Secure Design Principles & Models

Question 2

What is the principle of Least Privilege according to NIST?

Answer 2

Least privilege is the principle that a security architecture should be designed so that each entity is granted the minimum system resources and authorizations that the entity needs to perform its function.

Question 3

What is the ‘Need to Know’ principle?

Answer 3

‘Need to Know’ is a critical component of modern Zero Trust initiatives and must be strictly enforced regardless of the access control model being used.

Question 4

What is Defense in Depth (DiD)?

Answer 4

DiD is a ‘Layered Defense’ approach that utilizes the principles of least privilege and is a function of ‘due care’.

Question 5

How can Defense in Depth be applied?

Answer 5

It can be applied to physical security or technical controls, and should be systematically planned and designed.

Question 6

What is a characteristic of physical security in DiD?

Answer 6

In physical security, it should be systematically planned and designed with an outward-in or inward-out approach.

Question 7

What does DiD encompass in terms of technical controls?

Answer 7

It can involve a single appliance with multiple integrated engines.

Question 8

What role does DiD play in supply chain risk management?

Answer 8

DiD is a common element of supply chain risk management (SCRM).

Question 9

What is the principle of Secure Defaults?

Answer 9

This principle states that the default configurations of a system are a restrictive and conservative enforcement of the written security policy.

Question 10

What does Secure Defaults apply to?

Answer 10

It applies to the initial configurations of a system, including the securing engineering and design of access controls.

Question 11

What strategy does Secure Defaults use?

Answer 11

It uses a ‘deny unless explicitly authorized’ strategy.

Question 12

What should ‘as shipped’ configurations not contribute to?

Answer 12

‘As shipped’ configurations of a system should not contribute to security policy violations.

Question 13

What does Secure Defaults aim to avert?

Answer 13

It aims to avert situations where systems operating in the default state require configuration by operational users.

Question 14

What is critical for enabling security defaults?

Answer 14

Automation and Infrastructure as Code (IaC) are critical enablers for security defaults.

Question 15

What does the Fail Securely principle state?

Answer 15

It contends that when a system or server fails, it should have the minimum impact possible on the system’s security or functionality.

Question 16

How do fail-secure systems react to failure?

Answer 16

Fail-secure systems react by denying access or data-in-transit in case of a failure.

Question 17

What is an example of a fail-secure system?

Answer 17

A fail-secure door lock will stay locked in an access control system if power is lost or an internal battery dies.

Example of fail-secure system.

Question 18

What is a critical requirement of secure coding?

Answer 18

Handling error security is a critical requirement of secure coding.

Question 19

What should security mechanisms allow according to OWASP?

Answer 19

Security mechanisms should be designed so that failure allows the same execution path as disallowing the operation.

Question 20

What should methods like isAuthorize() return on exception?

Answer 20

Methods such as isAuthorize(), isAuthenticated(), and validate() should all return false if there is an exception when processing.

Question 21

What is the principle of Segregation of Duties?

Answer 21

It is a principle where more than one subject is needed to complete a particular task.

Question 22

What does Segregation of Duties involve?

Answer 22

It may involve dual operator principles, where two or more subjects are needed to modify or approve.

Question 23

What is an example of dual operator principles?

Answer 23

For certain actions, two signatures or two different key pairs are required, such as for digital signatures.

Example of dual operator principles.

Question 24

What is the related principle to Segregation of Duties?

Answer 24

Rotation of duties is a related principle.

Question 25

What does rotation of duties prevent?

Answer 25

It prevents having a single point of failure by rotating people into different job roles or responsibilities.

Question 26

What is an example of rotation of duties?

Answer 26

Mandatory time off or forced vacations, where a secondary principal takes over while the primary person is gone. ## Footnote Example of rotation of duties.

Question 27

What is an example of multiple subjects in access requests?

Answer 27

One user requests access to an application, another person accepts the request, and a third person audits the access.

Question 28

What is an example of multiple subjects in vendor management?

Answer 28

One subject chooses a vendor, another negotiates the service level agreement, and a third manager monitors the vendor's ongoing performance.

Question 29

What is an example of multiple subjects in risk management?

Answer 29

One individual identifies a risk, another person analyzes it, and a third person mitigates the risk with controls.

Question 30

What is an example of multiple subjects in system acquisition?

Answer 30

One administrator requisitions the acquisition of a next-generation endpoint detection and response system (EDR), a second manager approves the purchase, and a third records the purchase in the accounting system and configuration management database.

Question 31

What is a key suggestion from AWS for keeping implementations simple?

Answer 31

Delegate complex tasks to a cloud vendor, such as a Software as a Service provider.

Question 32

How can workloads be designed to reduce blast radius?

Answer 32

By making recurrent, small, revocable modifications and using scalable, loosely coupled designs like microservices.

Question 33

What is a method to decrease operational overhead in cloud services?

Answer 33

Use managed serverless services, such as serverless functions or serverless microservices.

Question 34

What does Privacy by Design entail?

Answer 34

Privacy is integrated into technology, IT systems, services, and products to ensure data protection.

Question 35

What is the focus of the engineering process under Privacy by Design?

Answer 35

Conducting the entire engineering process with privacy in mind, safeguarding personal data as important as any other functionality.

Question 36

What does the foundation of Privacy by Design rest on?

Answer 36

Seven core principles that provide a guiding framework for integrating privacy into daily operations.

Question 37

What is the Shared Responsibility Model (SRM)?

Answer 37

SRM is a security and compliance framework that determines the accountabilities of a cloud service provider (CSP) and consumers.

Question 38

What aspects of the cloud environment does the SRM involve?

Answer 38

It involves the security of every facet of the cloud environment, including infrastructure configuration, endpoints, data, virtual operating systems (OS), virtual appliances, and network controls like firewalls and access rights.

Question 39

What is the CSP's responsibility in the SRM?

Answer 39

The CSP is directed to monitor and react to security threats of the cloud itself and its underlying infrastructure.

Question 40

What are customers responsible for in the SRM?

Answer 40

Customers, including individuals and organizations, are liable for protecting data and other assets such as functions and code they store in or on any cloud environment.

Question 41

What is Data-centric Threat Modeling?

Answer 41

Data-centric Threat Modeling focuses on defending specific types of data within systems (i.e., file, object, block).

Question 42

Why is simply following best practices for security inadequate?

Answer 42

Simply following generic 'best practices' for security is inadequate for protecting critical, high-value data.

Question 43

What does NIST SP 800-154 provide?

Answer 43

NIST SP 800-154 provides information on the basics of data-centric system threat modeling so that organizations can successfully use it as part of their risk management processes.

Question 44

What is Zero Trust?

Answer 44

Zero Trust, or Zero Implied Trust, provides a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised.

Question 45

What is Zero Trust Architecture (ZTA)?

Answer 45

Zero Trust Architecture (ZTA) is an enterprise's cybersecurity plan that uses Zero Trust concepts and encompasses component relationships, workflow planning, and attribute-based access policies.

Question 46

What constitutes a Zero Trust enterprise?

Answer 46

A Zero Trust enterprise is the network infrastructure, both physical and virtual, and operational policies that are in place for an enterprise as a product of a Zero Trust Architecture plan or initiative.

Question 47

What are the components in a Zero Trust architecture?

Answer 47

Components include a data access policy, public key infrastructure using X.509v3 certificates and TLS 1.2 or higher, identification management, a SIEM system, a CDM system, threat intelligence, and robust activity logging.

Question 48

What is a data access policy in Zero Trust architecture?

Answer 48

A data access policy defines how data can be accessed and by whom, ensuring that only authorized users can access sensitive information.

Question 49

What role does public key infrastructure play in Zero Trust?

Answer 49

Public key infrastructure using X.509v3 certificates and TLS 1.2 or higher is used for secure communications and authentication.

Question 50

What is identification management in Zero Trust?

Answer 50

Identification management is preferably passwordless and uses two-factor authentication with tokens or biometrics.

Question 51

What is a SIEM system?

Answer 51

A SIEM system is used for security information and event management, helping to detect and respond to security incidents.

Question 52

What does a CDM system do?

Answer 52

A CDM system is used for compliance and monitoring, ensuring that security policies are followed.

Question 53

What is the purpose of threat intelligence in Zero Trust?

Answer 53

Threat intelligence provides insights into potential threats, particularly in a hybrid cloud environment.

Question 54

Why is robust activity logging important in Zero Trust?

Answer 54

Robust activity logging is important for visibility into user actions and system events, aiding in security monitoring.

Question 55

What is the fundamental principle of Zero Trust?

Answer 55

Zero Trust moves away from the hardened edge, treating every component on the control plane and data plane as its own security perimeter, with no implicit or implied trust.

Question 56

What is the primary difference between SASE and traditional network architectures?

Answer 56

SASE network architecture leverages cloud security rather than a traditional hub-and-spoke design.

Question 57

What are the components of SASE?

Answer 57

The components of SASE include cloud-hosted security, Firewall-as-a-Service (FWaaS), a Security Web Gateway service, and Cloud Access Security Brokerage (CASB).

Question 58

What are the main goals of Cloud Access Security Brokerage (CASB)?

Answer 58

The three main goals of CASB are compliance, protection from data leak or data loss, and facilitating federated access or single sign-on to multiple SaaS providers.

Question 59

What kind of security does SASE utilize?

Answer 59

SASE uses the most robust transport layer security, often with a software-defined perimeter solution, controllers, and digitally signed APIs.

Question 60

What should you understand about SASE for the CISSP exam?

Answer 60

You should have a high-level understanding of SASE (Secure Access Service Edge) for the CISSP exam.

Question 61

What are Access Control Models?

Answer 61

Security models used to determine which subjects can access resource objects.

Question 62

How are Access Control Models typically implemented?

Answer 62

By enforcing integrity, confidentiality, origin authentication, and nonrepudiation controls such as digital signatures and digital certificates.

Question 63

Who determines how Access Control Models will be used?

Answer 63

The model designer or committee, which can be an individual (e.g., a domain administrator) or a committee/board.

Question 64

What is the best approach to enforce security in Access Control Models?

Answer 64

Using a multilevel or hierarchical approach.

Question 65

What is Mandatory Access Control (MAC)?

Answer 65

A strictly nondiscretionary model that secures data by assigning sensitivity or classification labels.

Question 66

What is the main advantage of MAC?

Answer 66

Access is based on a 'need to know' basis, minimizing scope creep or privilege creep.

Question 67

What model do all MAC systems evolve from?

Answer 67

The Bell-LaPadula model for confidentiality.

Question 68

What does the Bell-LaPadula model focus on?

Answer 68

Ensuring subjects with different clearances are properly authenticated before accessing objects under different classification levels.

Question 69

What type of model is Bell-LaPadula?

Answer 69

A state machine model used to control access in complex systems.

Question 70

What is the Clark-Wilson model focused on?

Answer 70

Information and data integrity.

Question 71

What are Integrity Verification Procedures (IVPs) in the Clark-Wilson model?

Answer 71

Programs or services that run periodic checks to ensure the consistency of Clinical Documentation Integrity rules.

Question 72

What are the goals of the Clark-Wilson model?

Answer 72

To prevent unauthorized modifications and ensure segregation of duties to prevent improper modifications.