Domain 3 Exam.
A minimum of 70% is required to pass.
#1. Which of the following is true about the key derivation function (KDF)?
〇：Keys are generated from a master key.
To generate a composite key, a master key is created and a symmetric key (subkey) is generated. The key derivation function generates the encryption key from the secret value. The secret value can be a master key, passphrase, or password. The key derivation function (KDF) generates a key for symmetric key ciphers from a given password.
×：Session keys are generated from each other.
Session keys are generated from each other, not from the master key, which is incorrect.
×：Asymmetric ciphers are used to encrypt symmetric keys.
It is incorrect because key encryption is not even related to the key derivation function (KDF).
×：The master key is generated from the session key.
Reverse, incorrect. Session keys are generally generated from master keys.
#2. Several steps must be taken before an effective physical security program can be rolled out. Which of the following steps comes first in the process of rolling out a security program?
〇：Conduct a risk analysis.
The first step in the procedure described, which is the first step to be taken only to deploy an effective physical security program, is to conduct a risk analysis to identify vulnerabilities and threats and to calculate the business impact of each threat. The team presents the results of the risk analysis to management to define an acceptable risk level for the physical security program. From there, the team evaluates and determines if the baseline is met by implementation. Once the team identifies its responses and implements the measures, performance is continually evaluated. These performances will be compared to the established baselines. If the baseline is maintained on an ongoing basis, the security program is successful because it does not exceed the company’s acceptable risk level.
×：Create a performance metric for the countermeasure.
The procedure to create a countermeasure performance metric is incorrect because it is not the first step in creating a physical security program. If monitored on a performance basis, it can be used to determine how beneficial and effective the program is. It allows management to make business decisions when investing in physical security protection for the organization. The goal is to improve the performance of the physical security program, leading to a cost-effective way to reduce the company’s risk. You should establish a performance baseline and then continually evaluate performance to ensure that the firm’s protection goals are being met. Examples of possible performance metrics include: number of successful attacks, number of successful attacks, and time taken for attacks.
Designing the program is wrong because it should be done after the risk analysis. Once the level of risk is understood, then the design phase can be done to protect against the threats identified in the risk analysis. The design of deterrents, delays, detections, assessments, and responses will incorporate the necessary controls for each category of the program.
Wrong because implementing countermeasures is one of the last steps in the process of deploying a physical security program.
#3. Which of the following physical environment designs combines sociology to reduce crime rates and fear of crime?
〇：Crime Prevention by Environmental Design (CPTED)
Crime Prevention by Environmental Design (CPTED) is a method by which crime can be reduced through proper design of the physical environment. It provides guidance on appropriate facility construction and environmental elements and crime prevention. It is used to guide the physical environment to behavioral effects that reduce crime.
×：Multi-layered defense model
The multi-layered defense model is incorrect because it is a hierarchical architecture of physical, logical, and administrative security controls. The concept is that if one layer fails, the asset is protected by other layers. Layers should be moved from the perimeter toward the asset and implemented.
×：Hiding by Ambiguity
Concealment by ambiguity is a technique of concealment secured by concealment of information and is incorrect. Basically, it is better not to consider something to be a true secret if it is logically reachable, even if it is not public.
Access control is incorrect because it is guidance by the placement of doors, fences, lighting, and landscaping as people enter. It is an abstract concept and would not fit into a concrete definition that combines sociology.
#4. Similar to logical access control, audit logs should also be generated and monitored for physical access control. Which of the following statements is true regarding auditing physical access?
〇：All failed access attempts should be logged and reviewed.
The physical access control system may use software and auditing capabilities to generate an audit trail or access log associated with access attempts. The date and time of the entry point when access was attempted, the user ID used when access was attempted, and any failed access attempts, among others, should be recorded.
×：Failed access attempts are recorded and only security personnel are entitled to review them.
Unless someone actually reviews them, the access logs are as useless as the audit logs generated by the computer. Security guards should review these logs, but security professionals and facility managers should review these logs on a regular basis. The administrator must know the existence and location of entry points into the facility.
×：Only successful access attempts should be logged and reviewed.
Wrong, as unsuccessful access attempts should be logged and reviewed. Audit should be able to alert you to suspicious activity even though you are denying an entity access to a network, computer, or location.
×：Failed access attempts outside of business hours should be logged and reviewed.
Incorrect, as all unauthorized access attempts should be logged and reviewed regardless. Unauthorized access can occur at any time.
#5. Which of the following is a drawback of the symmetric key system?
〇：Keys will need to be distributed via a secure transmission channel.
For two users to exchange messages encrypted with a symmetric algorithm, they need to figure out how to distribute the key first. If the key is compromised, all messages encrypted with that key can be decrypted and read by an intruder. Simply sending the key in an email message is not secure because the key is not protected and can easily be intercepted and used by an attacker.
×：Computation is more intensive than in asymmetric systems.
That is incorrect because it describes the advantages of symmetric algorithms. Symmetric algorithms tend to be very fast because they are less computationally intensive than asymmetric algorithms. They can encrypt and decrypt relatively quickly large amounts of data that take an unacceptable amount of time to encrypt and decrypt with asymmetric algorithms.
×：Much faster operation than asymmetric systems
Symmetric algorithms are faster than asymmetric systems, but this is an advantage. Therefore, it is incorrect.
×：Mathematically intensive tasks must be performed
Asymmetric algorithms are wrong because they perform a mathematically intensive task. Symmetric algorithms, on the other hand, perform relatively simple mathematical functions on bits during the encryption and decryption process.
#6. It appears that this organization is abusing its authority. Which approach would clarify the what, how, where, who, when, and why of each ex officio?
The Zachman Framework is an enterprise architecture that determines the what, how, where, who, when, and why for each mandate. Enterprise architecture is to create a management structure to achieve business goals. We create an organization to achieve business goals, and basically, the larger the business goals, the larger the organization. If the structure of the organization is not in place, the organization will not run efficiently, as there may be residual work that needs to be done, or there may be friction between jobs due to authority that is covered by others. Therefore, it is necessary to clarify the scope of each job authority in order to put the organization in order. The job authority here is different from the perspectives of human resources or sales. It is easier to think of them as hierarchically separated to achieve business goals. Clarify the scope in Executive, Business Management, Architecture, Engineers, Subcontractors, and Stakeholders, respectively. Therefore, the correct answer is the Zachman Framework.
SABSA (Sherwood Applied Business Security Architecture) is a framework to ensure that security measures are working properly in achieving business goals. Unlike the Zachman Framework, the tasks to be organized are hierarchical elements. Business Requirements > Conceptual Architecture > Logical Service Architecture > Physical Infrastructure Architecture > Technology and Products, each with a 5W1H practice.
There is no such term. If there is, it is a term coined to make it easier to interpret.
The Biba model is a security model that indicates that data cannot be changed without permission.
#7. Jeff would like to incorporate encryption technology into the new product. He is considering encryption methods available on the Internet. What advice should we give him?
Cryptographic algorithms refer to the calculations to be encrypted, and even if the cryptographic algorithms were publicly available, it would take an enormous amount of effort to decipher them. cryptographic algorithms that provide modern cryptography, such as AES, are publicly available. On the other hand, in-house development is not recommended because, although it has the security of concealment, it requires a great deal of resources to be allocated.
#8. We are looking to move to a cloud-based solution to eliminate the increasing cost of maintaining our own server network environment. Which of the following is the correct definition and mapping of a typical cloud-based solution to choose?
〇：The cloud provider is provided a platform as a service that provides a computing platform that may include an operating system, database, and web servers.
Cloud computing is a term used to describe the aggregation of network and server technologies, each virtualized, to provide customers with a specific computing environment that matches their needs. This centralized control provides end users with self-service, broad access across multiple devices, resource pooling, rapid elasticity, and service monitoring capabilities.
There are different types of cloud computing products: IaaS provides virtualized servers in the cloud; PaaS allows applications to be developed individually; SaaS allows service providers to deploy services with no development required and with a choice of functionality; and IaaS allows customers to choose the type of service they want to use. ” The term “PaaS” must fit the definition of “PaaS” because it requires that “the original application configuration remains the same”. Thus, the correct answer is, “The cloud provider provides a computing platform that may include an operating system, database, and web server, where the platform as a service is provided.” The following is the correct answer
×：The cloud provider is provided with an infrastructure as a service that provides a computing platform that can include an operating system, database, and web servers.
×：The cloud provider is provided with software services that provide an infrastructure environment similar to that of a traditional data center.
This is a description of the operational benefits of cloud computing. It is not a definition.
×：The cloud provider provides software as a service in a computing platform environment where application functionality is internalized.
#9. Encryption provides different security depending on the procedure and & algorithm. Which of the following provides authentication, non-repudiation, and integrity?
A digital signature is a hash value encrypted with the sender’s private key. The act of signing means encrypting a hash value of a message with a private key. A message can be digitally signed, providing authentication, non-repudiation, and integrity. The hash function guarantees the integrity of the message, and the signature of the hash value provides authentication and non-repudiation.
Encryption algorithms are wrong because they provide confidentiality. Encryption is most commonly performed using symmetric algorithms. Symmetric algorithms can provide authentication, non-repudiation, and integrity as well as confidentiality.
Hash algorithms are wrong because they provide data integrity. Hash algorithms generate a message digest, which detects whether modifications have been made (also called a hash value). The sender and receiver individually generate their own digests, and the receiver compares these values. If they differ, the receiver can know the message has been modified. Hash algorithms cannot provide authentication or non-repudiation.
×：Encryption paired with digital signatures
This is incorrect because encryption and digital signatures provide confidentiality, authentication, non-repudiation, and integrity. Encryption alone provides confidentiality. And digital signatures provide authentication, non-repudiation, and integrity. The question requires that it can provide authentication, non-repudiation, and integrity. It is a nasty question.
#10. Which of the following problems are caused by the hash collision phenomenon?
#11. Symmetric ciphers include stream ciphers and block ciphers. Which of the following is not a suitable characteristic of stream ciphers?
The two main types of symmetric algorithms are block ciphers and stream ciphers. Block ciphers perform a mathematical function on a block of bits at a time. Stream ciphers do not divide the message into blocks. Instead, a stream cipher treats the message as a stream of bits and performs the mathematical function on each bit individually. If it were statistically predictable, it would not be a practical encryption technique in the first place.
×：Statistically Fair Keystreams
Statistically fair keystreams are an element of good stream ciphers. Therefore, it is incorrect. Another way to say a statistically unbiased keystream is that it is a highly random keystream that is difficult to predict.
×：The repetitive pattern of bit strings treated in a keystream is long.
Another way to say the randomness of a keystream is that it is highly random, with long repetitions = rarely repeated = highly random.
×：The keystream is irrelevant to the key.
A keystream that is not related to a key is an element of a good stream cipher. Therefore, it is incorrect. This is important because the key provides the randomness of the encryption process.
#12. Frank is responsible for the security of the company’s online applications, web server, and web-based activities. Web applications have the ability to be dynamically “locked” so that multiple users cannot simultaneously edit web pages or overwrite each other’s work. The audit revealed that even with this software locking capability properly configured, multiple users can modify the same web page at the same time. Which of the following best describes this situation?
Certain attacks can take advantage of the way a system processes requests and performs tasks. A TOC/TOU attack handles a series of steps that the system uses to complete a task. This type of attack takes advantage of the reliance on the timing of events occurring in a multitasking operating system; TOC/TOU is a software vulnerability that allows the use of condition checking (i.e., credential verification) and the results from that condition checking function. In the scenario in this question, the fact that the web application is likely correctly configured indicates that the programming code of this application has this type of vulnerability embedded in the code itself.
When too much data is accepted as input to a particular process, a buffer overflow occurs. This is incorrect because it does not match the event in the problem statement. A buffer is an allocated segment of memory. A buffer can overflow arbitrarily with too much data, but to be used by an attacker, the code inserted into the buffer must be of a specific length and require a command to be executed by the attacker. These types of attacks are usually exceptional in that the fault is segmented, or sensitive data is provided to the attacker.
×：Blind SQL Injection
Blind SQL injection attacks are wrong because they are a type of SQL injection attack that sends true or false questions to the database. In a basic SQL injection, the attacker sends specific instructions in SQL format to query the associated database. In a blind SQL attack, the attacker is limited to sending a series of true-false questions to the database in order to analyze the database responses and gather sensitive information.
×：Cross Site Request Forgery (CSRF)
Cross Site Request Forgery (CSRF) is incorrect because it is an attack type that attempts to trick the victim into loading a web page containing malicious requests or operations. The attack operation is performed within the context of the victim’s access rights. The request inherits the victim’s identity and performs undesirable functions for the victim. In this type of attack, the attacker can cause the victim’s system to perform unintended actions such as changing account information, retrieving account data, or logging out. This type of attack could be related to the scenario described in this question, but focuses on how the user can bypass the locking mechanism built into the web application. The logic in the programming code is incorrectly developed and the locking function is bypassed because a rigorous series of checks and usage sequences are not performed correctly.
#13. According to the Kerckhoffs’s principle, which of the following should not leak?
The Kerckhoffs’s principle is the idea that cryptography should be secure even if everything but the private key is known. When encrypting data, one decides on a private key and how to encrypt it using that private key. Kerckhoffs says that even if it is known how it is encrypted, it should not be deciphered as long as the secret key is not discovered. Encryption has been with the history of human warfare. The main purpose is to communicate a strategy to one’s allies without being discovered by the enemy. In battle, its designs and encryption devices may be stolen by spies. Therefore, the encryption must be such that it cannot be solved without the key, no matter how much is known about how it works.
#14. Which of the following correctly describes the relationship between the reference monitor and the security kernel?
〇：The security kernel implements and executes the reference monitor
The Trusted Computing Base (TCB) is a complete combination of protection mechanisms for a system. These are in the form of hardware, software, and firmware. These same components also comprise the security kernel. Reference monitors are access control concepts implemented and enforced by the security kernel via hardware, software, and firmware. In doing so, it ensures that the security kernel, the subject, has the proper permissions to access the object it is requesting. The subject, be it a program, user, or process, cannot access the requesting file, program, or resource until it is proven that it has the proper access rights.
×：The reference monitor is the core of the Trusted Computing Base (TCP), which is comprised of the security kernel.
This is incorrect because the reference monitor is not the core of the TCB. The core of the TCB is the security kernel, and the security kernel implements the concepts of the reference monitor. The reference monitor is a concept about access control. It is often referred to as an “abstract machine” because it is not a physical component.
×：The reference monitor implements and executes the security kernel.
The reference monitor does not implement and execute the security kernel, which is incorrect. On the contrary, the security kernel implements and executes the reference monitor. The reference monitor is an abstract concept, while the security kernel is a combination of hardware, software, and firmware in a trusted computing base.
×：The security kernel, i.e., the abstract machine, implements the concept of a reference monitor.
This is incorrect because abstract machine is not another name for security kernel. Abstract machine is another name for the reference monitor. This concept ensures that the abstract machine acts as an intermediary between the subject and the object, ensuring that the subject has the necessary rights to access the object it is requesting and protecting the subject from unauthorized access and modification. The security kernel functions to perform these activities.
#15. Which of the following is the appropriate method of creating a digital signature?
〇：The sender encrypts the message digest with his/her private key.
A digital signature is a hash value encrypted with the sender’s private key. The act of digitally signing means encrypting the hash value of the message with his/her private key. The sender would encrypt that hash value using her private key. When the recipient receives the message, she performs a hash function on the message and generates the hash value herself. She then decrypts the hash value (digital signature) sent with the sender’s public key. The receiver compares the two values and, if they are the same, can verify that the message was not altered during transmission.
×：The sender encrypts the message digest with his/her public key.
The sender is wrong because if the message encrypts the digest with his/her public key, the recipient cannot decrypt it. The recipient needs access to the sender’s private key, which must not occur. The private key must always be kept secret.
×：The receiver encrypts the message digest with his/her private key.
The receiver is wrong because the message must decrypt the digest with the sender’s public key. The message digest is encrypted with the sender’s private key, which can only be decrypted with the sender’s public key.
×：The receiver encrypts the message digest with his/her public key.
The receiver is wrong because the message must decrypt the digest with the sender’s public key. The message digest is encrypted with the sender’s private key, which can only be decrypted with the sender’s public key.
#16. The CA is responsible for revoking the required certificates. Which of the following adequately describes CRLs and OCSPs?
〇：OCSP is a protocol developed specifically to check CRLs during the certificate validation process.
A Certificate Authority (CA) is responsible for creating certificates, maintaining and distributing them, and revoking them when necessary. Revocation is handled by the CA and the revoked certificate information is stored in a Certificate Revocation List (CRL). This is a list of all revoked certificates. This list is maintained and updated periodically. A certificate is revoked if the key owner’s private key has been compromised, if the CA has been compromised, or if the certificate is incorrect. If a certificate is revoked for any reason, the CRL is a mechanism for others to inform you of this information. The Online Certificate Status Protocol (OCSP) uses this CRL; when using CRLs, the user’s browser must examine the CRL value to the client to see if the accreditation has been revoked or the CA is constantly checking to make sure they have an updated CRL. If OCSP is implemented, it will do this automatically in the background. It performs real-time verification of the certificate and reports back to the user whether the certificate is valid, invalid, or unknown.
×：CRL was developed as a more efficient approach to OCSP.
CRLs are often incorrect because they are a cumbersome approach; OCSP is used to deal with this tediousness; OCSP does this work in the background when using CRLs; OCSP checks the CRL to see if the certificate has been revoked by Checks.
×：OCSP is a protocol for submitting revoked certificates to CRLs.
OCSP is incorrect because it does not submit revoked certificates to the CRL; the CA is responsible for certificate creation, distribution, and maintenance.
×：CRL provides real-time validation of certificates and reports to OCSP.
Incorrect because CRL does not provide real-time validation of certificates to OCSP.
#17. Mandy needs to generate keys for 260 employees using the company’s asymmetric algorithm. How many keys will be needed?
In an asymmetric algorithm, every user must have at least one key pair (private and public key). In a public key system, each entity has a separate key. The formula for determining the number of keys needed in this environment is by the number N × 2, where N is the number of people to distribute. In other words, 260 x 2 = 520. Therefore, the correct answer is 520.
#18. Which security architecture model defines how to securely develop access rights between subjects and objects?
The Graham-Denning model addresses how access rights between subjects and objects are defined, developed, and integrated. It defines a basic set of rights in terms of the commands that a particular subject can execute on an object. The model has eight basic protective rights or rules on how to safely perform these types of functions
It is incorrect because its purpose is to provide access control that can be changed dynamically according to the user’s previous actions. The main purpose is to protect against conflicts of interest due to user access attempts. For example, if a large marketing firm provides marketing promotions and materials for two banks, the employee responsible for the Bank A project should not be able to see information about Bank B, the marketing firm’s other bank customer. A conflict of interest could arise because the banks are competitors. If the project manager of the marketing firm’s Project A can see information about Bank B’s new marketing campaign, he may attempt to execute it rather than promote it to please more direct customers. Marketing firms have a bad reputation when internal employees can act irresponsibly.
The Clark-Wilson model is incorrect because it is implemented to protect data integrity and ensure that transactions are properly formatted within the application. Subjects can only access objects through authorized programs. Segregation of duties is enforced. Auditing is required. The Clark-Wilson model addresses three integrity goals: preventing changes by unauthorized users, preventing inappropriate changes by unauthorized users, and maintaining internal and external consistency.
This model was developed to address concerns about the security of U.S. military systems and the leakage of classified information, and is incorrect. The primary goal of the model is to prevent unauthorized access to classified information. It is a state machine model that enforces the confidentiality aspect of access control. Matrices and security levels are used to determine if a subject has access to different objects. Specific rules are applied to control how objects interact with each other compared to the subject’s object classification.
#19. Which of the following best describes the difference between a firewall embedded in a hypervisor and a virtual firewall operating in bridge mode?
〇：A virtual firewall in bridge mode allows the firewall to monitor individual traffic links, while a firewall integrated into the hypervisor can monitor all activity taking place within the host system.
Virtual firewalls can be bridge-mode products that monitor individual communication links between virtual machines. They can also be integrated within a hypervisor in a virtual environment. The hypervisor is the software component that manages the virtual machines and monitors the execution of guest system software. When a firewall is embedded within the hypervisor, it can monitor all activities that occur within the host system.
×：A virtual firewall in bridge mode allows the firewall to monitor individual network links, while a firewall integrated into the hypervisor can monitor all activities taking place within the guest system.
A virtual firewall in bridge mode is incorrect because the firewall can monitor individual traffic links between hosts and not network links. Hypervisor integration allows the firewall to monitor all activities taking place within the guest system rather than the host system.
×：A virtual firewall in bridge mode allows the firewall to monitor individual traffic links, while a firewall integrated into the hypervisor can monitor all activities taking place within the guest system.
A virtual firewall in bridge mode is wrong because the firewall can monitor individual traffic links, and the hypervisor integration allows the firewall to monitor all activity taking place within the host system, but not the guest system. The hypervisor is the software component that manages the virtual machines and monitors the execution of the guest system software. A firewall, when embedded within the hypervisor, can monitor all activities taking place within the system.
×：A virtual firewall in bridge mode allows the firewall to monitor individual guest systems, while a firewall integrated into the hypervisor can monitor all activities taking place within the network system.
A virtual firewall in bridge mode allows the firewall to monitor individual traffic between guest systems, and a hypervisor integrated allows the firewall to monitor all activity taking place within the host system, not the network system, so Wrong.
#20. Marge uses her private key to create a digital signature for messages sent to George, but she does not show or share her private key with George. Which of the following illustrates this situation?
〇：Zero Knowledge Proof
Zero Knowledge Proof means that someone can tell you something without telling you more information than you need to know. In cryptography, it means proving that you have a certain key without sharing that key or showing it to anyone. Zero knowledge proof (usually mathematical) is an interactive way for one party to prove to another that something is true without revealing anything sensitive.
Key clustering is the phenomenon of encrypting the same plaintext with different keys, but with the same ciphertext.
×：Avoiding Birthday Attacks
An attacker can attempt to force a collision, called a birthday attack. This attack is based on the mathematical birthday paradox present in standard statistics. This is a cryptographic attack that uses probability theory to exploit the mathematics behind the birthday problem.
×：Provides data confidentiality
Provided via encryption when data is encrypted with a key, which is incorrect.