〇：Brewer-Nash Model

The Chinese Wall Model is a security model that focuses on the flow of information within an organization, such as insider trading. Insider trading occurs when inside information leaks to the outside world. In reality, information can spread to unexpected places as it is passed on orally to unrelated parties. In order to take such information flow into account, access privileges are determined in a simulation-like manner. Therefore, the correct answer is the “Chinese Wall Model (Brewer-Nash Model).

×：Lattice-based Access Control

Lattice-based access control is to assume that a single entity can have multiple access rights and to consider access control as all possible relationships under a certain condition.

×：Biba Model

The Biba model is a security model that indicates that data cannot be changed without permission.

×：Harrison-Ruzzo-Ullman Model

The Harrison-Ruzzo-Ullman model is a model that aggregates the eight rules of the Graham-Denning model into six rules using an access control matrix.

In an asymmetric algorithm, every user must have at least one key pair (private and public key). In a public key system, each entity has a separate key. The formula for determining the number of keys needed in this environment is by the number N × 2, where N is the number of people to distribute. In other words, 260 x 2 = 520. Therefore, the correct answer is 520.

〇：Multiple processes are using the same resources.

The system uses hard drive space (called swap space) that is reserved to expand RAM memory space. When the system fills up volatile memory space, data is written from memory to the hard drive. When a program requests access to this data, it is returned from the hard drive to memory in specific units called page frames. Accessing data stored on hard drive pages takes longer than accessing data stored in memory because it requires read/write access to the physical disk. A security issue with using virtual swap space is that two or more processes can use the same resources and corrupt or damage data.

×：Allowing cookies to remain persistent in memory

This is incorrect because virtual storage is not associated with cookies. Virtual storage uses hard drive space to extend RAM memory space. Cookies are small text files used primarily by web browsers. Cookies can contain credentials for web sites, site preferences, and shopping history. Cookies are also commonly used to maintain web server-based sessions.

×：Side-channel attacks are possible.

Side-channel attacks are incorrect because they are physical attacks. This type of attack gathers information about how a mechanism (e.g., smart card or encryption processor) works from abandoned radiation, time spent processing, power consumed to perform a task, etc. Using the information, reverse engineer the mechanism to reveal how it performs its security task. This is not related to virtual storage.

×：Two processes can perform a denial of service attack.

The biggest threat within a system where resources are shared between processes is that one process can adversely affect the resources of another process, since the operating system requires memory to be shared among all resources. This is especially true in the case of memory. It is possible for two processes to work together to perform a denial of service attack, but this is only one of the attacks that can be performed with or without the use of virtual storage.

〇：Crime Prevention by Environmental Design (CPTED)

Crime Prevention by Environmental Design (CPTED) is a method by which crime can be reduced through proper design of the physical environment. It provides guidance on appropriate facility construction and environmental elements and crime prevention. It is used to guide the physical environment to behavioral effects that reduce crime.

×：Multi-layered defense model  

The multi-layered defense model is incorrect because it is a hierarchical architecture of physical, logical, and administrative security controls. The concept is that if one layer fails, the asset is protected by other layers. Layers should be moved from the perimeter toward the asset and implemented.

×：Hiding by Ambiguity

Concealment by ambiguity is a technique of concealment secured by concealment of information and is incorrect. Basically, it is better not to consider something to be a true secret if it is logically reachable, even if it is not public.

×：Access Control

Access control is incorrect because it is guidance by the placement of doors, fences, lighting, and landscaping as people enter. It is an abstract concept and would not fit into a concrete definition that combines sociology.

〇：OCSP is a protocol developed specifically to check CRLs during the certificate validation process.

A Certificate Authority (CA) is responsible for creating certificates, maintaining and distributing them, and revoking them when necessary. Revocation is handled by the CA and the revoked certificate information is stored in a Certificate Revocation List (CRL). This is a list of all revoked certificates. This list is maintained and updated periodically. A certificate is revoked if the key owner’s private key has been compromised, if the CA has been compromised, or if the certificate is incorrect. If a certificate is revoked for any reason, the CRL is a mechanism for others to inform you of this information. The Online Certificate Status Protocol (OCSP) uses this CRL; when using CRLs, the user’s browser must examine the CRL value to the client to see if the accreditation has been revoked or the CA is constantly checking to make sure they have an updated CRL. If OCSP is implemented, it will do this automatically in the background. It performs real-time verification of the certificate and reports back to the user whether the certificate is valid, invalid, or unknown.

×：CRL was developed as a more efficient approach to OCSP.

CRLs are often incorrect because they are a cumbersome approach; OCSP is used to deal with this tediousness; OCSP does this work in the background when using CRLs; OCSP checks the CRL to see if the certificate has been revoked by Checks.

×：OCSP is a protocol for submitting revoked certificates to CRLs.

OCSP is incorrect because it does not submit revoked certificates to the CRL; the CA is responsible for certificate creation, distribution, and maintenance.

×：CRL provides real-time validation of certificates and reports to OCSP.

Incorrect because CRL does not provide real-time validation of certificates to OCSP.

〇：Conduct a risk analysis.

The first step in the procedure described, which is the first step to be taken only to deploy an effective physical security program, is to conduct a risk analysis to identify vulnerabilities and threats and to calculate the business impact of each threat. The team presents the results of the risk analysis to management to define an acceptable risk level for the physical security program. From there, the team evaluates and determines if the baseline is met by implementation. Once the team identifies its responses and implements the measures, performance is continually evaluated. These performances will be compared to the established baselines. If the baseline is maintained on an ongoing basis, the security program is successful because it does not exceed the company’s acceptable risk level.

×：Create a performance metric for the countermeasure.  

The procedure to create a countermeasure performance metric is incorrect because it is not the first step in creating a physical security program. If monitored on a performance basis, it can be used to determine how beneficial and effective the program is. It allows management to make business decisions when investing in physical security protection for the organization. The goal is to improve the performance of the physical security program, leading to a cost-effective way to reduce the company’s risk. You should establish a performance baseline and then continually evaluate performance to ensure that the firm’s protection goals are being met. Examples of possible performance metrics include: number of successful attacks, number of successful attacks, and time taken for attacks.

×：Design program.  

Designing the program is wrong because it should be done after the risk analysis. Once the level of risk is understood, then the design phase can be done to protect against the threats identified in the risk analysis. The design of deterrents, delays, detections, assessments, and responses will incorporate the necessary controls for each category of the program.

×：Implement countermeasures.  

Wrong because implementing countermeasures is one of the last steps in the process of deploying a physical security program.

〇：The security kernel implements and executes the reference monitor

The Trusted Computing Base (TCB) is a complete combination of protection mechanisms for a system. These are in the form of hardware, software, and firmware. These same components also comprise the security kernel. Reference monitors are access control concepts implemented and enforced by the security kernel via hardware, software, and firmware. In doing so, it ensures that the security kernel, the subject, has the proper permissions to access the object it is requesting. The subject, be it a program, user, or process, cannot access the requesting file, program, or resource until it is proven that it has the proper access rights.

×：The reference monitor is the core of the Trusted Computing Base (TCP), which is comprised of the security kernel.

This is incorrect because the reference monitor is not the core of the TCB. The core of the TCB is the security kernel, and the security kernel implements the concepts of the reference monitor. The reference monitor is a concept about access control. It is often referred to as an “abstract machine” because it is not a physical component.

×：The reference monitor implements and executes the security kernel.

The reference monitor does not implement and execute the security kernel, which is incorrect. On the contrary, the security kernel implements and executes the reference monitor. The reference monitor is an abstract concept, while the security kernel is a combination of hardware, software, and firmware in a trusted computing base.

×：The security kernel, i.e., the abstract machine, implements the concept of a reference monitor.

This is incorrect because abstract machine is not another name for security kernel. Abstract machine is another name for the reference monitor. This concept ensures that the abstract machine acts as an intermediary between the subject and the object, ensuring that the subject has the necessary rights to access the object it is requesting and protecting the subject from unauthorized access and modification. The security kernel functions to perform these activities.

〇：Conflict condition

A race condition is present when a process performs a task on a shared resource and the sequence could be in the wrong order. 2 or more processes can have a race condition if they use a shared resource, like data in a variable. It is important that processes perform their functions in the correct sequence.

×：Backdoors

Backdoors are incorrect because they are “listening” services on certain ports. Backdoors are implemented by attackers to allow easy access to the system without authenticating as a normal system user.

×：Maintenance Hooks

Maintenance hooks are specific software codes that allow easy and unauthorized access to sensitive parts of a software product. Software programmers use maintenance hooks to allow them to get quick access to the code so that they can make fixes in immediate, but this is dangerous.

×：Data validation errors

Data validation errors are wrong because an attacker cannot operate on the process execution sequence.

〇：The sender encrypts the message digest with his/her private key.

A digital signature is a hash value encrypted with the sender’s private key. The act of digitally signing means encrypting the hash value of the message with his/her private key. The sender would encrypt that hash value using her private key. When the recipient receives the message, she performs a hash function on the message and generates the hash value herself. She then decrypts the hash value (digital signature) sent with the sender’s public key. The receiver compares the two values and, if they are the same, can verify that the message was not altered during transmission.

×：The sender encrypts the message digest with his/her public key.

The sender is wrong because if the message encrypts the digest with his/her public key, the recipient cannot decrypt it. The recipient needs access to the sender’s private key, which must not occur. The private key must always be kept secret.

×：The receiver encrypts the message digest with his/her private key.

The receiver is wrong because the message must decrypt the digest with the sender’s public key. The message digest is encrypted with the sender’s private key, which can only be decrypted with the sender’s public key.

×：The receiver encrypts the message digest with his/her public key.

The receiver is wrong because the message must decrypt the digest with the sender’s public key. The message digest is encrypted with the sender’s private key, which can only be decrypted with the sender’s public key.

〇：Known Plaintext Attacks

A known-plaintext attack is a situation in which a decryptor can obtain plaintext indiscriminately. A ciphertext-alone attack is a situation where a decryptor can acquire ciphertext indiscriminately. A known-plaintext attack acquires the plaintext but does not know what ciphertext it is paired with, meaning that decryption is attempted with only two random ciphertexts. In this situation, it is difficult to decrypt. Therefore, the correct answer is “known-plaintext attack.

×：Selective Plaintext Attack

A choice-plaintext attack is a situation in which the decryptor can freely choose the plaintext to acquire and obtain the ciphertext.

×：Adaptive Choice Plaintext Attack

An adaptive choice-plaintext attack is a situation in which the decryptor can freely choose which plaintext to acquire and acquire the ciphertext, and can repeat the acquisition again after seeing the result.

×：None of the above

It is rare for the answer to be “none of the above” when the choice is “most of the above.

A collision is when the hash value of two different data from one hash function is the same. Hashing is one-way cryptography, which means that the original plaintext is no longer known to be one or the other.

〇：The expiration date should be set short.

Key management is critical for proper protection. Part of key management is to determine the key’s period of validity, which would be determined by the sensitivity of the data being protected. For sensitive data, periodic key changes are required and the key’s expiration date will be shortened. On the other hand, for less secure data, a key with a longer expiration date is not a problem.

×：Keys should be deposited in case of backup or emergency.

This is incorrect because it is true that keys must be deposited in the event of a backup or emergency situation. Keys are at risk of being lost, destroyed or damaged. Backup copies must be available and readily accessible when needed.

×：Keys must not be made public.

Of course. It is a key.

×：Keys should be stored and transmitted by secure means.

Wrong, since it is true that keys should be stored and transmitted by secure means. Keys are stored before and after distribution. If keys are distributed to users, they must be stored in a secure location in the file system and used in a controlled manner.

〇：CA signs certificates.

A Certificate Authority (CA) is a trusted agency (or server) that maintains digital certificates. When a certificate is requested, the Registration Authority (RA) verifies the identity of the individual and passes the certificate request to the CA The CA creates the certificate, signs it, and maintains the certificate over its lifetime.

×：RA creates the certificate and CA signs it.

Incorrect because the RA does not create the certificate; the CA creates it and signs it; the RA performs authentication and registration tasks; establishes the RA, verifies the identity of the individual requesting the certificate, initiates the authentication process to the CA on behalf of the end user, and performs certificate life cycle RAs cannot issue certificates, but can act as a broker between the user and the CA When a user needs a new certificate, they make a request to the RA and the RA goes to the CA to verify all necessary identification before granting the request The RA verifies all necessary identification information before granting the request.

×：RA signs certificates.

The RA signs the certificate, which is incorrect because the RA does not sign the certificate; the CA signs the certificate; the RA verifies the user’s identifying information and then sends the certificate request to the CA.

×：The user signs the certificate.

Incorrect because the user has not signed the certificate; in a PKI environment, the user’s certificate is created and signed by the CA. The CA is a trusted third party that generates the user certificate holding its public key.

〇：Keys are generated from a master key.

To generate a composite key, a master key is created and a symmetric key (subkey) is generated. The key derivation function generates the encryption key from the secret value. The secret value can be a master key, passphrase, or password. The key derivation function (KDF) generates a key for symmetric key ciphers from a given password.

×：Session keys are generated from each other.

Session keys are generated from each other, not from the master key, which is incorrect.

×：Asymmetric ciphers are used to encrypt symmetric keys.

It is incorrect because key encryption is not even related to the key derivation function (KDF).

×：The master key is generated from the session key.

Reverse, incorrect. Session keys are generally generated from master keys.

〇：TOGAF

The Open Group Architecture Framework (TOGAF) is a vendor-independent platform for the development and implementation of enterprise architecture. It focuses on the effective management of enterprise data using metamodels and service-oriented architectures (SOA). Proficient implementations of TOGAF aim to reduce fragmentation caused by inconsistencies between traditional IT systems and actual business processes. It also coordinates new changes and functionality so that new changes can be easily integrated into the enterprise platform.

×：Department of Defense Architecture Framework (DoDAF)

In accordance with the guidelines for the organization of the enterprise architecture of the U.S. Department of Defense systems, this is incorrect. It is also suitable for large, complex integrated systems in the military, civilian, and public sectors.

×：Capability Maturity Model Integration (CMMI) during software development.

It is inappropriate because it is a framework for the purpose of designing and further improving software. CMMI provides a standard for software development processes that can measure the maturity of the development process.

×：ISO/IEC 42010

Incorrect because it consists of recommended practices to simplify the design and conception of software-intensive system architectures. This standard provides a kind of language (terminology) to describe the different components of software architecture and how to integrate it into the development life cycle.

〇：Run an algorithm that identifies unused committed memory and informs the operating system that memory is available.

This answer describes the function of the garbage collector, not the memory manager. The garbage collector is a countermeasure against memory leaks. It is software that runs an algorithm to identify unused committed memory and tells the operating system to mark that memory as “available. Different types of garbage collectors work with different operating systems, programming languages, and algorithms.

In some cases, a four-choice question can be answered without knowing the exact answer; since there is only one correct answer in a four-choice question, the answers can be grouped together to reduce it to “since they are saying the same thing, it is not right that only one of them is correct, therefore they are both wrong.

There are two answers to the effect of controlling the process to handle memory appropriately, but if the memory manager does not have that functionality, both would be correct, and therefore can be eliminated from the choices in the first place.

×：If processes need to use the same shared memory segment, use complex controls to guarantee integrity and confidentiality.

If processes need to use the same shared memory segment, the memory manager uses complex controls to ensure integrity and confidentiality. This is important to protect memory and the data in it, since two or more processes can share access to the same segment with potentially different access rights. The memory manager also allows many users with different levels of access rights to interact with the same application running on a single memory segment.

×：Restrict processes to interact only with the memory segments allocated to them.

The memory manager is responsible for limiting the interaction of processes to only those memory segments allocated to them. This responsibility falls under the protection category and helps prevent processes from accessing segments to which they are not allowed. Another protection responsibility of the memory manager is to provide access control to memory segments.

×：Swap contents from RAM to hard drive as needed.

This is incorrect because swapping contents from RAM to hard drive as needed is the role of memory managers in the relocation category. When RAM and secondary storage are combined, they become virtual memory. The system uses the hard drive space to extend the RAM memory space. Another relocation responsibility is to provide pointers for applications when instructions and memory segments are moved to another location in main memory.

〇：The client generates a session key and encrypts it with a public key.

Transport Layer Security (TLS) uses public key cryptography to provide data encryption, server authentication, message integrity, and optionally client authentication. When a client accesses a cryptographically protected page, the web server initiates TLS and begins the process of securing subsequent communications. The server performs a three-handshake to establish a secure session. After that, client authentication with a digital certificate, as the case may be, comes in. The client then generates a session key, encrypts it with the server’s public key, and shares it. This session key is used as the symmetric key for encrypting the data to be transmitted thereafter. Thus, the correct answer is: “The client generates a session key and encrypts it with the public key.” will be

×：The server generates the session key and encrypts it with the public key.

The server does not encrypt with the public key.

×：The server generates a session key and encrypts it with the private key.

Even if encryption is performed from the server side, it can be decrypted with the public key, so it is not structurally possible.

×：The client generates a session key and encrypts it with its private key.

The client side does not have the private key.

〇：Zero Knowledge Proof

Zero Knowledge Proof means that someone can tell you something without telling you more information than you need to know. In cryptography, it means proving that you have a certain key without sharing that key or showing it to anyone. Zero knowledge proof (usually mathematical) is an interactive way for one party to prove to another that something is true without revealing anything sensitive.

×：Key Clustering

Key clustering is the phenomenon of encrypting the same plaintext with different keys, but with the same ciphertext.

×：Avoiding Birthday Attacks

An attacker can attempt to force a collision, called a birthday attack. This attack is based on the mathematical birthday paradox present in standard statistics. This is a cryptographic attack that uses probability theory to exploit the mathematics behind the birthday problem.

×：Provides data confidentiality

Provided via encryption when data is encrypted with a key, which is incorrect.

〇：A virtual firewall in bridge mode allows the firewall to monitor individual traffic links, while a firewall integrated into the hypervisor can monitor all activity taking place within the host system.

Virtual firewalls can be bridge-mode products that monitor individual communication links between virtual machines. They can also be integrated within a hypervisor in a virtual environment. The hypervisor is the software component that manages the virtual machines and monitors the execution of guest system software. When a firewall is embedded within the hypervisor, it can monitor all activities that occur within the host system.

×：A virtual firewall in bridge mode allows the firewall to monitor individual network links, while a firewall integrated into the hypervisor can monitor all activities taking place within the guest system.

A virtual firewall in bridge mode is incorrect because the firewall can monitor individual traffic links between hosts and not network links. Hypervisor integration allows the firewall to monitor all activities taking place within the guest system rather than the host system.

×：A virtual firewall in bridge mode allows the firewall to monitor individual traffic links, while a firewall integrated into the hypervisor can monitor all activities taking place within the guest system.

A virtual firewall in bridge mode is wrong because the firewall can monitor individual traffic links, and the hypervisor integration allows the firewall to monitor all activity taking place within the host system, but not the guest system. The hypervisor is the software component that manages the virtual machines and monitors the execution of the guest system software. A firewall, when embedded within the hypervisor, can monitor all activities taking place within the system.

×：A virtual firewall in bridge mode allows the firewall to monitor individual guest systems, while a firewall integrated into the hypervisor can monitor all activities taking place within the network system.

A virtual firewall in bridge mode allows the firewall to monitor individual traffic between guest systems, and a hypervisor integrated allows the firewall to monitor all activity taking place within the host system, not the network system, so Wrong.