The valid transition states in the Biba model D. TCSEC security categories
B. A framework for setting up a secure communication channel
What is the best definition of a security model? A. A security model states policies an organization must follow. B. A security model provides a framework to implement a security policy. C. A security model is a technical evaluation of each part of a computer system to assess its concordance with security standards. D. A security model is the process of formal acceptance of a certified configuration.
B. A security model provides a framework to implement a security policy.
What is system certification? A. Formal acceptance of a stated system configuration B. A technical evaluation of each part of a computer system to assess its compliance with security standards C. A functional evaluation of the manufacturer's goals for each hardware and software component to meet integration standards D. A manufacturer's certificate stating that all components were installed and configured correctly
B. A technical evaluation of each part of a computer system to assess its compliance with security standards
What security method, mechanism, or model reveals a capabilities list of a subject across multiple objects? A. Separation of duties B. Access control matrix C. Biba D. Clark-Wilson
B. Access control matrix An access control matrix assembles ACLs from multiple objects into a single table. The rows of that table are the ACEs of a subject across those objects, thus a capabilities list.
What method can be used to map out the needs of an organization for a new facility? A. Log file audit B. Critical path analysis C. Risk analysis D. Inventory
B. Critical path analysis Critical path analysis can be used to map out the needs of an organization for a new facility. A critical path analysis is the process of identifying relationships between missioncritical applications, processes, and operations and all of the supporting elements.
Which cryptographic algorithm forms the basis of the El Gamal cryptosystem? A. RSA B. Diffie-Hellman C. 3DES D. IDEA
B. Diffie-Hellman
What type of memory device is usually used to contain a computer's motherboard BIOS? A. PROM B. EEPROM C. ROM D. EPROM
B. EEPROM BIOS and device firmware are often stored on EEPROM chips to facilitate future firmware updates.
No matter what form of physical access control is used, a security guard or other monitoring system must be deployed to prevent all but which of the following? A. Piggybacking B. Espionage C. Masquerading D. Abuse
B. Espionage No matter what form of physical access control is used, a security guard or other monitoring system must be deployed to prevent abuse, masquerading, and piggybacking. Espionage cannot be prevented by physical access controls.
What cryptosystem provides the encryption/decryption technology for the commercial version of Phil Zimmerman's Pretty Good Privacy secure email system? A. ROT13 B. IDEA C. ECC D. El Gamal
B. IDEA Pretty Good Privacy uses a "web of trust" system of digital signature verification. The encryption technology is based on the IDEA private key cryptosystem.
What is the major disadvantage of using certificate revocation lists? A. Key management B. Latency C. Record keeping D. Vulnerability to brute-force attacks
B. Latency Certificate revocation lists (CRLs) introduce an inherent latency to the certificate expiration process due to the time lag between CRL distributions.
Dave is developing a key escrow system that requires multiple people to retrieve a key but does not depend on every participant being present. What type of technique is he using? A. Split knowledge B. M of N Control C. Work function D. Zero-knowledge proof
B. M of N Control M of N Control requires that a minimum number of agents (M) out of the total number of agents (N) work together to perform high-security tasks.
What is the most effective means of reducing the risk of losing the data on a mobile device, such as a notebook computer? A. Defining a strong logon password B. Minimizing sensitive data stored on the mobile device C. Using a cable lock D. Encrypting the hard drive
B. Minimizing sensitive data stored on the mobile device
What technology provides an organization with the best control over BYOD equipment? A. Application whitelisting B. Mobile device management C. Encrypted removable storage D. Geotagging
B. Mobile device management
What is the most common cause of failure for a water-based fire suppression system? A. Water shortage B. People C. Ionization detectors D. Placement of detectors in drop ceilings
B. People
What is the implied meaning of the simple property of Biba? A. Write down B. Read up C. No write up D. No read down
B. Read up The simple property of Biba is no read down, but it implies that it is acceptable to read up.
Richard wants to digitally sign a message he's sending to Sue so that Sue can be sure the message came from him without modification while in transit. Which key should he use to encrypt the message digest? A. Richard's public key B. Richard's private key C. Sue's public key D. Sue's private key
B. Richard's private key Richard should encrypt the message digest with his own private key. When Sue receives the message, she will decrypt the digest with Richard's public key and then compute the digest herself. If the two digests match, she can be assured that the message truly originated from Richard.
Richard received an encrypted message sent to him from Sue. Which key should he use to decrypt the message? A. Richard's public key B. Richard's private key C. Sue's public key D. Sue's private key
B. Richard's private key Sue would have encrypted the message using Richard's public key. Therefore, Richard needs to use the complementary key in the key pair, his private key, to decrypt the message.
What type of cryptosystem commonly makes use of a passage from a well-known book for the encryption key? A. Vernam cipher B. Running key cipher C. Skipjack cipher D. Twofish cipher
B. Running key cipher
For what type of information system security accreditation are the applications and systems at a specific, self-contained location evaluated? A. System accreditation B. Site accreditation C. Application accreditation D. Type accreditation
B. Site accreditation
Which of the following statements are not true in regards to static electricity? A. Electrostatic discharge can damage most computing components. B. Static charge accumulation is more prevalent when there is high humidity. C. Static discharge from a person to a metal object can be over 1,000 volts. D. Static electricity is not managed by the deployment of a UPS.
B. Static charge accumulation is more prevalent when there is high humidity. Static charge accumulation is more prevalent when there is low humidity. High humidity is the cause of condensation, not static charge accumulation.
In which of the following security modes can you be assured that all users have access permissions for all information processed by the system but will not necessarily need to know of all that information? A. Dedicated B. System high C. Compartmented D. Multilevel
B. System high In system high mode, all users have appropriate clearances and access permissions for all information processed by the system but need to know only some of the information processed by that system.
What type of cipher relies on changing the location of characters within a message to achieve confidentiality? A. Stream cipher B. Transposition cipher C. Block cipher D. Substitution cipher
B. Transposition cipher Transposition ciphers use a variety of techniques to reorder the characters within a message.
Which AES finalist makes use of prewhitening and postwhitening techniques? A. Rijndael B. Twofish C. Blowfish D. Skipjack
B. Twofish
What infrastructure component is often located in the same position across multiple floors in order to provide a convenient means of linking floor-based networks together? A. Server room B. Wiring closet C. Datacenter D. Media cabinets
B. Wiring closet
Which International Telecommunications Union (ITU) standard governs the creation and endorsement of digital certificates for secure electronic communication? A. X.500 B. X.509 C. X.900 D. X.905
B. X.509 X.509 governs digital certificates and the public-key infrastructure (PKI). It defines the appropriate content for a digital certificate and the processes used by certificate authorities to generate and revoke certificates.
Skipjack
Block Cipher Uses 64 bit blocks to encrypt like DES 80 bit key
Blowfish
Block Cipher uses 64 bits blocks to encrypt like DES variable key from 32 bits to 448 bits
Which of the following is true of the Bell LaPadula and Biba access control models? Neither are State Machine Models Bell LaPadula is a State Machine Model Biba is a State Machine Model Both are State Machine Models
Both are State Machine Models
A covert channel is ____ a way for an entity to receive the information in an unauthorized manner classified into two types Covert Storage Channel and Covert Timing Channel Both of the above Neither of the above
Both of the above
Explain common cryptographic attacks
Brute force attacks are attempts to randomly find the correct cryptographic key. Known plaintext, chosen ciphertext and chosen plaintext attacks require the attacker to have some extra information in addition to the ciphertext. The meet in the middle attack exploits protocols that are use two rounds of encryptions. The man in the middle attacks fools both parties into communication with the attacker instead of directly with each other. Birthday attack is an attempt to find collisions in hash functions. Replay attack is an attempt to reuse authentication requests.
What block size is used by the Advanced Encryption Standard? A. 32 bits B. 64 bits C. 128 bits D. Variable
C. 128 bits
How many possible keys exist in a 4-bit key space? A. 4 B. 8 C. 16 D. 128
C. 16 To determine the number of keys in a key space, raise 2 to the power of the number of bits in the key space. In this example, 24 = 16.
If a 2,048-bit plaintext message were encrypted with the El Gamal public key cryptosystem, how long would the resulting ciphertext message be? A. 1,024 bits B. 2,048 bits C. 4,096 bits D. 8,192 bits
C. 4,096 bits The major disadvantage of the El Gamal cryptosystem is that it doubles the length of any message it encrypts. Therefore, a 2,048-bit plain-text message would yield a 4,096-bit ciphertext message when El Gamal is used for the encryption process.
What TCP/IP communications port is used by Transport Layer Security traffic? A. 80 B. 220 C. 443 D. 559
C. 443
How many keys are required to fully implement a symmetric algorithm with 10 participants? A. 10 B. 20 C. 45 D. 100
C. 45 The number of keys required for a symmetric algorithm is dictated by the formula (n*(n-1))/2, which in this case, where n = 10, is 45.
Which best describes a confined or constrained process? A. A process that can run only for a limited time B. A process that can run only during certain times of the day C. A process that can access only certain memory locations D. A process that controls access to an object
C. A process that can access only certain memory locations
What is a closed system? A. A system designed around final, or closed, standards B. A system that includes industry standards C. A proprietary system that uses unpublished protocols D. Any machine that does not run Windows
C. A proprietary system that uses unpublished protocols A closed system is one that uses largely proprietary or unpublished protocols and standards. Options A and D do not describe any particular systems, and Option B describes an open system.
Which one of the following cipher types operates on large pieces of a message rather than individual characters or bits of a message? A. Stream cipher B. Caesar cipher C. Block cipher D. ROT3 cipher
C. Block cipher
Which of the following links would be protected by WPA encryption? A. Firewall to firewall B. Router to firewall C. Client to wireless access point D. Wireless access point to router
C. Client to wireless access point
What is a security risk of an embedded system that is not commonly found in a standard PC? A. Software flaws B. Access to the internet C. Control of a mechanism in the physical world D. Power loss
C. Control of a mechanism in the physical world
Which one of the following algorithms is not supported by the Digital Signature Standard? A. Digital Signature Algorithm B. RSA C. El Gamal DSA D. Elliptic Curve DSA
C. El Gamal DSA
How many major categories do the TCSEC criteria define? A. Two B. Three C. Four D. Five
C. Four TCSEC defines four major categories: Category A is verified protection, Category B is mandatory protection, Category C is discretionary protection, and Category D is minimal protection.
What kind of attack makes the Caesar cipher virtually unusable? A. Meet-in-the-middle attack B. Escrow attack C. Frequency analysis attack D. Transposition attack
C. Frequency analysis attack The Caesar cipher (and other simple substitution ciphers) are vulnerable to frequency analysis attacks that analyze the rate at which specific letters appear in the ciphertext.
Which of the following is not a typical security measure implemented in relation to a media storage facility containing reusable removable media? A. Employing a librarian or custodian B. Using a check-in/check-out process C. Hashing D. Using sanitization tools on returned media
C. Hashing Hashing is not a typical security measure implemented in relation to a media storage facility containing reusable removable media. Hashing is used when it is necessary to verify the integrity of a dataset, while data on reusable removable media should be removed and not retained. Usually the security features for a media storage facility include using a librarian or custodian, using a check-in/check-out process, and using sanitization tools on returned media.
What is the most important goal of all security solutions? A. Prevention of disclosure B. Maintaining integrity C. Human safety D. Sustaining availability
C. Human safety
Many cryptographic algorithms rely on the difficulty of factoring the product of large prime numbers. What characteristic of this problem are they relying on? A. It contains diffusion. B. It contains confusion. C. It is a one-way function. D. It complies with Kerchoff's principle.
C. It is a one-way function. A one-way function is a mathematical operation that easily produces output values for each possible combination of inputs but makes it impossible to retrieve the input values.
What is the most common and inexpensive form of physical access control device? A. Lighting B. Security guard C. Key locks D. Fences
C. Key locks
Which of the following is a double set of doors that is often protected by a guard and is used to contain a subject until their identity and authentication are verified? A. Gate B. Turnstile C. Mantrap D. Proximity detector
C. Mantrap
What type of cryptographic attack rendered Double DES (2DES) no more effective than standard DES encryption? A. Birthday attack B. Chosen ciphertext attack C. Meet-in-the-middle attack D. Man-in-the-middle attack
C. Meet-in-the-middle attack The meet-in-the-middle attack demonstrated that it took relatively the same amount of computation power to defeat 2DES as it does to defeat standard DES. This led to the adoption of Triple DES (3DES) as a standard for government communication.
Many PC operating systems provide functionality that enables them to support the simultaneous execution of multiple applications on single-processor systems. What term is used to describe this capability? A. Multiprogramming B. Multithreading C. Multitasking D. Multiprocessing
C. Multitasking
Which Bell-LaPadula property keeps lower-level subjects from accessing objects with a higher security level? A. (star) Security Property B. No write up property C. No read up property D. No read down property
C. No read up property The no read up property, also called the Simple Security Policy, prohibits subjects from reading a higher security level object.
The most commonly overlooked aspect of mobile phone eavesdropping is related to which of the following? A. Storage device encryption B. Screen locks C. Overhearing conversations D. Wireless networking
C. Overhearing conversations
What is the best type of water-based fire suppression system for a computer facility? A. Wet pipe system B. Dry pipe system C. Preaction system D. Deluge system
C. Preaction system A preaction system is the best type of water-based fire suppression system for a computer facility.
What security principle helps prevent users from accessing memory spaces assigned to applications being run by other users? A. Separation of privilege B. Layering C. Process isolation D. Least privilege
C. Process isolation
Which of the following is not part of the access control relationship of the Clark-Wilson model? A. Object B. Interface C. Programming language D. Subject
C. Programming language The three parts of the Clark-Wilson model's access control relationship (a.k.a. access triple) are subject, object, and program (or interface)
What part of the TCB concept validates access to every resource prior to granting the requested access? A. TCB partition B. Trusted library C. Reference monitor D. Security kernel
C. Reference monitor The reference monitor validates access to every resource prior to granting the requested access. Option D, the security kernel, is the collection of TCB components that work together to implement the reference monitor functions. In other words, the security kernel is the implementation of the reference monitor concept. Options A and B are not valid TCB concept components.
What type of memory is directly available to the CPU and is often part of the CPU? A. RAM B. ROM C. Register memory D. Virtual memory
C. Register memory Registers are small memory locations that are located directly on the CPU chip itself. The data stored within them is directly available to the CPU and can be accessed extremely quickly.
Which one of the following storage devices is most likely to require encryption technology in order to maintain data security in a networked environment? A. Hard disk B. Backup tape C. Removable drives D. RAM
C. Removable drives
Which one of the following types of memory might retain information after being removed from a computer and, therefore, represent a security risk? A. Static RAM B. Dynamic RAM C. Secondary memory D. Real memory
C. Secondary memory Secondary memory is a term used to describe magnetic, optical, or flash media. These devices will retain their contents after being removed from the computer and may later be read by another user.
If Richard wants to send an encrypted message to Sue using a public key cryptosystem, which key does he use to encrypt the message? A. Richard's public key B. Richard's private key C. Sue's public key D. Sue's private key
C. Sue's public key Richard must encrypt the message using Sue's public key so that Sue can decrypt it using her private key. If he encrypted the message with his own public key, the recipient would need to know Richard's private key to decrypt the message. If he encrypted it with his own private key, any user could decrypt the message using Richard's freely available public key. Richard could not encrypt the message using Sue's private key because he does not have access to it. If he did, any user could decrypt it using Sue's freely available public key.
What is a trusted computing base (TCB)? A. Hosts on your network that support secure transmissions B. The operating system kernel and device drivers C. The combination of hardware, software, and controls that work together to enforce a security policy D. The software and controls that certify a security policy
C. The combination of hardware, software, and controls that work together to enforce a security policy
What security model has a feature that in theory has one name or label, but when implemented into a solution, takes on the name or label of the security kernel? A. Graham-Denning model B. Deployment modes C. Trusted computing base D. Chinese Wall
C. Trusted computing base The trusted computing base (TCB) has a component known as the reference monitor in theory, which becomes the security kernel in implementation.
Which one of the following technologies is considered flawed and should no longer be used? A. SHA-3 B. PGP C. WEP D. TLS
C. WEP
In a relational database, which term is used as another name for the degree of relationship in a database? Cardinality Domain Relation Schema
Cardinality
Which of the following is NOT a common mobile device attack target? Cardholder Data Personal Data Carrier Data User Credentials
Carrier Data
LEAP
Cisco proprietary to EAP WPA and WPA2
This model focuses on integrity at the transaction level and addresses three major goals of integrity in a commercial environment. Biba Lipner Bell - LaPadula Clark - Wilson
Clark - Wilson
Which of the following models uses separation of duties to prevent authorized users from making changes that are not desirable? Biba Model Graham-Denning Model Clark-Wilson Model Brewer-Nash Model
Clark-Wilson Model
Explain the difference between a code and a cipher and explain the basic types of ciphers.
Codes are cryptographic systems of symbols that operating on words or phrases and are sometimes secrete but don't always provide confidentiality. Ciphers, however are always meant to hide the true meaning of a message. Know how the following type of ciphers work: transposition ciphers substitution ciphers (including one time pads) stream ciphers block ciphers
4 goals of cryptography are
Confidentiality Integrity Availability Nonrepudiation
Explain the role that confidentiality, integrity and nonrepudiation play in cryptosystems.
Confidentiality is one of the major goals of cryptography. It protects the secrecy of data while it is both at rest and in transit. Integrity provides the recipient of a message with the assurance that data was not altered (intentionally or unintentionally) between the time it was create and the time it was accessed. Nonrepudiation provides undeniable proof that the sender of a message actually authored it. It prevents the sender from subsequently denying that they sent the original message.
Bell-LaPadula Security Model
Confidentiality of Data ONLY - NO READ UP - NO WRITE DOWN
explain confinement, bounds and isolation
Confinement restricts a process to reading from and writing to certain memory locations. Bounds are the limits of memory a process cannot exceed when reading or wiring. Isolation is the mode a process runs in when it is confined through the use of memory bounds.
Explain web cookies
Cookies are used to track users access to web sites and placed on a users machine by the web server that they are communicating with - this can be used by malicious sites to gain access to the type of sites that the user is visiting or to attempt to steal there credentials or other data
An information flow model does not allow information to flow in a way to place the IT system in danger. One way of accomplishing this is to ensure __________ do not exist in the code
Covert Channels
In what type of web attack does an attacker trick a user into processing a malicious URL? Cross site scripting SQL Injection Cross site request forgery Buffer overflow
Cross site request forgery
XSS
Cross-site scripting. It scripting allows an attacker to redirect users to malicious websites and steal cookies. E-mail can include an embedded HTML image object or a JavaScript image tag as part of a malicious cross-site scripting attack. Websites prevent cross-site scripting attacks with input validation to detect and block input that include HTML and JavaScript tags. Many sites prevent the use of < and > characters to block cross-site scripting.
In a SaaS engagement who is responsible for data recovery Customer Organization and Cloud Service Provider Cloud Service Provider Customer Organization Cloud Administrato
Customer Organization and Cloud Service Provider