〇：OCSP is a protocol developed specifically to check CRLs during the certificate validation process.

A Certificate Authority (CA) is responsible for creating certificates, maintaining and distributing them, and revoking them when necessary. Revocation is handled by the CA and the revoked certificate information is stored in a Certificate Revocation List (CRL). This is a list of all revoked certificates. This list is maintained and updated periodically. A certificate is revoked if the key owner’s private key has been compromised, if the CA has been compromised, or if the certificate is incorrect. If a certificate is revoked for any reason, the CRL is a mechanism for others to inform you of this information. The Online Certificate Status Protocol (OCSP) uses this CRL; when using CRLs, the user’s browser must examine the CRL value to the client to see if the accreditation has been revoked or the CA is constantly checking to make sure they have an updated CRL. If OCSP is implemented, it will do this automatically in the background. It performs real-time verification of the certificate and reports back to the user whether the certificate is valid, invalid, or unknown.

×：CRL was developed as a more efficient approach to OCSP.

CRLs are often incorrect because they are a cumbersome approach; OCSP is used to deal with this tediousness; OCSP does this work in the background when using CRLs; OCSP checks the CRL to see if the certificate has been revoked by Checks.

×：OCSP is a protocol for submitting revoked certificates to CRLs.

OCSP is incorrect because it does not submit revoked certificates to the CRL; the CA is responsible for certificate creation, distribution, and maintenance.

×：CRL provides real-time validation of certificates and reports to OCSP.

Incorrect because CRL does not provide real-time validation of certificates to OCSP.

〇：Increased Processing Power

The increased processing power of personal computers and servers has increased the probability of successful brute force and cracking attacks against security mechanisms that were not feasible a few years ago. Today’s processors can execute an incredible number of instructions per second. These instructions can be used to break passwords, encryption keys, or direct malicious packets to be sent to the victim’s system.

×：Increased circuitry, cache memory, and multiprogramming

This is incorrect because an increase does not make a particular type of attack more powerful. Multiprogramming means loading multiple programs or processes into memory at the same time. It allows antivirus software, word processors, firewalls, and e-mail clients to run simultaneously. Cache memory is a type of memory used for fast write and read operations. If the system expects that the program logic will need to access certain information many times during processing, the information is stored in cache memory for easy and quick access.

×：Dual-mode computation

The answer is not specific and does not measure conformance to the problem. When examining microprocessor advances, there is no actual dual-mode calculation.

×：Direct Memory Access I/O

Incorrect because this method transfers instructions and data between I/O (input/output) devices and the system’s memory without using the CPU. Direct Memory Access I/O significantly increases data transfer speed.

〇：Public key infrastructure is a mechanism configuration for public key cryptographic distribution, and public key cryptography is another name for asymmetric encryption.

Public key cryptography is asymmetric cryptography. The terms are used interchangeably. Public key cryptography is a concept within the Public Key Infrastructure (PKI), which consists of various parts such as Certificate Authorities, Registration Authorities, certificates, keys, programs, and users. Public Key Infrastructure is used to identify and create users, distribute and maintain certificates, revoke and distribute certificates, maintain encryption keys, and for the purpose of encrypted communication and authentication.

×：Public key infrastructure uses symmetric algorithms and public key cryptography uses asymmetric algorithms.

This is incorrect because the public key infrastructure uses a hybrid system of symmetric and asymmetric key algorithms and methods. Public key cryptography is to use asymmetric algorithms. Therefore, asymmetric and public key cryptography are interchangeable, meaning they are the same. Examples of asymmetric algorithms are RSA, elliptic curve cryptography (ECC), Diffie-Hellman, and El Gamal.

×：Public key infrastructure is used to perform key exchange, while public key cryptography is used to create public/private key pairs.

This is incorrect because public key cryptography is the use of asymmetric algorithms used to create public/private key pairs, perform key exchange, and generate and verify digital signatures.

×：Public key infrastructure provides confidentiality and integrity, while public key cryptography provides authentication and non-repudiation.

Incorrect because the public key infrastructure itself does not provide authentication, non-repudiation, confidentiality, or integrity.

Cryptographic algorithms refer to the calculations to be encrypted, and even if the cryptographic algorithms were publicly available, it would take an enormous amount of effort to decipher them. cryptographic algorithms that provide modern cryptography, such as AES, are publicly available. On the other hand, in-house development is not recommended because, although it has the security of concealment, it requires a great deal of resources to be allocated.

〇：Zero Knowledge Proof

Zero Knowledge Proof means that someone can tell you something without telling you more information than you need to know. In cryptography, it means proving that you have a certain key without sharing that key or showing it to anyone. Zero knowledge proof (usually mathematical) is an interactive way for one party to prove to another that something is true without revealing anything sensitive.

×：Key Clustering

Key clustering is the phenomenon of encrypting the same plaintext with different keys, but with the same ciphertext.

×：Avoiding Birthday Attacks

An attacker can attempt to force a collision, called a birthday attack. This attack is based on the mathematical birthday paradox present in standard statistics. This is a cryptographic attack that uses probability theory to exploit the mathematics behind the birthday problem.

×：Provides data confidentiality

Provided via encryption when data is encrypted with a key, which is incorrect.

〇：The most common method used is to change the most significant bit.

Steganography is a method of hiding data in other media types. One of the most common ways to embed messages in some types of media is using the least significant bit (LSB). This is because many types of files are modified and this is where sensitive data can be made visible and hidden without modifying the file. the LSB approach has been successful in hiding information within the graphics of high-resolution or sound-heavy audio files (high bit rate).

×：Hiding by abstraction.

Steganography is incorrect because it is concealment by abstraction. Security by obscurity means that someone uses secrecy as a way to protect an asset, rather than actually using the measure to secure something.

×：Just as encryption does, steganography is not a front for the existence of the sensitive data itself.

It is true that steganography does not draw attention to itself as does encryption. In other words, it is concealment by abstraction.

×：Media files are ideal for steganographic transmissions that are large in size.

This is incorrect because it is true that larger media files are ideal for steganographic transmissions because everyone needs to privately use multiple bits to manipulate with low likelihood of noticing.

〇：Operating system patching is easier.

This is an incorrect choice question. Virtualization does not simplify operating system patching. In fact, it complicates it by adding at least one additional operating system. Each operating system differs from the typical version configuration, adding to the complexity of patching. The server’s own operating system runs as a guest within the host environment. In addition to patching and maintaining the traditional server operating system, the virtualization software itself must be patched and maintained.

For this question, we do not require an understanding of all the technical systems of virtualization. What is required here is a selection of answers based on a process of elimination.

×：I can build a secure computing platform.

Building a secure computing platform may not be a feature of virtualization per se. However, can we build a secure environment? This is not a false choice because it cannot be ruled out.

×：It can provide fault and error containment.

Virtualization can be host independent. In terms of containment, it can be interpreted as being able to provide fault and error containment through independence from physical servers. Therefore, it cannot be denied and is therefore not an incorrect choice.

×：It can provide powerful debugging capabilities.

Virtualization can reproduce a unique environment, not just put up a clean virtual host. Therefore, it is undeniable and therefore out of the wrong choice.

Compromise is when what used to be secure encryption becomes insecure due to the evolution of computers. Cryptography is based on the sharing of a single answer, a key, among those communicating. The key is generated by computer calculations, and a third party must solve a difficult problem that would take several years to derive. However, as the computational power of computers has evolved, it is now possible to solve difficult problems that could not be solved before. In this case, encryption is meaningless. This is the compromise caused by evolution. Therefore, the correct answer is “Compromise.

〇：Run an algorithm that identifies unused committed memory and informs the operating system that memory is available.

This answer describes the function of the garbage collector, not the memory manager. The garbage collector is a countermeasure against memory leaks. It is software that runs an algorithm to identify unused committed memory and tells the operating system to mark that memory as “available. Different types of garbage collectors work with different operating systems, programming languages, and algorithms.

In some cases, a four-choice question can be answered without knowing the exact answer; since there is only one correct answer in a four-choice question, the answers can be grouped together to reduce it to “since they are saying the same thing, it is not right that only one of them is correct, therefore they are both wrong.

There are two answers to the effect of controlling the process to handle memory appropriately, but if the memory manager does not have that functionality, both would be correct, and therefore can be eliminated from the choices in the first place.

×：If processes need to use the same shared memory segment, use complex controls to guarantee integrity and confidentiality.

If processes need to use the same shared memory segment, the memory manager uses complex controls to ensure integrity and confidentiality. This is important to protect memory and the data in it, since two or more processes can share access to the same segment with potentially different access rights. The memory manager also allows many users with different levels of access rights to interact with the same application running on a single memory segment.

×：Restrict processes to interact only with the memory segments allocated to them.

The memory manager is responsible for limiting the interaction of processes to only those memory segments allocated to them. This responsibility falls under the protection category and helps prevent processes from accessing segments to which they are not allowed. Another protection responsibility of the memory manager is to provide access control to memory segments.

×：Swap contents from RAM to hard drive as needed.

This is incorrect because swapping contents from RAM to hard drive as needed is the role of memory managers in the relocation category. When RAM and secondary storage are combined, they become virtual memory. The system uses the hard drive space to extend the RAM memory space. Another relocation responsibility is to provide pointers for applications when instructions and memory segments are moved to another location in main memory.

〇：All failed access attempts should be logged and reviewed.

The physical access control system may use software and auditing capabilities to generate an audit trail or access log associated with access attempts. The date and time of the entry point when access was attempted, the user ID used when access was attempted, and any failed access attempts, among others, should be recorded.

×：Failed access attempts are recorded and only security personnel are entitled to review them.

Unless someone actually reviews them, the access logs are as useless as the audit logs generated by the computer. Security guards should review these logs, but security professionals and facility managers should review these logs on a regular basis. The administrator must know the existence and location of entry points into the facility.

×：Only successful access attempts should be logged and reviewed.

Wrong, as unsuccessful access attempts should be logged and reviewed. Audit should be able to alert you to suspicious activity even though you are denying an entity access to a network, computer, or location.

×：Failed access attempts outside of business hours should be logged and reviewed.

Incorrect, as all unauthorized access attempts should be logged and reviewed regardless. Unauthorized access can occur at any time.

〇：A virtual firewall in bridge mode allows the firewall to monitor individual traffic links, while a firewall integrated into the hypervisor can monitor all activity taking place within the host system.

Virtual firewalls can be bridge-mode products that monitor individual communication links between virtual machines. They can also be integrated within a hypervisor in a virtual environment. The hypervisor is the software component that manages the virtual machines and monitors the execution of guest system software. When a firewall is embedded within the hypervisor, it can monitor all activities that occur within the host system.

×：A virtual firewall in bridge mode allows the firewall to monitor individual network links, while a firewall integrated into the hypervisor can monitor all activities taking place within the guest system.

A virtual firewall in bridge mode is incorrect because the firewall can monitor individual traffic links between hosts and not network links. Hypervisor integration allows the firewall to monitor all activities taking place within the guest system rather than the host system.

×：A virtual firewall in bridge mode allows the firewall to monitor individual traffic links, while a firewall integrated into the hypervisor can monitor all activities taking place within the guest system.

A virtual firewall in bridge mode is wrong because the firewall can monitor individual traffic links, and the hypervisor integration allows the firewall to monitor all activity taking place within the host system, but not the guest system. The hypervisor is the software component that manages the virtual machines and monitors the execution of the guest system software. A firewall, when embedded within the hypervisor, can monitor all activities taking place within the system.

×：A virtual firewall in bridge mode allows the firewall to monitor individual guest systems, while a firewall integrated into the hypervisor can monitor all activities taking place within the network system.

A virtual firewall in bridge mode allows the firewall to monitor individual traffic between guest systems, and a hypervisor integrated allows the firewall to monitor all activity taking place within the host system, not the network system, so Wrong.

〇：Execution Domain Switching

Execution domain switching occurs when the CPU needs to move between executing instructions for a more trusted process versus a less trusted process. Trusted Computing Base (TCB) allows processes to switch domains in a secure manner to access different levels of information based on sensitivity. Execution domain switching occurs when a process needs to invoke a process in a higher protection ring. The CPU executes the user-mode instruction back into privileged mode.

At first glance, this is a geeky problem that does not make sense. But don’t give up. Since there is no such thing as skipping, you can only get a right or wrong answer when the question is posed, so it is preferable to answer the question with some degree of prediction.

From this point on, let’s consider how to answer the questions. If you look at the question text and read it to the point where it reads, “You moved from one area to the other, and that was a security breach?” If you can read to that point, then you have two choices: deny or “stop the process,” or change or “switch the domain of execution. Next, the question text reads “if you need to access it,” which is asking how to accomplish this objective, not whether or not you should.

×：Execution of I/O operations

This is incorrect because input/output (I/O) operations are not initiated to ensure security when a process in one domain needs to access another domain in order to retrieve sensitive information. I/O operations are performed when input devices (such as a mouse or keyboard) and output devices (such as a monitor or printer, etc.) interact with an application or applications.

×：Stopping a Process

A process deactivation is one that occurs when a process instruction is fully executed by the CPU or when another process with a higher priority calls the CPU, which is incorrect. When a process is deactivated, new information about the new requesting process must be written to a register in the CPU. The TCB component must ensure that this is done, since the data replaced in the registers may be confidential.

×：Mapping from virtual memory to real memory

Incorrect because memory mapping occurs when a process needs its instructions and data processed by the CPU. The memory manager maps logical addresses to physical addresses so that the CPU knows where to place the data. This is the responsibility of the operating system’s memory manager.

〇：Keys will need to be distributed via a secure transmission channel.

For two users to exchange messages encrypted with a symmetric algorithm, they need to figure out how to distribute the key first. If the key is compromised, all messages encrypted with that key can be decrypted and read by an intruder. Simply sending the key in an email message is not secure because the key is not protected and can easily be intercepted and used by an attacker.

×：Computation is more intensive than in asymmetric systems.

That is incorrect because it describes the advantages of symmetric algorithms. Symmetric algorithms tend to be very fast because they are less computationally intensive than asymmetric algorithms. They can encrypt and decrypt relatively quickly large amounts of data that take an unacceptable amount of time to encrypt and decrypt with asymmetric algorithms.

×：Much faster operation than asymmetric systems

Symmetric algorithms are faster than asymmetric systems, but this is an advantage. Therefore, it is incorrect.

×：Mathematically intensive tasks must be performed

Asymmetric algorithms are wrong because they perform a mathematically intensive task. Symmetric algorithms, on the other hand, perform relatively simple mathematical functions on bits during the encryption and decryption process.

〇：The cloud provider is provided a platform as a service that provides a computing platform that may include an operating system, database, and web servers.

Cloud computing is a term used to describe the aggregation of network and server technologies, each virtualized, to provide customers with a specific computing environment that matches their needs. This centralized control provides end users with self-service, broad access across multiple devices, resource pooling, rapid elasticity, and service monitoring capabilities.

There are different types of cloud computing products: IaaS provides virtualized servers in the cloud; PaaS allows applications to be developed individually; SaaS allows service providers to deploy services with no development required and with a choice of functionality; and IaaS allows customers to choose the type of service they want to use. ” The term “PaaS” must fit the definition of “PaaS” because it requires that “the original application configuration remains the same”. Thus, the correct answer is, “The cloud provider provides a computing platform that may include an operating system, database, and web server, where the platform as a service is provided.” The following is the correct answer

×：The cloud provider is provided with an infrastructure as a service that provides a computing platform that can include an operating system, database, and web servers.

IaaS Description.

×：The cloud provider is provided with software services that provide an infrastructure environment similar to that of a traditional data center.

This is a description of the operational benefits of cloud computing. It is not a definition.

×：The cloud provider provides software as a service in a computing platform environment where application functionality is internalized.

SaaS Description.

〇：* (star) Integrity Property

The Biba model defines a model with completeness as having two axioms. The * (star) Integrity Property is that the subordinate’s document is to be seen and there is no Read Down. The * (star) Integrity Property is that there is no Write Up, that is, no rewriting of the supervisor’s document. If the Simple Integrity Axiom is not followed, the subordinate’s document will be seen and may absorb unclassified and incorrect information at a lower level. If the * (star) Integrity Property is not followed, a supervisor’s document will be rewritten, which will release incorrect information to the supervisor who sees it. Therefore, both are integrity conditions.

×：Simple Integrity Property

The Simple Integrity Property is a constraint on Read Down.

×：Strong Tranquillity Axiom

The Strong Tranquillity Axiom is the constraint not to change permissions while the system is running.

×：Weak Tranquillity Axiom

Weak Tranquillity Axiom means do not change privileges until the attribute is inconsistent.

〇：Multiple processes are using the same resources.

The system uses hard drive space (called swap space) that is reserved to expand RAM memory space. When the system fills up volatile memory space, data is written from memory to the hard drive. When a program requests access to this data, it is returned from the hard drive to memory in specific units called page frames. Accessing data stored on hard drive pages takes longer than accessing data stored in memory because it requires read/write access to the physical disk. A security issue with using virtual swap space is that two or more processes can use the same resources and corrupt or damage data.

×：Allowing cookies to remain persistent in memory

This is incorrect because virtual storage is not associated with cookies. Virtual storage uses hard drive space to extend RAM memory space. Cookies are small text files used primarily by web browsers. Cookies can contain credentials for web sites, site preferences, and shopping history. Cookies are also commonly used to maintain web server-based sessions.

×：Side-channel attacks are possible.

Side-channel attacks are incorrect because they are physical attacks. This type of attack gathers information about how a mechanism (e.g., smart card or encryption processor) works from abandoned radiation, time spent processing, power consumed to perform a task, etc. Using the information, reverse engineer the mechanism to reveal how it performs its security task. This is not related to virtual storage.

×：Two processes can perform a denial of service attack.

The biggest threat within a system where resources are shared between processes is that one process can adversely affect the resources of another process, since the operating system requires memory to be shared among all resources. This is especially true in the case of memory. It is possible for two processes to work together to perform a denial of service attack, but this is only one of the attacks that can be performed with or without the use of virtual storage.

〇：Data Encryption

The Advanced Encryption Standard (AES) is a data encryption standard developed to improve upon the previous de facto standard, Data Encryption Standard (DES). As a symmetric algorithm, AES is used to encrypt data. Therefore, the correct answer is “data encryption.

There are other situations where AES is used in the other choices, but encrypting data is the most focused or better answer. Thus, there are cases where all of the choices are correct.

×：Data integrity

This is a characteristic of digital signatures.

×：Key recovery

It is a property of decryption and key escrow.

×：Symmetric key distribution

Using symmetric keys for AES distribution lowers the key delivery problem.

〇：CA signs certificates.

A Certificate Authority (CA) is a trusted agency (or server) that maintains digital certificates. When a certificate is requested, the Registration Authority (RA) verifies the identity of the individual and passes the certificate request to the CA The CA creates the certificate, signs it, and maintains the certificate over its lifetime.

×：RA creates the certificate and CA signs it.

Incorrect because the RA does not create the certificate; the CA creates it and signs it; the RA performs authentication and registration tasks; establishes the RA, verifies the identity of the individual requesting the certificate, initiates the authentication process to the CA on behalf of the end user, and performs certificate life cycle RAs cannot issue certificates, but can act as a broker between the user and the CA When a user needs a new certificate, they make a request to the RA and the RA goes to the CA to verify all necessary identification before granting the request The RA verifies all necessary identification information before granting the request.

×：RA signs certificates.

The RA signs the certificate, which is incorrect because the RA does not sign the certificate; the CA signs the certificate; the RA verifies the user’s identifying information and then sends the certificate request to the CA.

×：The user signs the certificate.

Incorrect because the user has not signed the certificate; in a PKI environment, the user’s certificate is created and signed by the CA. The CA is a trusted third party that generates the user certificate holding its public key.

〇：Well-Formed Transaction

In the Clark-Wilson model, subjects cannot access objects without going through some type of application or program that controls how this access is done. The subject (usually the user) can access the required object based on access rules within the application software, defined as “Well-Formed Transaction,” in conjunction with the application.

×：Childwall model

This is incorrect because it is another name for the Brewer Nash model created to provide access control that can be dynamically modified according to the user’s previous behavior. It is shaped by access attempts and conflicts of interest and does not allow information to flow between subjects and objects. In this model, a subject can only write to an object if the subject cannot read another object in a different data set.

×：Access tuples

The Clark-Wilson model is incorrect because it uses access triples instead of access tuples. The access triple is the subject program object. This ensures that the subject can only access the object through the authorized program.

×：Write Up and Write Down

The Clark-Wilson model is incorrect because there is no Write Up and Write Down. These rules relate to the Bell-LaPadula and Biba models. The Bell-LaPadula model contains a simple security rule that has not been read and a star property rule that has not been written down. The Biba model contains an unread simple completeness axiom and an unwritten star completeness axiom.

A collision is when the hash value of two different data from one hash function is the same. Hashing is one-way cryptography, which means that the original plaintext is no longer known to be one or the other.