〇：Well-Formed Transaction

In the Clark-Wilson model, subjects cannot access objects without going through some type of application or program that controls how this access is done. The subject (usually the user) can access the required object based on access rules within the application software, defined as “Well-Formed Transaction,” in conjunction with the application.

×：Childwall model

This is incorrect because it is another name for the Brewer Nash model created to provide access control that can be dynamically modified according to the user’s previous behavior. It is shaped by access attempts and conflicts of interest and does not allow information to flow between subjects and objects. In this model, a subject can only write to an object if the subject cannot read another object in a different data set.

×：Access tuples

The Clark-Wilson model is incorrect because it uses access triples instead of access tuples. The access triple is the subject program object. This ensures that the subject can only access the object through the authorized program.

×：Write Up and Write Down

The Clark-Wilson model is incorrect because there is no Write Up and Write Down. These rules relate to the Bell-LaPadula and Biba models. The Bell-LaPadula model contains a simple security rule that has not been read and a star property rule that has not been written down. The Biba model contains an unread simple completeness axiom and an unwritten star completeness axiom.

〇：Keys are generated from a master key.

To generate a composite key, a master key is created and a symmetric key (subkey) is generated. The key derivation function generates the encryption key from the secret value. The secret value can be a master key, passphrase, or password. The key derivation function (KDF) generates a key for symmetric key ciphers from a given password.

×：Session keys are generated from each other.

Session keys are generated from each other, not from the master key, which is incorrect.

×：Asymmetric ciphers are used to encrypt symmetric keys.

It is incorrect because key encryption is not even related to the key derivation function (KDF).

×：The master key is generated from the session key.

Reverse, incorrect. Session keys are generally generated from master keys.

〇：OCSP is a protocol developed specifically to check CRLs during the certificate validation process.

A Certificate Authority (CA) is responsible for creating certificates, maintaining and distributing them, and revoking them when necessary. Revocation is handled by the CA and the revoked certificate information is stored in a Certificate Revocation List (CRL). This is a list of all revoked certificates. This list is maintained and updated periodically. A certificate is revoked if the key owner’s private key has been compromised, if the CA has been compromised, or if the certificate is incorrect. If a certificate is revoked for any reason, the CRL is a mechanism for others to inform you of this information. The Online Certificate Status Protocol (OCSP) uses this CRL; when using CRLs, the user’s browser must examine the CRL value to the client to see if the accreditation has been revoked or the CA is constantly checking to make sure they have an updated CRL. If OCSP is implemented, it will do this automatically in the background. It performs real-time verification of the certificate and reports back to the user whether the certificate is valid, invalid, or unknown.

×：CRL was developed as a more efficient approach to OCSP.

CRLs are often incorrect because they are a cumbersome approach; OCSP is used to deal with this tediousness; OCSP does this work in the background when using CRLs; OCSP checks the CRL to see if the certificate has been revoked by Checks.

×：OCSP is a protocol for submitting revoked certificates to CRLs.

OCSP is incorrect because it does not submit revoked certificates to the CRL; the CA is responsible for certificate creation, distribution, and maintenance.

×：CRL provides real-time validation of certificates and reports to OCSP.

Incorrect because CRL does not provide real-time validation of certificates to OCSP.

〇：Zero Knowledge Proof

Zero Knowledge Proof means that someone can tell you something without telling you more information than you need to know. In cryptography, it means proving that you have a certain key without sharing that key or showing it to anyone. Zero knowledge proof (usually mathematical) is an interactive way for one party to prove to another that something is true without revealing anything sensitive.

×：Key Clustering

Key clustering is the phenomenon of encrypting the same plaintext with different keys, but with the same ciphertext.

×：Avoiding Birthday Attacks

An attacker can attempt to force a collision, called a birthday attack. This attack is based on the mathematical birthday paradox present in standard statistics. This is a cryptographic attack that uses probability theory to exploit the mathematics behind the birthday problem.

×：Provides data confidentiality

Provided via encryption when data is encrypted with a key, which is incorrect.

〇：Conduct a risk analysis.

The first step in the procedure described, which is the first step to be taken only to deploy an effective physical security program, is to conduct a risk analysis to identify vulnerabilities and threats and to calculate the business impact of each threat. The team presents the results of the risk analysis to management to define an acceptable risk level for the physical security program. From there, the team evaluates and determines if the baseline is met by implementation. Once the team identifies its responses and implements the measures, performance is continually evaluated. These performances will be compared to the established baselines. If the baseline is maintained on an ongoing basis, the security program is successful because it does not exceed the company’s acceptable risk level.

×：Create a performance metric for the countermeasure.  

The procedure to create a countermeasure performance metric is incorrect because it is not the first step in creating a physical security program. If monitored on a performance basis, it can be used to determine how beneficial and effective the program is. It allows management to make business decisions when investing in physical security protection for the organization. The goal is to improve the performance of the physical security program, leading to a cost-effective way to reduce the company’s risk. You should establish a performance baseline and then continually evaluate performance to ensure that the firm’s protection goals are being met. Examples of possible performance metrics include: number of successful attacks, number of successful attacks, and time taken for attacks.

×：Design program.  

Designing the program is wrong because it should be done after the risk analysis. Once the level of risk is understood, then the design phase can be done to protect against the threats identified in the risk analysis. The design of deterrents, delays, detections, assessments, and responses will incorporate the necessary controls for each category of the program.

×：Implement countermeasures.  

Wrong because implementing countermeasures is one of the last steps in the process of deploying a physical security program.

〇：The client generates a session key and encrypts it with a public key.

Transport Layer Security (TLS) uses public key cryptography to provide data encryption, server authentication, message integrity, and optionally client authentication. When a client accesses a cryptographically protected page, the web server initiates TLS and begins the process of securing subsequent communications. The server performs a three-handshake to establish a secure session. After that, client authentication with a digital certificate, as the case may be, comes in. The client then generates a session key, encrypts it with the server’s public key, and shares it. This session key is used as the symmetric key for encrypting the data to be transmitted thereafter. Thus, the correct answer is: “The client generates a session key and encrypts it with the public key.” will be

×：The server generates the session key and encrypts it with the public key.

The server does not encrypt with the public key.

×：The server generates a session key and encrypts it with the private key.

Even if encryption is performed from the server side, it can be decrypted with the public key, so it is not structurally possible.

×：The client generates a session key and encrypts it with its private key.

The client side does not have the private key.

〇：The expiration date should be set short.

Key management is critical for proper protection. Part of key management is to determine the key’s period of validity, which would be determined by the sensitivity of the data being protected. For sensitive data, periodic key changes are required and the key’s expiration date will be shortened. On the other hand, for less secure data, a key with a longer expiration date is not a problem.

×：Keys should be deposited in case of backup or emergency.

This is incorrect because it is true that keys must be deposited in the event of a backup or emergency situation. Keys are at risk of being lost, destroyed or damaged. Backup copies must be available and readily accessible when needed.

×：Keys must not be made public.

Of course. It is a key.

×：Keys should be stored and transmitted by secure means.

Wrong, since it is true that keys should be stored and transmitted by secure means. Keys are stored before and after distribution. If keys are distributed to users, they must be stored in a secure location in the file system and used in a controlled manner.

Compromise is when what used to be secure encryption becomes insecure due to the evolution of computers. Cryptography is based on the sharing of a single answer, a key, among those communicating. The key is generated by computer calculations, and a third party must solve a difficult problem that would take several years to derive. However, as the computational power of computers has evolved, it is now possible to solve difficult problems that could not be solved before. In this case, encryption is meaningless. This is the compromise caused by evolution. Therefore, the correct answer is “Compromise.

〇：* (star) Integrity Property

The Biba model defines a model with completeness as having two axioms. The * (star) Integrity Property is that the subordinate’s document is to be seen and there is no Read Down. The * (star) Integrity Property is that there is no Write Up, that is, no rewriting of the supervisor’s document. If the Simple Integrity Axiom is not followed, the subordinate’s document will be seen and may absorb unclassified and incorrect information at a lower level. If the * (star) Integrity Property is not followed, a supervisor’s document will be rewritten, which will release incorrect information to the supervisor who sees it. Therefore, both are integrity conditions.

×：Simple Integrity Property

The Simple Integrity Property is a constraint on Read Down.

×：Strong Tranquillity Axiom

The Strong Tranquillity Axiom is the constraint not to change permissions while the system is running.

×：Weak Tranquillity Axiom

Weak Tranquillity Axiom means do not change privileges until the attribute is inconsistent.

〇：The cloud provider is provided a platform as a service that provides a computing platform that may include an operating system, database, and web servers.

Cloud computing is a term used to describe the aggregation of network and server technologies, each virtualized, to provide customers with a specific computing environment that matches their needs. This centralized control provides end users with self-service, broad access across multiple devices, resource pooling, rapid elasticity, and service monitoring capabilities.

There are different types of cloud computing products: IaaS provides virtualized servers in the cloud; PaaS allows applications to be developed individually; SaaS allows service providers to deploy services with no development required and with a choice of functionality; and IaaS allows customers to choose the type of service they want to use. ” The term “PaaS” must fit the definition of “PaaS” because it requires that “the original application configuration remains the same”. Thus, the correct answer is, “The cloud provider provides a computing platform that may include an operating system, database, and web server, where the platform as a service is provided.” The following is the correct answer

×：The cloud provider is provided with an infrastructure as a service that provides a computing platform that can include an operating system, database, and web servers.

IaaS Description.

×：The cloud provider is provided with software services that provide an infrastructure environment similar to that of a traditional data center.

This is a description of the operational benefits of cloud computing. It is not a definition.

×：The cloud provider provides software as a service in a computing platform environment where application functionality is internalized.

SaaS Description.

〇：Statistically predictable

The two main types of symmetric algorithms are block ciphers and stream ciphers. Block ciphers perform a mathematical function on a block of bits at a time. Stream ciphers do not divide the message into blocks. Instead, a stream cipher treats the message as a stream of bits and performs the mathematical function on each bit individually. If it were statistically predictable, it would not be a practical encryption technique in the first place.

×：Statistically Fair Keystreams

Statistically fair keystreams are an element of good stream ciphers. Therefore, it is incorrect. Another way to say a statistically unbiased keystream is that it is a highly random keystream that is difficult to predict.

×：The repetitive pattern of bit strings treated in a keystream is long.

Another way to say the randomness of a keystream is that it is highly random, with long repetitions = rarely repeated = highly random.

×：The keystream is irrelevant to the key.

A keystream that is not related to a key is an element of a good stream cipher. Therefore, it is incorrect. This is important because the key provides the randomness of the encryption process.

A collision is when the hash value of two different data from one hash function is the same. Hashing is one-way cryptography, which means that the original plaintext is no longer known to be one or the other.

〇：The sender encrypts the message digest with his/her private key.

A digital signature is a hash value encrypted with the sender’s private key. The act of digitally signing means encrypting the hash value of the message with his/her private key. The sender would encrypt that hash value using her private key. When the recipient receives the message, she performs a hash function on the message and generates the hash value herself. She then decrypts the hash value (digital signature) sent with the sender’s public key. The receiver compares the two values and, if they are the same, can verify that the message was not altered during transmission.

×：The sender encrypts the message digest with his/her public key.

The sender is wrong because if the message encrypts the digest with his/her public key, the recipient cannot decrypt it. The recipient needs access to the sender’s private key, which must not occur. The private key must always be kept secret.

×：The receiver encrypts the message digest with his/her private key.

The receiver is wrong because the message must decrypt the digest with the sender’s public key. The message digest is encrypted with the sender’s private key, which can only be decrypted with the sender’s public key.

×：The receiver encrypts the message digest with his/her public key.

The receiver is wrong because the message must decrypt the digest with the sender’s public key. The message digest is encrypted with the sender’s private key, which can only be decrypted with the sender’s public key.

A key escrow system is one in which a third-party organization holds a copy of the public/private key pair. If the private key is stolen, all ciphers can be decrypted. Conversely, if it is lost, all ciphers cannot be decrypted. Therefore, you want to have a copy. However, if you have it yourself, it may be stolen if a break-in occurs, so you leave it with a third-party organization.

〇：Execution Domain Switching

Execution domain switching occurs when the CPU needs to move between executing instructions for a more trusted process versus a less trusted process. Trusted Computing Base (TCB) allows processes to switch domains in a secure manner to access different levels of information based on sensitivity. Execution domain switching occurs when a process needs to invoke a process in a higher protection ring. The CPU executes the user-mode instruction back into privileged mode.

At first glance, this is a geeky problem that does not make sense. But don’t give up. Since there is no such thing as skipping, you can only get a right or wrong answer when the question is posed, so it is preferable to answer the question with some degree of prediction.

From this point on, let’s consider how to answer the questions. If you look at the question text and read it to the point where it reads, “You moved from one area to the other, and that was a security breach?” If you can read to that point, then you have two choices: deny or “stop the process,” or change or “switch the domain of execution. Next, the question text reads “if you need to access it,” which is asking how to accomplish this objective, not whether or not you should.

×：Execution of I/O operations

This is incorrect because input/output (I/O) operations are not initiated to ensure security when a process in one domain needs to access another domain in order to retrieve sensitive information. I/O operations are performed when input devices (such as a mouse or keyboard) and output devices (such as a monitor or printer, etc.) interact with an application or applications.

×：Stopping a Process

A process deactivation is one that occurs when a process instruction is fully executed by the CPU or when another process with a higher priority calls the CPU, which is incorrect. When a process is deactivated, new information about the new requesting process must be written to a register in the CPU. The TCB component must ensure that this is done, since the data replaced in the registers may be confidential.

×：Mapping from virtual memory to real memory

Incorrect because memory mapping occurs when a process needs its instructions and data processed by the CPU. The memory manager maps logical addresses to physical addresses so that the CPU knows where to place the data. This is the responsibility of the operating system’s memory manager.

〇：Zachman Framework

The Zachman Framework is an enterprise architecture that determines the what, how, where, who, when, and why for each mandate. Enterprise architecture is to create a management structure to achieve business goals. We create an organization to achieve business goals, and basically, the larger the business goals, the larger the organization. If the structure of the organization is not in place, the organization will not run efficiently, as there may be residual work that needs to be done, or there may be friction between jobs due to authority that is covered by others. Therefore, it is necessary to clarify the scope of each job authority in order to put the organization in order. The job authority here is different from the perspectives of human resources or sales. It is easier to think of them as hierarchically separated to achieve business goals. Clarify the scope in Executive, Business Management, Architecture, Engineers, Subcontractors, and Stakeholders, respectively. Therefore, the correct answer is the Zachman Framework.

×：SABSA

SABSA (Sherwood Applied Business Security Architecture) is a framework to ensure that security measures are working properly in achieving business goals. Unlike the Zachman Framework, the tasks to be organized are hierarchical elements. Business Requirements > Conceptual Architecture > Logical Service Architecture > Physical Infrastructure Architecture > Technology and Products, each with a 5W1H practice.

×：Five-W method

There is no such term. If there is, it is a term coined to make it easier to interpret.

×：Biba Model

The Biba model is a security model that indicates that data cannot be changed without permission.

〇：Increased Processing Power

The increased processing power of personal computers and servers has increased the probability of successful brute force and cracking attacks against security mechanisms that were not feasible a few years ago. Today’s processors can execute an incredible number of instructions per second. These instructions can be used to break passwords, encryption keys, or direct malicious packets to be sent to the victim’s system.

×：Increased circuitry, cache memory, and multiprogramming

This is incorrect because an increase does not make a particular type of attack more powerful. Multiprogramming means loading multiple programs or processes into memory at the same time. It allows antivirus software, word processors, firewalls, and e-mail clients to run simultaneously. Cache memory is a type of memory used for fast write and read operations. If the system expects that the program logic will need to access certain information many times during processing, the information is stored in cache memory for easy and quick access.

×：Dual-mode computation

The answer is not specific and does not measure conformance to the problem. When examining microprocessor advances, there is no actual dual-mode calculation.

×：Direct Memory Access I/O

Incorrect because this method transfers instructions and data between I/O (input/output) devices and the system’s memory without using the CPU. Direct Memory Access I/O significantly increases data transfer speed.

〇：TOGAF

The Open Group Architecture Framework (TOGAF) is a vendor-independent platform for the development and implementation of enterprise architecture. It focuses on the effective management of enterprise data using metamodels and service-oriented architectures (SOA). Proficient implementations of TOGAF aim to reduce fragmentation caused by inconsistencies between traditional IT systems and actual business processes. It also coordinates new changes and functionality so that new changes can be easily integrated into the enterprise platform.

×：Department of Defense Architecture Framework (DoDAF)

In accordance with the guidelines for the organization of the enterprise architecture of the U.S. Department of Defense systems, this is incorrect. It is also suitable for large, complex integrated systems in the military, civilian, and public sectors.

×：Capability Maturity Model Integration (CMMI) during software development.

It is inappropriate because it is a framework for the purpose of designing and further improving software. CMMI provides a standard for software development processes that can measure the maturity of the development process.

×：ISO/IEC 42010

Incorrect because it consists of recommended practices to simplify the design and conception of software-intensive system architectures. This standard provides a kind of language (terminology) to describe the different components of software architecture and how to integrate it into the development life cycle.

The Kerckhoffs’s principle is the idea that cryptography should be secure even if everything but the private key is known. When encrypting data, one decides on a private key and how to encrypt it using that private key. Kerckhoffs says that even if it is known how it is encrypted, it should not be deciphered as long as the secret key is not discovered. Encryption has been with the history of human warfare. The main purpose is to communicate a strategy to one’s allies without being discovered by the enemy. In battle, its designs and encryption devices may be stolen by spies. Therefore, the encryption must be such that it cannot be solved without the key, no matter how much is known about how it works.