1
Q
- What flaw creates buffer overflows?
a. Application executing in privileged mode
b. Inadequate memory segmentation
c. Inadequate protection ring use
d. Insufficient parameter checking
A
- The answer is D. A buffer overflow takes place when too much data is accepted as input. Programmers should implement the correct security controls to ensure that this does not take place. This means they need to perform bounds checking and parameter checking to ensure only the allowed about of data is actually accepted and processed by the system.
2
Q
- The operating system performs all except which of the following tasks?
a. Memory allocation -T
b. Input and output tasks -T
c. Resource allocation -T
d. User access to database views -F
A
- The answer is D. The operating system has a long list of responsibilities, but implementing database views is not one of them. This is the responsibility of the database management software.
3
Q
- If an operating system allows sequential use of an object without refreshing it, what security issue can arise?
a. Disclosure of residual data
b. Unauthorized access to privileged processes
c. Data leakage through covert channels
d. Compromising the execution domain
A
- The answer is A. If an object has confidential data and this data is not properly erased before another subject can access it, this left over or residual data can be accessible. This can compromise the data and system’s security by disclosing their confidential information.
4
Q
- Which of the following best describes a reference monitor?
a. A software component that monitors activity and writes security events to an audit log
b. A software component that determines if a user is authorized to perform a requested operation
c. A software component that isolates processes and separates privilege and user modes
d. A software component that works in the center protection ring and provides interfaces between trusted and un-trusted objects (Security Perimeter)
A
- The answer is B. A reference monitor is the abstract machine that holds all of the rules of access for the system. The security kernel is the active entity that enforces the reference monitor’s rules. They control the access attempts of any and all subjects; a user is just one example of a subject.
5
Q
- A security kernel contains which of the following?
a. Software, hardware and firmware (TCB)
b. Software, hardware and system design
c. Security policy, protection mechanisms and software
d. Security policy, protection mechanisms and system design
A
- The answer is A. The security kernel makes up the main component of the TCB, which is made up of software, hardware, and firmware. The security kernel performs a lot of different activities to protect the system, enforcing the reference monitor’s access rules is just one of those activities.
6
Q
- The Orange Book states that the trusted computing base should uniquely identify each user for accountability purposes and __________.
a. Require the user to perform object reuse operations.
b. Associate this identity with all auditable actions taken by that individual.
c. Associate this identity with all processes the user initiates.
d. Require that only that user have access to his specific audit information.
A
- The answer is B. Proper security implementations include tracking individuals and their actions. The users need to be identified uniquely to be able to track their individual activities. If all users logged in and authenticated to a system as ‘user001’, the system could never be able to distinguish which user actually carried out specific actions.
7
Q
- The trusted computing base (TCB) controls which of the following?
a. All trusted processes and software components
b. All trusted security policies and implementation mechanisms
c. All trusted software and design mechanisms
d. All trusted software and hardware components
A
- The answer is D. The TCB contains and controls all protection mechanisms within the system, whether they are software, hardware, or firmware.
8
Q
- What is the imaginary boundary that separates components that maintain security from components that are not security related?
a. Reference monitor
b. Security kernel
c. Security perimeter
d. Security policy
A
- The answer is C. The security perimeter is a boundary between items that are within the TCB and the ones that are not part of the TCB. It is just a mark of delineation between these two groups of items.
9
Q
- What is the best description of a security kernel from a security point of view?
a. Reference monitor
b. Resource manager
c. Memory mapper
d. Security perimeter – Leo thinks this is the best answer (if you wanted to know)
A
- The answer is A. The security kernel enforces the concept of the reference monitor and the rules outlined in the reference monitor construct. Although this chapter described the security kernel and reference monitor as two separate things, many times they are viewed as one component because they are so interrelated.
10
Q
- In secure computing systems why is there a logical form of separation used between processes?
a. Processes are contained within their own security domains so that each does not make unauthorized accesses to other objects or their resources
b. Processes are contained within their own security perimeter so that they can only access protection levels above them
c. Processes are contained within their own security perimeter so that they can only access protection levels equal to them
d. The separation is hardware and not logical in nature
A
- The answer is A. Processes are assigned their own variables and memory segments, which makes up their domain. This is done so that they do not corrupt each other data or processing activities.
11
Q
- What is the final step in authorizing a system for use in an environment?
a. Certification
b. Security evaluation and rating
c. Accreditation
d. Verification
A
- The answer is C. Certification is a technical review of a product and accreditation is management’s formal approval of the findings of the certification process.
12
Q
- What feature enables code to be executed without the usual security checks?
a. Ring 0
b. Maintenance hook
c. Timing channel
d. Ready state
A
- The answer is B. Maintenance hooks get around the system or application’s security and access control checks by allowing who ever knows the key sequence to access the application and most likely its code. Maintenance hooks should be removed from any code before it gets into production.
13
Q
- If a component fails, a security system should be designed to do which of the following?
a. Change to a protected execution domain
b. Change to a problem state
c. Change to a more secure state (AKA, Fail Safe/Secure)
d. Release all data held in volatile memory
A
- The answer is C. The state machine model dictates that a system should start up securely, conduct transitions securely, and even fail securely. This means that if the system encounters something it deems as unsafe, it should change to a more secure state for self-preservation and protection.
14
Q
- What advantage does firmware have over software?
a. It is difficult to modify without physical access.
b. It requires a smaller memory segment.
c. It does not need to enforce the security policy.
d. It is easier to reprogram.
A
- The answer is A. Firmware is some type of software that is held in a ROM or EROM chip. It is usually used to allow the computer to be able to communicate with some type of peripheral device. The system’s BIOS instructions are also held in firmware on the motherboard. In most situations firmware cannot be modified unless someone has physical access to the system. This is different than other types of software that may be modified remotely.
15
Q
- Which is the first level that requires classification labeling of data?
a. B3
b. B2
c. B1
d. C2
A
- The answer is C. These assurance ratings are from the Orange Book. B levels and on up require security labels to be used, but the question asks which is the first level to require this. B1 comes before B2 and B3, thus it is the correct answer.
16
Q
- The Information Technology Security Evaluation Criteria was developed for which of the following?
a. International use
b. U.S. use
c. European use
d. Global use
A
- The answer is C. In ITSEC the ‘I’ does not stand for international, instead it stands for information. This is a criterion that was developed to be used by European countries to evaluate and rate their security products.
17
Q
- What characteristic is used with classifications and clearances to ensure that users do not have unrestricted access to sensitive data?
a. *-property rule
b. Simple security rule
c. Need-to-know
d. TCB
A
- The answer is C. A system that enforces need-to-know does not allow subjects to access objects unless they have been granted the formal approval, which is based on a need-to-know. This question is targeting MAC based systems that would use security labels, clearances, and classifications also in its access criteria.
18
Q
- Which model deals only with confidentiality?
a. Bell-LaPadula
b. Clark-Wilson
c. Biba
d. Reference monitor
A
- The answer is A. The Bell-LaPadula model was developed for the U.S. government with the main goal of keeping sensitive data unreachable to those who were not authorized to access and view it. This model was the first mathematical model of a multi-level security policy used to define the concept of a security state, modes of access, and outlines rules of access. The Biba and Clark-Wilson do not deal with confidentiality, but with integrity instead.
19
Q
- When is security of a system most effective and economical?
a. If it is designed and implemented from the beginning of the development of the system
b. If it is designed and implemented as a secure and trusted front-end
c. It if is customized to fight specific types of attacks
d. If the system is optimized before security is added
A
- The answer is A. It is difficult to add useful and effective security at the end of developing a product or added security as a front-end to an existing product because it usually breaks some type of necessary functionality. Adding security at the end of a project is usually more expensive because it will break items and the team will need to go back to the drawing board and redesign and recode portions of the product.
20
Q
- What type of attack is taking place when a higher-level subject writes data to a storage area and a lower level subject reads it?
a. TOC/TOU
b. Covert storage attack
c. Covert timing attack
d. Buffer overflow
A
- The answer is B. A covert channel is being used when something is using a resource for communication purposes and that is not the reason this resource was created. A process can write to some type of shared media or storage place that another process will be able to access. The first process writes to this media and the second process reads it. This action goes against the security policy of the system.
21
Q
- What type of rating does Common Criteria give to products?
a. PP
b. EPL
c. EAL
d. A-D
A
- The answer is C. The Common Criteria uses a different assurance rating system than the previously used systems. It has packages of specifications that must be met for a product to obtain the corresponding rating. These ratings and packages are called Evaluation Assurance Levels (EALs). Once a product achieves any type of rating, customers can view this information on an Evaluated Products List (EPL).
22
Q
- Which best describes the *-integrity axiom?
a. No write up in the Biba model
b. No read down in the Biba model
c. No write down in the Bell-LaPadula model
d. No read up in the Bell-LaPadula model
A
- The answer is A. The *-integrity axiom (or star integrity axiom) indicates that a subject of a lower integrity level cannot write to an object of a higher integrity level. This rule is put into place to protect the integrity of the data that resides at the higher level.
23
Q
- Which best describes the simple security rule?
a. No write up in the Biba model
b. No read down in the Biba model
c. No write down in the Bell-LaPadula model
d. No read up in the Bell-LaPadula model
A
- The answer is D. The simple security rule is implemented to ensure that any subject at a lower security level cannot view data that resides at a higher level. The reason this type of rule is put into place is to protect the confidentiality of the data that resides at the higher level. This rule is used in the Bell-LaPadula model.
24
Q
- Which of the following was the first mathematical model of a multi-level security policy used to define the concept of a security state, modes of access and outlines rules of access?
a. Biba
b. Bell-LaPadula
c. Clark-Wilson
d. State machine
A
- The answer is B. This is a formal definition of the Bell-LaPadula model, which was
created and implemented to protect government and military confidential information.
25
25. Operating system that provides multi-level security and mandatory access control are based off of which model?
a. Brewer-Nash
b. Biba
c. Clark-Wilson
d. Bell-LaPadula
25. The answer is D. The Bell-LaPadula security model was the first mathematical state
machine model that provided multi-level security systems. The model was developed
because the US DoD had concerns about the systems it was depending upon to keep
its military secrets and confidential information. Bell-LaPadula is a confidentiality
model and does not address integrity.
26
26. Which security model incorporates the "no write up" and "no read down" rules?
a. Biba
b. Bell-LaPadula
c. Information flow
d. Clark-Wilson
26. The answer is A. The Biba model focuses on protecting the integrity of the data rather than confidentiality, as in the Bell-LaPadula model. The "no write up" rule ensures that a subject at a lower level of integrity cannot corrupt or negatively affect the higher integrity object. The "no read down" rule ensures that the higher integrity level subject cannot degrade its integrity by obtaining data from an object of lower integrity.
27
27. Common Criteria uses which of the following to describe specific security solution needs?
a. EPL
b. EAP
c. Protection profiles
d. Security targets
27. The answer is C. Protection profiles outlines a specific security solution that is needed to fulfill a specific requirement. Many different types of people and organizations can write a protection profile explaining what they need in a product. A vendor may choose to build a product to meet the need described in a particular protection profile.
28
29. The Clark-Wilson security model achieves what primary goals?
a. Protects integrity by preventing objects from reading down
b. Protects the confidentiality of data
c. Enforces a "no write up rule"
d. Protects integrity by preventing unauthorized users from making changes and authorized users from making improper changes
29. The answer is D. The Clark-Wilson model is an integrity model that addresses all three integrity rules, Biba only addresses the first rule. It ensures that subjects can only access objects through a program (access triple), enforces separation of duties, and requires auditing.
29
32. What type of attack would alter a configuration file after the system looked to see if it had that specific file?
a. Covert channel
b. Backdoor
c. Fraggle
d. TOC/TOU
32. The answer is D. Time-of-check versus time-of-use (TOC/TOU) attacks take advantage of timing differences between when a system checks for files and when it actually executes the files. It is an asynchronous attack.
30
33. The concept that dictates that once an object is used; it must be stripped of all of its data remnants is called?
a. Layering
b. Object reuse
c. Multiuse
d. Polymorphism
33. The answer is B. Object reuse means that a different subject will use the same media. If it contains sensitive information, that data should be properly erased before another subject can have access to it.
CISSP
flashcards
Decks in class (3)
# Cards
