Domain 3 Exam.
A minimum of 70% is required to pass.
#1. Several steps must be taken before an effective physical security program can be rolled out. Which of the following steps comes first in the process of rolling out a security program?
〇:Conduct a risk analysis.
The first step in the procedure described, which is the first step to be taken only to deploy an effective physical security program, is to conduct a risk analysis to identify vulnerabilities and threats and to calculate the business impact of each threat. The team presents the results of the risk analysis to management to define an acceptable risk level for the physical security program. From there, the team evaluates and determines if the baseline is met by implementation. Once the team identifies its responses and implements the measures, performance is continually evaluated. These performances will be compared to the established baselines. If the baseline is maintained on an ongoing basis, the security program is successful because it does not exceed the company’s acceptable risk level.
×:Create a performance metric for the countermeasure.
The procedure to create a countermeasure performance metric is incorrect because it is not the first step in creating a physical security program. If monitored on a performance basis, it can be used to determine how beneficial and effective the program is. It allows management to make business decisions when investing in physical security protection for the organization. The goal is to improve the performance of the physical security program, leading to a cost-effective way to reduce the company’s risk. You should establish a performance baseline and then continually evaluate performance to ensure that the firm’s protection goals are being met. Examples of possible performance metrics include: number of successful attacks, number of successful attacks, and time taken for attacks.
×:Design program.
Designing the program is wrong because it should be done after the risk analysis. Once the level of risk is understood, then the design phase can be done to protect against the threats identified in the risk analysis. The design of deterrents, delays, detections, assessments, and responses will incorporate the necessary controls for each category of the program.
×:Implement countermeasures.
Wrong because implementing countermeasures is one of the last steps in the process of deploying a physical security program.
#2. Encryption provides different security depending on the procedure and & algorithm. Which of the following provides authentication, non-repudiation, and integrity?
〇:Digital Signature
A digital signature is a hash value encrypted with the sender’s private key. The act of signing means encrypting a hash value of a message with a private key. A message can be digitally signed, providing authentication, non-repudiation, and integrity. The hash function guarantees the integrity of the message, and the signature of the hash value provides authentication and non-repudiation.
×:Encryption Algorithms
Encryption algorithms are wrong because they provide confidentiality. Encryption is most commonly performed using symmetric algorithms. Symmetric algorithms can provide authentication, non-repudiation, and integrity as well as confidentiality.
×:Hash Algorithms
Hash algorithms are wrong because they provide data integrity. Hash algorithms generate a message digest, which detects whether modifications have been made (also called a hash value). The sender and receiver individually generate their own digests, and the receiver compares these values. If they differ, the receiver can know the message has been modified. Hash algorithms cannot provide authentication or non-repudiation.
×:Encryption paired with digital signatures
This is incorrect because encryption and digital signatures provide confidentiality, authentication, non-repudiation, and integrity. Encryption alone provides confidentiality. And digital signatures provide authentication, non-repudiation, and integrity. The question requires that it can provide authentication, non-repudiation, and integrity. It is a nasty question.
#3. I saw a news report about encryption technology being deciphered by the development of quantum computers. What do you call the phenomenon of existing encryption being deciphered as the computational power of computers improves?
Compromise is when what used to be secure encryption becomes insecure due to the evolution of computers. Cryptography is based on the sharing of a single answer, a key, among those communicating. The key is generated by computer calculations, and a third party must solve a difficult problem that would take several years to derive. However, as the computational power of computers has evolved, it is now possible to solve difficult problems that could not be solved before. In this case, encryption is meaningless. This is the compromise caused by evolution. Therefore, the correct answer is “Compromise.
#4. Which of the following is an axiom of access control to ensure that rewriting a supervisor’s document does not release incorrect information to the supervisor?
〇:* (star) Integrity Property
The Biba model defines a model with completeness as having two axioms. The * (star) Integrity Property is that the subordinate’s document is to be seen and there is no Read Down. The * (star) Integrity Property is that there is no Write Up, that is, no rewriting of the supervisor’s document. If the Simple Integrity Axiom is not followed, the subordinate’s document will be seen and may absorb unclassified and incorrect information at a lower level. If the * (star) Integrity Property is not followed, a supervisor’s document will be rewritten, which will release incorrect information to the supervisor who sees it. Therefore, both are integrity conditions.
×:Simple Integrity Property
The Simple Integrity Property is a constraint on Read Down.
×:Strong Tranquillity Axiom
The Strong Tranquillity Axiom is the constraint not to change permissions while the system is running.
×:Weak Tranquillity Axiom
Weak Tranquillity Axiom means do not change privileges until the attribute is inconsistent.
#5. Jeff would like to incorporate encryption technology into the new product. He is considering encryption methods available on the Internet. What advice should we give him?
Cryptographic algorithms refer to the calculations to be encrypted, and even if the cryptographic algorithms were publicly available, it would take an enormous amount of effort to decipher them. cryptographic algorithms that provide modern cryptography, such as AES, are publicly available. On the other hand, in-house development is not recommended because, although it has the security of concealment, it requires a great deal of resources to be allocated.
#6. Insider trading can occur through the unintentional transmission of information. Which of the following access control models is most appropriate to prepare for such an eventuality?
〇:Brewer-Nash Model
The Chinese Wall Model is a security model that focuses on the flow of information within an organization, such as insider trading. Insider trading occurs when inside information leaks to the outside world. In reality, information can spread to unexpected places as it is passed on orally to unrelated parties. In order to take such information flow into account, access privileges are determined in a simulation-like manner. Therefore, the correct answer is the “Chinese Wall Model (Brewer-Nash Model).
×:Lattice-based Access Control
Lattice-based access control is to assume that a single entity can have multiple access rights and to consider access control as all possible relationships under a certain condition.
×:Biba Model
The Biba model is a security model that indicates that data cannot be changed without permission.
×:Harrison-Ruzzo-Ullman Model
The Harrison-Ruzzo-Ullman model is a model that aggregates the eight rules of the Graham-Denning model into six rules using an access control matrix.
#7. According to the Kerckhoffs’s principle, which of the following should not leak?
The Kerckhoffs’s principle is the idea that cryptography should be secure even if everything but the private key is known. When encrypting data, one decides on a private key and how to encrypt it using that private key. Kerckhoffs says that even if it is known how it is encrypted, it should not be deciphered as long as the secret key is not discovered. Encryption has been with the history of human warfare. The main purpose is to communicate a strategy to one’s allies without being discovered by the enemy. In battle, its designs and encryption devices may be stolen by spies. Therefore, the encryption must be such that it cannot be solved without the key, no matter how much is known about how it works.
#8. Which of the following is a drawback of the symmetric key system?
〇:Keys will need to be distributed via a secure transmission channel.
For two users to exchange messages encrypted with a symmetric algorithm, they need to figure out how to distribute the key first. If the key is compromised, all messages encrypted with that key can be decrypted and read by an intruder. Simply sending the key in an email message is not secure because the key is not protected and can easily be intercepted and used by an attacker.
×:Computation is more intensive than in asymmetric systems.
That is incorrect because it describes the advantages of symmetric algorithms. Symmetric algorithms tend to be very fast because they are less computationally intensive than asymmetric algorithms. They can encrypt and decrypt relatively quickly large amounts of data that take an unacceptable amount of time to encrypt and decrypt with asymmetric algorithms.
×:Much faster operation than asymmetric systems
Symmetric algorithms are faster than asymmetric systems, but this is an advantage. Therefore, it is incorrect.
×:Mathematically intensive tasks must be performed
Asymmetric algorithms are wrong because they perform a mathematically intensive task. Symmetric algorithms, on the other hand, perform relatively simple mathematical functions on bits during the encryption and decryption process.
#9. Lacy’s manager assigned her to research intrusion detection systems for the new dispatching center. Lacey identifies the top five products and compares their ratings. Which of the following is the most used evaluation criteria framework today for this purpose?
〇:Common Criteria
Common Criteria was created in the early 1990s as a way to combine the strengths of both the Trustworthy Computer Systems Evaluation Criteria (TCSEC) and the Information Technology Security Evaluation Criteria (ITSEC) and eliminate their weaknesses. Common Criteria is more flexible than TCSEC and easier than ITSEC. Common Criteria is recognized worldwide and assists consumers by reducing the complexity of assessments and eliminating the need to understand the definitions and meanings of different assessments in different assessment schemes. This also helps manufacturers because they can now build a specific set of requirements when they want to market their products internationally, rather than having to meet several different evaluation criteria under different rules and requirements.
×:ITSEC
This is incorrect because it is not the most widely used information technology security evaluation standard. ITSEC was the first attempt to establish a single standard for evaluating the security attributes of computer systems and products in many European countries. In addition, ITSEC separates functionality and assurance in its evaluations, giving each a separate rating. It was developed to provide greater flexibility than TCSEC and addresses integrity, availability, and confidentiality in networked systems. The goal of ITSEC was to become the global standard for product evaluation, but it failed to achieve that goal and was replaced by Common Criteria.
×:Red Book
Wrong, as it is a U.S. government publication that addresses the topic of security evaluation of networks and network components. Formally titled Trusted Network Interpretation, it provides a framework for protecting different types of networks. Subjects accessing objects on the network must be controlled, monitored, and audited.
×:Orange Book
Incorrect as this is a U.S. Government publication that addresses government and military requirements and expectations for operating systems. The Orange Book is used to evaluate whether a product is suitable for the security characteristics and specific applications or functions required by the vendor. The Orange Book is used to review the functionality, effectiveness, and assurance of the product under evaluation, using classes designed to address typical patterns of security requirements. It provides a broad framework for building and evaluating trusted systems, with an emphasis on controlling which users have access to the system. We call it the Orange Book, but another name for it is Trusted Computer System Evaluation Criteria (TCSEC).
#10. Frank is responsible for the security of the company’s online applications, web server, and web-based activities. Web applications have the ability to be dynamically “locked” so that multiple users cannot simultaneously edit web pages or overwrite each other’s work. The audit revealed that even with this software locking capability properly configured, multiple users can modify the same web page at the same time. Which of the following best describes this situation?
〇:TOC/TOU
Certain attacks can take advantage of the way a system processes requests and performs tasks. A TOC/TOU attack handles a series of steps that the system uses to complete a task. This type of attack takes advantage of the reliance on the timing of events occurring in a multitasking operating system; TOC/TOU is a software vulnerability that allows the use of condition checking (i.e., credential verification) and the results from that condition checking function. In the scenario in this question, the fact that the web application is likely correctly configured indicates that the programming code of this application has this type of vulnerability embedded in the code itself.
×:Buffer overflow
When too much data is accepted as input to a particular process, a buffer overflow occurs. This is incorrect because it does not match the event in the problem statement. A buffer is an allocated segment of memory. A buffer can overflow arbitrarily with too much data, but to be used by an attacker, the code inserted into the buffer must be of a specific length and require a command to be executed by the attacker. These types of attacks are usually exceptional in that the fault is segmented, or sensitive data is provided to the attacker.
×:Blind SQL Injection
Blind SQL injection attacks are wrong because they are a type of SQL injection attack that sends true or false questions to the database. In a basic SQL injection, the attacker sends specific instructions in SQL format to query the associated database. In a blind SQL attack, the attacker is limited to sending a series of true-false questions to the database in order to analyze the database responses and gather sensitive information.
×:Cross Site Request Forgery (CSRF)
Cross Site Request Forgery (CSRF) is incorrect because it is an attack type that attempts to trick the victim into loading a web page containing malicious requests or operations. The attack operation is performed within the context of the victim’s access rights. The request inherits the victim’s identity and performs undesirable functions for the victim. In this type of attack, the attacker can cause the victim’s system to perform unintended actions such as changing account information, retrieving account data, or logging out. This type of attack could be related to the scenario described in this question, but focuses on how the user can bypass the locking mechanism built into the web application. The logic in the programming code is incorrectly developed and the locking function is bypassed because a rigorous series of checks and usage sequences are not performed correctly.
#11. Which of the following is a common association of the Clark-Wilson access model?
〇:Well-Formed Transaction
In the Clark-Wilson model, subjects cannot access objects without going through some type of application or program that controls how this access is done. The subject (usually the user) can access the required object based on access rules within the application software, defined as “Well-Formed Transaction,” in conjunction with the application.
×:Childwall model
This is incorrect because it is another name for the Brewer Nash model created to provide access control that can be dynamically modified according to the user’s previous behavior. It is shaped by access attempts and conflicts of interest and does not allow information to flow between subjects and objects. In this model, a subject can only write to an object if the subject cannot read another object in a different data set.
×:Access tuples
The Clark-Wilson model is incorrect because it uses access triples instead of access tuples. The access triple is the subject program object. This ensures that the subject can only access the object through the authorized program.
×:Write Up and Write Down
The Clark-Wilson model is incorrect because there is no Write Up and Write Down. These rules relate to the Bell-LaPadula and Biba models. The Bell-LaPadula model contains a simple security rule that has not been read and a star property rule that has not been written down. The Biba model contains an unread simple completeness axiom and an unwritten star completeness axiom.
#12. Sally is responsible for managing the keys in her organization. Which of the following is incorrect as secure key management?
〇:The expiration date should be set short.
Key management is critical for proper protection. Part of key management is to determine the key’s period of validity, which would be determined by the sensitivity of the data being protected. For sensitive data, periodic key changes are required and the key’s expiration date will be shortened. On the other hand, for less secure data, a key with a longer expiration date is not a problem.
×:Keys should be deposited in case of backup or emergency.
This is incorrect because it is true that keys must be deposited in the event of a backup or emergency situation. Keys are at risk of being lost, destroyed or damaged. Backup copies must be available and readily accessible when needed.
×:Keys must not be made public.
Of course. It is a key.
×:Keys should be stored and transmitted by secure means.
Wrong, since it is true that keys should be stored and transmitted by secure means. Keys are stored before and after distribution. If keys are distributed to users, they must be stored in a secure location in the file system and used in a controlled manner.
#13. Which of the following is an incorrect description of steganography?
〇:The most common method used is to change the most significant bit.
Steganography is a method of hiding data in other media types. One of the most common ways to embed messages in some types of media is using the least significant bit (LSB). This is because many types of files are modified and this is where sensitive data can be made visible and hidden without modifying the file. the LSB approach has been successful in hiding information within the graphics of high-resolution or sound-heavy audio files (high bit rate).
×:Hiding by abstraction.
Steganography is incorrect because it is concealment by abstraction. Security by obscurity means that someone uses secrecy as a way to protect an asset, rather than actually using the measure to secure something.
×:Just as encryption does, steganography is not a front for the existence of the sensitive data itself.
It is true that steganography does not draw attention to itself as does encryption. In other words, it is concealment by abstraction.
×:Media files are ideal for steganographic transmissions that are large in size.
This is incorrect because it is true that larger media files are ideal for steganographic transmissions because everyone needs to privately use multiple bits to manipulate with low likelihood of noticing.
#14. What are the advantages of depositing cryptographic keys with another organization?
A key escrow system is one in which a third-party organization holds a copy of the public/private key pair. If the private key is stolen, all ciphers can be decrypted. Conversely, if it is lost, all ciphers cannot be decrypted. Therefore, you want to have a copy. However, if you have it yourself, it may be stolen if a break-in occurs, so you leave it with a third-party organization.
#15. Which of the following is true about the key derivation function (KDF)?
〇:Keys are generated from a master key.
To generate a composite key, a master key is created and a symmetric key (subkey) is generated. The key derivation function generates the encryption key from the secret value. The secret value can be a master key, passphrase, or password. The key derivation function (KDF) generates a key for symmetric key ciphers from a given password.
×:Session keys are generated from each other.
Session keys are generated from each other, not from the master key, which is incorrect.
×:Asymmetric ciphers are used to encrypt symmetric keys.
It is incorrect because key encryption is not even related to the key derivation function (KDF).
×:The master key is generated from the session key.
Reverse, incorrect. Session keys are generally generated from master keys.
#16. Similar to logical access control, audit logs should also be generated and monitored for physical access control. Which of the following statements is true regarding auditing physical access?
〇:All failed access attempts should be logged and reviewed.
The physical access control system may use software and auditing capabilities to generate an audit trail or access log associated with access attempts. The date and time of the entry point when access was attempted, the user ID used when access was attempted, and any failed access attempts, among others, should be recorded.
×:Failed access attempts are recorded and only security personnel are entitled to review them.
Unless someone actually reviews them, the access logs are as useless as the audit logs generated by the computer. Security guards should review these logs, but security professionals and facility managers should review these logs on a regular basis. The administrator must know the existence and location of entry points into the facility.
×:Only successful access attempts should be logged and reviewed.
Wrong, as unsuccessful access attempts should be logged and reviewed. Audit should be able to alert you to suspicious activity even though you are denying an entity access to a network, computer, or location.
×:Failed access attempts outside of business hours should be logged and reviewed.
Incorrect, as all unauthorized access attempts should be logged and reviewed regardless. Unauthorized access can occur at any time.
#17. Which of the following is NOT a role of the memory manager?
〇:Run an algorithm that identifies unused committed memory and informs the operating system that memory is available.
This answer describes the function of the garbage collector, not the memory manager. The garbage collector is a countermeasure against memory leaks. It is software that runs an algorithm to identify unused committed memory and tells the operating system to mark that memory as “available. Different types of garbage collectors work with different operating systems, programming languages, and algorithms.
In some cases, a four-choice question can be answered without knowing the exact answer; since there is only one correct answer in a four-choice question, the answers can be grouped together to reduce it to “since they are saying the same thing, it is not right that only one of them is correct, therefore they are both wrong.
There are two answers to the effect of controlling the process to handle memory appropriately, but if the memory manager does not have that functionality, both would be correct, and therefore can be eliminated from the choices in the first place.
×:If processes need to use the same shared memory segment, use complex controls to guarantee integrity and confidentiality.
If processes need to use the same shared memory segment, the memory manager uses complex controls to ensure integrity and confidentiality. This is important to protect memory and the data in it, since two or more processes can share access to the same segment with potentially different access rights. The memory manager also allows many users with different levels of access rights to interact with the same application running on a single memory segment.
×:Restrict processes to interact only with the memory segments allocated to them.
The memory manager is responsible for limiting the interaction of processes to only those memory segments allocated to them. This responsibility falls under the protection category and helps prevent processes from accessing segments to which they are not allowed. Another protection responsibility of the memory manager is to provide access control to memory segments.
×:Swap contents from RAM to hard drive as needed.
This is incorrect because swapping contents from RAM to hard drive as needed is the role of memory managers in the relocation category. When RAM and secondary storage are combined, they become virtual memory. The system uses the hard drive space to extend the RAM memory space. Another relocation responsibility is to provide pointers for applications when instructions and memory segments are moved to another location in main memory.
#18. Which of the following is the most difficult to discover keys among known-plaintext attacks, selective-plaintext attacks, and adaptive-selective-plaintext attacks?
〇:Known Plaintext Attacks
A known-plaintext attack is a situation in which a decryptor can obtain plaintext indiscriminately. A ciphertext-alone attack is a situation where a decryptor can acquire ciphertext indiscriminately. A known-plaintext attack acquires the plaintext but does not know what ciphertext it is paired with, meaning that decryption is attempted with only two random ciphertexts. In this situation, it is difficult to decrypt. Therefore, the correct answer is “known-plaintext attack.
×:Selective Plaintext Attack
A choice-plaintext attack is a situation in which the decryptor can freely choose the plaintext to acquire and obtain the ciphertext.
×:Adaptive Choice Plaintext Attack
An adaptive choice-plaintext attack is a situation in which the decryptor can freely choose which plaintext to acquire and acquire the ciphertext, and can repeat the acquisition again after seeing the result.
×:None of the above
It is rare for the answer to be “none of the above” when the choice is “most of the above.
#19. Marge uses her private key to create a digital signature for messages sent to George, but she does not show or share her private key with George. Which of the following illustrates this situation?
〇:Zero Knowledge Proof
Zero Knowledge Proof means that someone can tell you something without telling you more information than you need to know. In cryptography, it means proving that you have a certain key without sharing that key or showing it to anyone. Zero knowledge proof (usually mathematical) is an interactive way for one party to prove to another that something is true without revealing anything sensitive.
×:Key Clustering
Key clustering is the phenomenon of encrypting the same plaintext with different keys, but with the same ciphertext.
×:Avoiding Birthday Attacks
An attacker can attempt to force a collision, called a birthday attack. This attack is based on the mathematical birthday paradox present in standard statistics. This is a cryptographic attack that uses probability theory to exploit the mathematics behind the birthday problem.
×:Provides data confidentiality
Provided via encryption when data is encrypted with a key, which is incorrect.
#20. Which microprocessor technology has also been linked to facilitating certain attacks?
〇:Increased Processing Power
The increased processing power of personal computers and servers has increased the probability of successful brute force and cracking attacks against security mechanisms that were not feasible a few years ago. Today’s processors can execute an incredible number of instructions per second. These instructions can be used to break passwords, encryption keys, or direct malicious packets to be sent to the victim’s system.
×:Increased circuitry, cache memory, and multiprogramming
This is incorrect because an increase does not make a particular type of attack more powerful. Multiprogramming means loading multiple programs or processes into memory at the same time. It allows antivirus software, word processors, firewalls, and e-mail clients to run simultaneously. Cache memory is a type of memory used for fast write and read operations. If the system expects that the program logic will need to access certain information many times during processing, the information is stored in cache memory for easy and quick access.
×:Dual-mode computation
The answer is not specific and does not measure conformance to the problem. When examining microprocessor advances, there is no actual dual-mode calculation.
×:Direct Memory Access I/O
Incorrect because this method transfers instructions and data between I/O (input/output) devices and the system’s memory without using the CPU. Direct Memory Access I/O significantly increases data transfer speed.