Security Architecture and Models Flashcards Preview

CISSP + Exams > Security Architecture and Models > Flashcards

Flashcards in Security Architecture and Models Deck (137)
Loading flashcards...
1

What is it called when a computer uses more than one CPU in parallel to execute instructions?
A. Multiprocessing
B. Multitasking
C. Multithreading
D. Parallel running

Answer: A
Explanation:

2

What is the main purpose of undertaking a parallel run of a new system?

A. Resolve any errors in the program and file interfaces B. Verify that the system provides required business functionality
C. Validate the operation of the new system against its predecessor
D. Provide a backup of the old system

Answer: B
Explanation:

3

Which of the following provide network redundancy in a local network environment?
A. Mirroring
B. Shadowing
C. Dual backbones
D. Duplexing

Answer: C
Explanation:

4

A server farm is an example of:
A. Server clustering
B. Redundant servers
C. Multiple servers
D. Server fault tolerance

Answer: A
Explanation

5

In which state must a computer system operate to process input/output instructions?
A. User mode
B. Stateful inspection
C. Interprocess communication
D. Supervisor mode

Answer: D
Explanation: A computer is in a supervisory state when it is executing these privileged instructions. (privileged instructions are executed by the system administrator or by an individual who is authorized to use those instructions.) . -Ronald Krutz The CISSP PREP Guide (gold edition) pg 254-255

6

What should be the size of a Trusted Computer Base?
A. Small – in order to permit it to be implemented in all critical system components without using excessive resources.
B. Small – in order to facilitate the detailed analysis necessary to prove that it meets design requirements.
C. Large – in order to accommodate the implementation of future updates without incurring the time and expense of recertification.
D. Large – in order to enable it to protect the potentially large number of resources in a typical commercial system environment.

Answer: B
Explanation: “It must be small enough to be able to be tested and verified in a complete and comprehensive manner.” Shon Harris All-In-One CISSP Certification Guide pg. 232-233.

7

Which one of the following are examples of security and controls that would be found in a “trusted” application system?
A. Data validation and reliability
B. Correction routines and reliability
C. File integrity routines and audit trail
D. Reconciliation routines and data labels

Answer: C
Explanation: I have no specific reference for this question but the major resources hammer that there needs to be methods to check the data for correctness.

8

Which of the following is an operating system security architecture that provides flexible support for security policies?
A. OSKit
B. LOMAC
C. SE Linux
D. Flask

Answer: D
Explanation: Flask is an operating system security architecture that provides flexible support for security policies. The architecture was prototyped in the Fluke research operating system. Several of the Flask interfaces and components were then ported from the Fluke prototype to the OSKit. The Flask architecture is now being implemented in the Linux operating system (Security-Enhanced Linux) to transfer the technology to a larger developer and user community.

9

Which of the following statements pertaining to the security kernel is incorrect?
A. It is made up of mechanisms that fall under the TCB and implements and enforces the reference monitor concept.
B. It must provide isolation for the processes carrying out the reference monitor concept and they must be tamperproof
C. It must be small enough to be able to be tested and verified in a complete and comprehensive manner
D. Is an access control concept, not an actual physical component

Answer: D
Explanation:

10

What is a PRIMARY reason for designing the security kernel to be as small as possible?
A. The operating system cannot be easily penetrated by users.
B. Changes to the kernel are not required as frequently.
C. Due to its compactness, the kernel is easier to formally verify.
D. System performance and execution are enhanced.

Answer: C
Explanation: I disagree with the original answer which was B (changes to the kernel) and think it is C (Due to its compactness). However, use your best judgment based on knowledge and experience. Below is why I think it is C. "There are three main requirements of the security kernel: It must provide isolation for the processes carrying out the reference monitor concept and they must be tamperproof. The reference monitor must be invoked for every access attempt and must be impossible to circumvent. Thus the reference monitor must be implemented in a complete and foolproof way. It must be small enough to be able to be tested and verified in a complete and comprehensive manner." - Shon Harris All-in-one CISSP Certification Guide pg 232-233

11

Which of the following implements the authorized access relationship between subjects and objects of a system?
A. Security model
B. Reference kernel
C. Security kernel
D. Information flow model

Answer: C
Explanation:

12

The concept that all accesses must be meditated, protected from modification, and verifiable as correct is the concept of
A. Secure model
B. Security locking
C. Security kernel
D. Secure state

Answer: C
Explanation: A security kernel is defined as the hardware, firmware, and software elements of a trusted computing base that implements the reference monitor concept. A reference monitor is a system component that enforces access controls on an object. Therefore, the reference monitor concept is an abstract machine that mediates all access of subjects to objects. The Security Kernel must: Mediate all accesses Be protected from modification Be verified as correct. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 262

13

What is an error called that causes a system to be vulnerable because of the environment in which it is installed?
A. Configuration error
B. Environmental error
C. Access validation error
D. Exceptional condition handling error

Answer: B
Explanation:

14

Which of the following ensures that security is not breached when a system crash or other system failure occurs?
A. trusted recovery
B. hot swappable
C. redundancy
D. secure boot

Answer: A Explanation: "Trusted Recovery When an operating system or application crashes or freezes, it should not put the sytem in any time of secure state." Pg 762 Shon Harris: All-In-One CISSP Certification Exam Guide

15

What type of subsystem is an application program that operates outside the operating system and carries out functions for a group of users, maintains some common data for all users in the group, and protects the data from improper access by users in the group?
A. Prevented subsystem
B. Protected subsystem
C. File subsystem
D. Directory subsystem

Answer: B
Explanation:

16

A 'Pseudo flaw' is which of the following?
A. An apparent loophole deliberately implanted in an operating system
B. An omission when generating Pseudo-code
C. Used for testing for bounds violations in application programming
D. A Normally generated page fault causing the system halt

Answer: A
Explanation:

17

Which of the following yellow-book defined types of system recovery happens after a system fails in an uncrontrolled manner in response to a TCB or media failure and the system cannot be brought to a consistent state?
A. Recovery restart
B. System reboot
C. Emergency system restart
D. System Cold start

Answer: C
Reference: “Emergency system restart is done after a system fails in an uncontrolled manner in response to a TCB or media failure. In such cases, TCB and user objects on nonvolatile storage belonging to processes active at the time of TCB or media failure may be left in an inconsistent state. The system enters maintenance mode, recovery is performed automatically, and the system restarts with no user processes in progress after bringing up the system in a consistent state.”

18

Which one of the following describes a reference monitor?
A. Access control concept that refers to an abstract machine that mediates all accesses to objects by subjects.
B. Audit concept that refers to monitoring and recording of all accesses to objects by subjects.
C. Identification concept that refers to the comparison of material supplied by a user with its reference profile.
D. Network control concept that distributes the authorization of subject accesses to objects

Answer: A
Explanation: A reference monitor is a system component that enforces access controls on an object. Therefore, the reference monitor concept is an abstract machine that mediates all access of subjects to objects -Ronald Krutz The CISSP PREP Guide (gold edition) pg 262

19

What can best be described as an abstract machine which must mediate all access to subjects to objects?
A security domain
B. The reference monitor
C. The security kernel
D. The security perimeter

Answer: B
Reference: pg 882 Shon Harris: All-in-One CISSP Certification

20

What is the PRIMARY component of a Trusted Computer Base?
A. The computer hardware
B. The security subsystem
C. The operating system software
D. The reference monitor

Answer: D
Explanation: “The security kernel is made up of hardware, software, and firmware components that fall within the TCB and implements and enforces the reference monitor concept. The security kernel mediates all access and functions between subjects and objects. The security kernel is the core of the TCB and is the most commonly used approach to building trusted computing systems. There are three main requirements of the security kernel: • It must provide isolation for the processes carrying out the reference monitor concept, and the processes must be tamperproof. • It must be invoked for every access attempt and must be impossible to circumvent. Thus, the security kernel must be implemented in a complete and foolproof way. • It must be small enough to be able to be tested and verified in a complete and comprehensive manner. These are the requirements of the reference monitor; therefore, they are the requirements of the components that provide and enforce the reference monitor concept—the security kernel.” – Shon Harris, “CISSP All-in-One Exam Guide”, 3rd Ed, p

21

Which of the following is best defined as a mode of system termination that automatically leaves
system processes and components in a secure state when a failure occurs or is detected in the system?
A. Fail proof
B. Fail soft
C. Fail safe
D. Fail resilient

Answer: C
Explanation:

22

LOMAC uses what Access Control method to protect the integrity of processes and data?
A. Linux based EFS.
B. Low Water-Mark Mandatory Access Control.
C. Linux based NFS.
D. High Water-Mark Mandatory Access Control.

Answer: B
Explanation: LOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users and compromised root daemons. LOMAC is implemented as a loadable kernel module - no kernel recompilations or changes to existing applications are required. Although not all the planned features are currently implemented, it presently provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use.

23

On Linux, LOMAC is implemented as:
A. Virtual addresses
B. Registers
C. Kernel built in functions
D. Loadable kernel module

Answer: D
Explanation: LOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users and compromised root daemons. LOMAC is implemented as a loadable kernel module - no kernel recompilations or changes to existing applications are required. Although not all the planned features are currently implemented, it presently provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use.
"Security Kernel - The hardware, firmware, and software elements of a trusted computing base (TCB) that implements the reference monitor concept. It must mediate all accesses between subjects and objects, be protected from modification, and be verifiable as correct." - Shon Harris All-in-one CISSP Certification Guide pg 355

24

LOMAC is a security enhancement for what operating system?
A. Linux
B. Netware
C. Solaris

Answer: A
Explanation: LOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users and compromised root daemons. LOMAC is implemented as a loadable kernel module - no kernel recompilations or changes to existing applications are required. Although not all the planned features are currently implemented, it presently provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use.
ISC

25

What was introduced for circumventing difficulties in classic approaches to computer security by limiting damages produced by malicious programs?
A. Integrity-preserving
B. Reference Monitor
C. Integrity-monitoring
D. Non-Interference

Answer: B
Explanation: "reference monitor ... mediates all access subjects have to objects ... protect the objects from unauthorized access and destructive modification" , Ibid p 273 Reference monitor is part of the TCB concept
Not D: "noninterference ... is implemented to ensure that any actions that take place at a higher security level do not affect ... actions that take place at a lower level", Harris, 3rd Ed, p 290. It is part of the information flow model.

26

A feature deliberately implemented in an operating system as a trap for intruders is called a:
A. Trap door
B. Trojan horse
C. Pseudo flaw
D. Logic bomb

Answer: C
Explanation:
"An apparent loophole deliberately implanted in an operating system program as a trap for intruders." As defined by the Aqua Book NCSC-TG-004 a pseudo-flaw is an apparent loophole deliberately implanted in an operating system program as a trap for intruders. Answer from http://www.cccure.org

27

Fault tolerance countermeasures are designed to combat threats to
A. an uninterruptible power supply
B. backup and retention capability
C. design reliability
D. data integrity

Answer: C
Explanation:

28

A 'Psuedo flaw' is which of the following?
A. An apparent loophole deliberately implanted in an operating system program as a trap for intruders
B. An omission when generating Psuedo-code
C. Used for testing for bounds violations in application programming
D. A normally generated page fault causing the system to halt

Answer: A
Explanation:

29

QUESTION NO: 126
What Distributed Computing Environment (DCE) component provides a mechanism to ensure that services are made available only to properly designated parties?
A. Directory Service
B. Remote Procedure Call Service
C. Distributed File Service
D. Authentication and Control Service

Answer: A
Explanation: A directory service has a hierarchical database of users, computers, printers, resources, and attributes of each. The directory is mainly used for lookup operations, which enable users to track down resources and other users...The administrator can then develop access control, security, and auditing policies that dictate who can access these objects, how the objects can be accessed, and audit each of these actions. - Shon Harris All-in-one CISSP Certification Guide pg 436-437

30

What can be accomplished by storing on each subject a list of rights the subject has for every object?
A. Object
B. Capabilities
C. Key ring
D. Rights

Answer: B
Explanation: Capabilities are accomplished by storing on each subject a list of rights the subject has for every object. This effectively gives each user a key ring. To remove access to a particular object, every user (subject) that has access to it must be "touched". A touch is an examination of a user's rights to that object and potentially removal of rights. This brings back the problem of sweeping changes in access rights.