Wondershare EdrawMind
MindMap Gallery CISSP Study Notes-Domain 3 (Security Architecture and Engineering)
- 21
CISSP Study Notes-Domain 3 (Security Architecture and Engineering)
This is a mind map about CISSP study notes - Domain 3 (security architecture and engineering). The main content includes: key exercises and knowledge points.
Edited at 2024-03-18 19:40:25
- cáncer de pulmón
El cáncer de pulmón es un tumor maligno que se origina en la mucosa bronquial o las glándulas de los pulmones. Es uno de los tumores malignos con mayor morbilidad y mortalidad y mayor amenaza para la salud y la vida humana.
- diabetes
La diabetes es una enfermedad crónica con hiperglucemia como signo principal. Es causada principalmente por una disminución en la secreción de insulina causada por una disfunción de las células de los islotes pancreáticos, o porque el cuerpo es insensible a la acción de la insulina (es decir, resistencia a la insulina), o ambas cosas. la glucosa en la sangre es ineficaz para ser utilizada y almacenada.
- sistema digestivo
El sistema digestivo es uno de los nueve sistemas principales del cuerpo humano y es el principal responsable de la ingesta, digestión, absorción y excreción de los alimentos. Consta de dos partes principales: el tracto digestivo y las glándulas digestivas.
CISSP Study Notes-Domain 3 (Security Architecture and Engineering)
- cáncer de pulmón
El cáncer de pulmón es un tumor maligno que se origina en la mucosa bronquial o las glándulas de los pulmones. Es uno de los tumores malignos con mayor morbilidad y mortalidad y mayor amenaza para la salud y la vida humana.
- diabetes
La diabetes es una enfermedad crónica con hiperglucemia como signo principal. Es causada principalmente por una disminución en la secreción de insulina causada por una disfunción de las células de los islotes pancreáticos, o porque el cuerpo es insensible a la acción de la insulina (es decir, resistencia a la insulina), o ambas cosas. la glucosa en la sangre es ineficaz para ser utilizada y almacenada.
- sistema digestivo
El sistema digestivo es uno de los nueve sistemas principales del cuerpo humano y es el principal responsable de la ingesta, digestión, absorción y excreción de los alimentos. Consta de dos partes principales: el tracto digestivo y las glándulas digestivas.
- Recommended to you
- Outline
CISSP Study Notes-Domain 3 (Security Architecture and Engineering)
Knowledge points
3.1. Use safety design principles to research, implement and manage engineering processes
3.1.1. Security Architecture and Engineering Overview
3.1.0.1 Security Architecture and Engineering Overview
•Security Architecture: The organization and design of components, processes, services, and controls designed to reduce the security risks associated with a system to an acceptable level
•Security Engineering: Implementation of security architecture design
3.1.0.2 System and application development process
design
develop
test
implement
maintain
Retired
3.1.0.3 Security design principles
The principles of general security architecture are based on the basic requirements outlined in James Anderson's "Computer Security Technology Planning Research"
•Security functions need to be implemented in a way that prevents them from being bypassed, circumvented or tampered with.
•Safety functions need to be activated and called when necessary to implement safety controls.
•Safety features need to be as small as possible so that defects are more likely to be discovered.
3.1.0.4 ISO/IEC 19249
3.1.0.4.1 Architectural principles
•Domain Isolation: Reduce the attack surface and improve security through logical separation. like:
•Layering: Divide functional levels to reduce complexity and improve maintainability.
•Encapsulation: Use explicit interfaces for communication, simplifying systems and enhancing security.
•Redundancy: Replicate critical components to increase availability and fault tolerance.
•Virtualization: Create an independent virtual environment to improve resource utilization and security.
3.1.0.4.2 Design principles
1Least privilege: Grant only the minimum permissions required to complete the task, reducing security risks.
2. Minimize the attack surface: reduce potential attack points by hardening the system and removing unnecessary components.
3. Centralized parameter verification: Comprehensive verification of user input to ensure data security.
4. Centralized security management services: Integrate commonly used security functions at once to ensure that security controls are reviewed and tested.
•Centralized access control server
•Centralized encryption processing
•Security Information and Event Management (SIEM)
•Security Orchestration, Automation and Response (SOAR)
5. Prepare for error and exception handling: Avoid leaking sensitive information and keep your system secure.
3.1.2. Least privileges
The principle of least privilege states: Each program, service, or person is granted exactly the access and rights they need to do their job, and is used only when necessary.
3.1.3. Defense in depth
Defense in depth is the coordinated use of multiple security controls in a layered manner. By using a combination of security controls, the probability of penetration and destruction is reduced.
In the figure below, an attacker must pass through several different types of protection mechanisms to gain access:
Layers of defense do not have to be technical; a well-designed security architecture takes into account the interplay of physical, technical and logical controls.
3.1.4 Safe Defaults
Security defaults are the security configurations and functions preset in the system or application design. It is designed to ensure that the system has high security in its initial state. By implementing secure defaults you can help: reduce security vulnerabilities, improve user-friendliness and reduce maintenance costs.
During the implementation process, a trade-off needs to be made between security and usability, ensuring that the system is easy to customize and use, while providing security guidance to help users correctly configure and use the system to meet the needs and risk appetite of the enterprise.
3.1.5. Threat modeling
Threat modeling is the process by which potential security threats and vulnerabilities are identified and mitigation measures are prioritized. Three commonly used models: STRIDE, DREAD and PASTA
3.1.6. Fail safely
3.1.6.1 Fail-open
When an exception occurs, the system still allows access, ensuring that critical information can still be accessed in the event of system errors or exceptions.
Applicable scenarios include personnel safety, such as opening exit doors to ensure personnel escape during a fire.
3.1.6.2 Fail-secure
As opposed to fail-open, a fail-safe system blocks access under abnormal circumstances, prioritizing security over availability. For example, a firewall that loses power unexpectedly may block all traffic when restarted until the administrator verifies its security configuration. Fail-Safely Proves a Totally Safe Configuration. Fail-Safely Proves a Totally Safe Configuration. Fail-safely called f a i l - s a f e or f a i l - c l o s e d .
Summarize the most appropriate safe failure strategy according to different scenarios. Normally, it is better to design the system in a fail-safe state: but when personnel safety is involved, a fail-open strategy should be considered.
3.1.7. Separation of Duties (SoD)
Separation of Duties (SoD) is a security principle used to ensure that critical tasks and sensitive operations are distributed among multiple employees within an organization, thereby reducing the risk of internal fraud and data leakage. The core idea of this principle is to increase the difficulty of committing crimes and the likelihood of detecting wrongdoing by decentralizing authority and responsibility.
For example: In a bank, a teller has access to large sums of money, but the actual transfer or withdrawal of funds requires a supervisor's signature. This way, individuals cannot individually transfer funds to their own accounts or withdraw large amounts for others without approval.
3.1.8.Keep it simple
Complexity is the enemy of security, which means architecture and engineering should be kept as simple as possible. The more complex a system or mechanism is, the more likely it is to have inherent weaknesses that go undetected, or to have security mechanisms that can be circumvented. Conversely, the simpler and smaller the system, the easier it is to design, evaluate, and test.
3.1.9. Zero Trust
Zero Trust is a security model based on the premise that an organization should not automatically trust anything in its environment
-Instead, they must verify anything connected to their system before allowing access.
Core principles of the zero trust model:
•Always Verity: Verify and authorize each access request based on context before allowing access.
•Use Least Privilege Access (Least Privilege Access): Assign the minimum privileges required for the specific access required on a Just-In-Time (J1T) basis.
•Assume Breach: Don’t trust the devices on your organization’s network and assume the worst
(i.e. you have been breached) and minimize the radius of impact to prevent further damage.
3.1.10. Privacy by design
Seven basic principles of Privacy by Design (PbD):
1. Proactive and preventive: Take proactive and preventive measures rather than reactive and remedial measures.
2. Privacy as default: Personal data is automatically protected in all I systems and business processes, with no additional action required.
3. Privacy integrated into design: Consider privacy, such as encryption and authentication mechanisms, during the design phase rather than adding them after development is completed.
4-Full functionality, positive sum, non-zero sum: Achieve privacy and security simultaneously, both are important.
5 End-to-end security - full life cycle protection: data is securely protected during creation, management and destruction.
6. Visibility and transparency - remain open: Follow Xiang's "trust but verify" principle to ensure visibility and transparency of privacy policies.
7. Respect user privacy - user-centered: Always pay attention to and respect the privacy needs of users during the design and implementation process.
3.1.11. Trust but verify
Trust but verify is an information security strategy that requires authentication and verification before granting access, but due to changes in the current threat environment, many experts recommend a zero-trust model, in which all access requests are verified without automatically trusting the inside of the network entity.
Note to each: The concept of “trust, but verify” can be applied when working with third parties or when conducting audits.
3.1.12. Shared responsibility
The Shared Responsibility Model is a cloud security framework that clarifies the responsibilities of cloud service providers (CSPs) and customers in protecting cloud systems and data. For example, the customer is responsible for managing access controls, while the CSP is responsible for providing physical and technical security. These responsibilities are formally agreed upon and documented in an agreement or contract.
3.2. Understand the basic concepts of security models
3.2.1. System status and processing mode
A security model is a structured representation of security requirements that guides the design of a security architecture. Different security models emphasize different goals, such as military and government focusing on confidentiality, while commercial systems focus on data integrity.
3.2.1.1 Finite State Machine (FSM)
It is a computational model used to represent the states of a system and the transitions between states. Finite state machines can help us understand and analyze the behavior of a system under different conditions, ensuring that the system can operate safely in all possible states. In this model, evaluating the confidentiality-integrity-availability properties of each state ensures that the system operates in a secure manner.
3.2.1.2. Grid (lattice)
This is an access control model that implements access control by defining a set of security levels, partial ordering relationships, and assigning security levels to subjects and objects. The grid model protects sensitive information by determining access rules based on the relationship between the security levels of subjects and objects.
3.2.1.3. Information flow model
This is an access control model that focuses on the flow of information. The information flow model assigns security classifications to objects and controls the flow direction or type of these objects through security policies. This model helps prevent sensitive information from leaking or
Unauthorized access. Common ones include: Bell-LaPadula confidentiality model, Biba integrity model
3.2.1.4 Non-involvement model
This is a security model that emphasizes the isolation between objects and subjects within the system. The hands-off model ensures that higher security level activities do not impact lower security level activities, thereby preventing potential information leaks and security threats.
3.2.2. Bell-lapadula (BLP) model
Scenario: In a real-world scenario, an intelligence officer in the military has "Secret" clearance, a classification between "Secret" and "Top Secret."
The Bell-LaPadula (BLP) model is a lattice security model that focuses on confidentiality and includes the following three core properties:
•Simple security attribute (No Read Up, do not read up)
Prevents principals from reading higher security level objects. Under simple security attribute rules, the officer can only read secret and classified material.
•Security attribute (No Write Down, do not write down)
Prevents subject-specific information from being written to objects with lower security levels. Under the "attribute" rule, the officer cannot
•Confidential” level (lower level) objects are written to.
•Discretionary attribute
Subjects are allowed to perform operations on objects within the scope allowed by the access matrix. For example, officials from different departments may have different access rights in their respective areas.
3.2.3.Biba integrity model
The Biba model is an integrity model and a lattice-based model that ensures that data is not modified by unauthorized users or processes. It specifies the following two properties:
•Simple integrity attribute (No Read Down, do not read down)
A principal cannot read data from an object with a lower integrity level. The purpose of this rule is to ensure that data at higher integrity levels is not affected by untrusted data from lower level sources. In other words, this prevents the mixing of data between different integrity levels, ensuring that higher-level data is always reliable.
•Integrity attribute (No Write Up, do not write up)
A principal cannot write data to an object with a higher integrity level. The purpose of this rule is to prevent subjects with a lower integrity level from tampering with or destroying data with a higher integrity level. This ensures that only subjects with the corresponding integrity level can modify data at that level.
3.2.4. Clark-Wilson model
The Clark-Wison model is an integrity model in business applications that restricts subjects from directly accessing objects by implementing a restrictive interface. The model contains the following key components:
•Restricted Data Item (CDI): A key data type in the model that needs to maintain data integrity.
• Unconstrained Data Item (UDI): Data other than CDI, typically system input.
•Integrity Verification Procedures (IVPs): Procedures that ensure all CDI is valid.
•Translation Programs (TPs): Programs that enforce system integrity policies and maintain CDI integrity.
In the Clark-Wison model, UD1 is converted into CDl through IVPs. CD1 cannot be modified directly, but must go through TPs to make changes. Ensure data integrity and reliability.
3.2.5.Brewer-Nash model
The Brewer-Nash model is designed to implement an ethical wall security strategy to prevent potential conflicts of interest and insider trading. This model was formerly known as the "Chinese Wall. model, but has been deprecated in favor of the "moral wall" or "cone of silence"
3.2.6. Take-Grant Model
The gift model is a formal security model that describes the transfer of permissions between entities (subjects or objects). In this model, there are four basic operations:
1. Take: Allow one subject to obtain the permissions of another entity.
2.Grant
: Allows one subject to grant permissions to another entity.
3. Create: Allows a subject to create a new object.
4. Remove: Allows a subject to cancel or delete its permissions on an object.
3.3. Select control measures based on system security requirements
3.3.1. Select control measures based on system security requirements
1. Analyze security requirements:
•Regulatory and compliance requirement analysis (such as HIPAA, PCI-DSS, FISMA, national privacy legislation (GDPR, etc.), SOC audit)
•Threat analysis (refer to chapter 1.11.1)
•Risk assessment (refer to section 1.10)
2. Select and implement security controls:
Select a security framework based on regulatory or organizational security governance requirements and implement controls appropriate to address identified risks.
Follow PDCA:
•Plan: considers controls and how they will be implemented to suit specific situations
•Execution (Do): Implement control
•Check: Evaluate the effectiveness of controls
•Action: Close gaps and deficiencies
3. Regularly review and adjust security controls:
Reexamination due to special events:
Security incident or vulnerability
Significant changes in organizational structure or personnel
New or retired products or services
New or significantly changed threats or threat actors
Significant changes to information systems or infrastructure
Significant changes in the type of information being processed
Significant changes to security governance, risk management frameworks or policies
Broad social, economic or political changes (such as COVID-19)
Follow a periodic and event-oriented process to evaluate the suitability and effectiveness of controls
As security frameworks are updated, organizations need to consider these changes and make appropriate adjustments
3.4. Understand the security capabilities of information systems (1S)
3.4.1. System security capabilities
3.4.1.1 Memory protection
1 One of the basic security controls of the operating system is memory protection. If a program attempts to reference a memory address that it is not allowed to access, the system will block the access, stop the program, and transfer control to the operating system. See
2. Two protective measures for the operating system:
1) Dual-mode operation of the processor: privileged (or kernel) mode and non-privileged (or user) mode.
2) Address Space Layout Randomization (ASLR): attempts to mitigate the risk of predictable memory address locations.
3. Related vulnerabilities; Specter, Meltdown
Summary: Proper memory protection relies on both the correct operation of the hardware and the correct design of the operating system. The system uses low-level memory protection hardware to prevent programs from accessing memory to which they are not granted access.
3.4.1.2 Secure Cryptoprocessor
1 A secure cryptographic processor is a hardware module that is resistant to hardware tampering and has a limited interface that makes it easier to verify the integrity and secure operation of the (limited) code running on the cryptographic processor.
2. Some real-life secure encryption processors:
1) Proprietary, such as iPhone’s Secure Enclave
2) Open standards, such as TPM specified in ISO/EC 11889
3.4.1.3 Trusted Platform Module (TPMS)
The TPM is implemented as a hardware component installed on the motherboard of the computing device. Typically it is implemented as a computer chip to perform various security functions, providing secure storage and cryptographic services specified by ISO/EC 11889.
3.4.1.4 Hardware Security Module (HSM)
A Hardware Security Module (HSM) is functionally almost identical to a TPM. The difference is that the TPM is implemented as a chip on the motherboard of a computing device, while the HSM is a foreign device that is generally connected directly to a computer or computer in the form of an expansion card or external device. Network Server.
Common use cases: In certificate authorities (CAs), they are used to protect root private keys; in payment processors, they are used to protect symmetric encryption keys used to protect cardholder data.
3.5. Assess and mitigate vulnerabilities of security architecture, design and solution elements
3.5.1. Client system
Client vulnerability classification:
•Unsafe operation or configuration of the client
• Store temporary data on client systems in an insecure manner
••Running unsafe software versions (e.g. outdated or unpatched)
Potential vulnerabilities in client-server communication:
Server identity not verified
Data received from the server is not validated or filtered
Data exchanged with the server is not protected from eavesdropping
Tampering of data exchanged with the server is not detected
- Failure to verify commands or code received from the server before executing or taking action based on information received from the server
solution:
•Assess operating systems and applications for unpatched software or insecure configurations
•Use recognized security protocols (such as TLS) to verify server identity and prevent eavesdropping and tampering with data communicated with the server
•Use appropriate encoding techniques to ensure that data or commands received from the server are valid and consistent
•Use digital signatures to verify executable code received from the server
Other measures:
•Incorporate client-referenced components into vulnerability management procedures
• Take appropriate measures based on risk assessment and threat modeling such as firewalls, physical security controls, full disk encryption
. Use secure software development processes when developing applications (see Domain 8)
3.5.2. Server system
3.5.2.1 Server-side security practices
•Authenticate client and user identities
• Validate all input and protect against DoS attacks
•Implement vulnerability management procedures
•Adopt secure software development processes and the principle of least privilege
•Coping with threats to the server itself (physical, environmental, communications infrastructure).
3.5.2.2 Server hardening guide
Refer to hardening recommendations from industry organizations such as CIS and NIST
Install updates and patches
Remove or lock unnecessary default accounts
Change authentication account password
Enable only required services, protocols, daemons, etc.
Enable logging and auditing
Each server implements only one main function
Adjust default system, file system, service, and network configurations as needed
3.5.3. Database system
3.5.3.1 Security control measures of database system
The database server is a special case of the server system. The security control measures of the server system mentioned in the previous section are also applicable to the network-accessible database.
3.5.3.2 Common database attacks
•Aggregation attack: The process of obtaining sensitive information by aggregating multiple less sensitive data fragments.
•Inference attack: The process of obtaining sensitive information through logical deduction from known facts.
3.5.3.3 Database encryption method
•Full Disk Encryption (FDE): Protects all data on storage media from physical theft or loss.
•Filesystem-level encryption: Encryption is performed at the filesystem level and applies to volumes, directories, or files.
•Transparent Data Encryption (TDE): Data is clear text in the application and cipher text in the database.
• Cell Level Encryption (CLE): Encrypts cells or columns in database information and decrypts them only on request.
Application-level encryption: The business logic or application layer encrypts and decrypts data, providing protection even if database access is compromised.
3.5.3.4 Factors to consider when choosing a database encryption method
•Performance: Encryption/decryption operations may impact performance.
• Backups: Make sure backups of encrypted data are also secure.
-Compression: Encrypting data may affect the compression effect.
3.5.4. Encryption system
3.5.4.1 Ways to crack encryption systems
1. Exploiting weaknesses in algorithms and protocols:
•Cryptography is difficult and even experts can make mistakes
•The attack surface includes algorithms, people, processes and technologies implementing cryptographic protection
•Over time, computing power, mathematical breakthroughs, and other methodological improvements made cryptanalysis more effective
2. Exploiting weaknesses in execution
•Using outdated algorithms or untested ciphers
•Use industry-standard and tested algorithms and avoid inventing or implementing your own algorithms
3. Exploiting key management vulnerabilities
•Keys should not be reused and should be replaced regularly
•The validity of symmetric keys and private keys depends on confidentiality
•Internal threats, such as disgruntled internal employees, may use dual control or job separation
3.5.4.2 Detect and mitigate cryptographic system vulnerabilities:
•Conduct peer review of encryption systems
••Receive a qualified third-party assessment
•Taking corrective action for defects
3.5.5. Industrial Control Systems (ICS)
Industrial control system (1CS) is a computer management equipment that controls industrial processes and machines, covering a series of control systems and related sensors.
3.5.5.1 Composition of ICS
•Distributed Control System (DCS)
An automated control system typically used to monitor and manage equipment in a continuous production process.
•Programmable Logic Controller (PLC)
It is a special type of computer mainly used to control equipment in industrial processes.
•Supervisory Control and Data Acquisition (SCADA)
Responsible for monitoring and collecting data in industrial processes so that operators can understand the status of the production process in real time.
3.5.5.2 1CS security issues
. Poor security and vulnerable to attacks
•Patching may be difficult or impossible
3.5.5.3 ICS security controls
•Keep only the most basic code required to perform core functionality
•Isolated network
•Restrict physical and logical access
•Record all activities
3.5.6. Cloud-based systems
3.5.6.1 Cloud computing concept
Cloud computing provides a way to access shared, configurable computing resources (such as networks, servers, storage, applications, and services) over a network, making it ubiquitous, convenient, and on-demand. The main challenge of cloud computing is the risk of data security and management.
3.5.6.2 Cloud service model
•Saas: software as a service, responsible for Data
•Paas: Platform as a Service, responsible for APP and Data
•Iaas: Infrastructure as a Service, responsible for OS, APP, Data
3.5.6.3 Deployment model of cloud services
•Public cloud: available to any customer
•Private cloud: for single customer use only
• Community Cloud: Exclusively used by a small group of customers with similar interests or requirements
•Hybrid Cloud: A combination of two or more of the above deployment models
3.5.6.4 Shared responsibilities in cloud service models
•The cloud service provider is fully responsible for:
physical security
environment safety
-Hardware (i.e., servers and storage devices).
-Network (i.e. cables, switches, routers, firewalls, and internet connections)
•Cloud service providers and customers share the following responsibilities:
Vulnerability and patch management
Configuration management
training
3.5.6.5 Cloud data security measures
Data stored on the cloud and in transit is encrypted using local keys and protected. Confidentiality is ensured using cryptographic erasure methods for data and key deletion.
3.5.7. Distributed systems
3.5.7.1 Distributed systems
A distributed system is a collection of subsystems, possibly geographically distributed and interconnected in some way, with a much larger attack surface than a single system. Distributed systems are built to achieve a number of goals, including: dependency, performance, and scalability.
3.5.7.2 Risks of distributed systems
•Communication security
Since the subsystems of a distributed system need to communicate through the network, it is necessary to ensure that the data in the communication process
•Authentication and access control
Data confidentiality, integrity and availability. This requires encryption and authentication of the communication channel.
In a distributed system, it is very important to ensure that only legitimate users and devices can access relevant resources. Need to be real
•System and software consistency
Implement strong authentication and access control mechanisms to prevent unauthorized access.
Each subsystem in today's distributed system may use different systems, middleware and other software, which may lead to different versions and patch levels of risk. Luo Tang ensures that systems and software remain consistent throughout the distributed environment.
•Prevent Denial of Service (DoS) attacks
Distributed systems may be at risk of DoS attacks
•Data privacy and compliance
Prevent data leakage and illegal transmission according to sovereign requirements.
•Maintenance and management
Distributed systems require continuous monitoring, maintenance, and updates of various subsystems. This includes timely patching, configuration management and security auditing.
•Consistency and fault tolerance
Distributed systems may face delays or interruptions in communication between subsystems. Fault tolerance mechanisms need to be designed to ensure that the system can continue to operate and maintain consistency in the event of communication interruptions or other failures.
3.5.8. Internet of Things (loT)
The Internet of Things (IoT) describes a network of physical objects embedded with technologies such as sensors and software that enable them to connect and exchange data with other devices over the Internet. Including: household appliances, medical equipment, smart home equipment, etc.
3.5.8.1 Security issues of 1oT devices
Security issues that need to be considered for IoT devices are often related to authentication and encryption technologies, such as some exposed cameras. Major security issues include:
Authentication and encryption
Software and firmware updates
network isolation
3.5.8.2 IoT security measures
•Deploy a separate network for IoT devices that remains separate and isolated from the main network
•Ensure vendors provide the ability to automatically update their software and firmware
3.5.8.3 IoT-related attacks
Mirai Botnet: Exploiting Millions of Insecure IoT Devices for Distributed Denial of Service (DDoS) Attacks
3.5.9.Microservices
Microservices architecture is a modular software development style that involves developing a single application into a loosely coupled collection of smaller applications or services (microservices), each running its own process. Microservices are built to be independently deployable and work together through lightweight communication protocols.
3.5.9.1 Microservice security principles
•isolation:
Each microservice must be able to be deployed, modified, maintained, and destroyed without affecting other surrounding microservices
•Defense in depth:
1) Implement multiple layers of security controls throughout the application or system
2) It is critical to independently monitor and protect each microservice and the communication between each service in the entire environment
3.5.9.2 Microservice API security
The most vulnerable part of the microservices architecture is the API used to communicate with the microservices. When protecting your service architecture, ensuring API security is critical.
3.5.10. Containerization
Containerization (such as Docker) is a further development of virtualization technology. Containers provide a lightweight way to package an entire application, making it portable so that it can be easily moved across different hardware platforms. The main advantage of containers is that they do not require Make your own media system, but use the main operating system.
3.5.10.1 Container security practices
•Use signed base images from trusted sources.
•Follow strict configuration management practices when adding applications or other components to images.
•Vulnerability scanning and patching of all container images.
•Implement appropriate access controls, such as role-based access controls, on all container images.
• Ensure the security of the host operating system running the container.
•Limit communication between containers and follow the principle of least privilege.
Containerization requires strict isolation to ensure that containers cannot access data or resources assigned to other containers. As long as isolation is maintained, containers are a highly secure, lightweight option for virtualized computing. Container orchestration and management tools such as Kubernetes can enforce network controls and restrict communication paths.
3.5.11. Serverless mode
Serverless computing is a cloud computing model in which a cloud provider manages servers and dynamically allocates machine resources as needed. In serverless computing, the task of managing the infrastructure. Things like provisioning and patching are handled by the cloud provider, leaving the customer primarily at the expense of writing code that executes on those servers. AWS Lambda, AzureFunctions, and Google Cloud Functions are popular serverless frameworks offered by public cloud providers.
With serverless architecture, the customer's responsibility for security is significantly reduced and largely shifted to the cloud provider (CSP), who is responsible for all operating system hardening, patching and runtime security.
3.5.12. Embedded Systems
The Internet of Things is bringing grid technology to many industrial, mechanical, home and transportation systems. We often refer to the technical part of an IoT device as an embedded system because it is a complete, dedicated information processing component embedded within another, larger system designed to provide a limited set of functions. Similar to 1ICS and 10T systems, they are special-purpose devices that are often connected to the Internet, sometimes without security mechanisms in mind. Many embedded systems are proprietary and do not have strong built-in security mechanisms such as strong authentication or encryption capabilities. In addition, the software in embedded systems is usually embedded in computer chips and may not be easily updated or patched when system vulnerabilities are discovered.
3.5.13. High Performance Computing (HPC) Systems
High-performance computing (HPC) refers to the use of one or more supercomputers, often for highly complex computational sciences and other applications involving mathematics.
HPC systems have the same security concerns as traditional and other cloud-based systems. They typically run Linux-based operating systems and are susceptible to software vulnerabilities, configuration issues, and compromised credentials. All traditional security measures should be considered here. But HPC environments are highly specialized, purpose-designed hardware and software. Any custom hardware and software introduces additional threat vectors and must be secure.
3.5.14. Edge computing system
3.5.15. Virtualization system
A virtualization system simulates hardware resources through software, allowing multiple operating systems to run on the same hardware. This is the main technology behind cloud computing. Virtual machines and software-driven networks (SDN) are typical examples of virtualized systems.
3.5.15.1 Hypervisor
The hypervisor is responsible for creating the simulation environment and managing the hardware resources of the virtualized system. There are two types of hypervisors: bare metal hypervisors and type II hypervisors. Bare-metal hypervisors run directly on the hardware, while second-category hypervisors run as programs on top of the operating system (virtual box).
3.5.15.2 Potential risks of virtualized systems
•Virtual machine sprawl: A large number of underutilized virtual machines are running, possibly due to a lack of comprehensive management or security plan.
• Server sprawl: Similar to virtual machine sprawl, but involving physical servers.
•Shadow: Components (physical or virtual) deployed without the knowledge or permission of senior management or the I-Team.
•Virtual machine escape: Software breaks through the isolation protection provided by the hypervisor from the virtual machine and penetrates into other virtual machines or hosts.
3.6. Selecting and Determining an Encryption Solution
3.6.1. Basics of cryptography
3.6.1.1 Overview of cryptography
Cryptography is the mathematical processing of data to protect its confidentiality and/or integrity.
1. Confidentiality (and Privacy):
One of the primary uses of cryptography is to protect the confidentiality of information, both at rest and in transit.
When applied to Personally Identifiable Information (PI) and Protected Health Information (PHI). This provides the key feature of "privacy".
2.Integrity
Another common application of cryptography is the use of hashing algorithms and message digests to provide guarantees of data integrity (or accuracy).
3. Authenticity (and non-repudiation)
Cryptography can also be used for authentication services and non-repudiation through digital signatures and digital certificates.
3.6.1.2 Cryptography concepts
1. Plain text and cipher text
. Plaintext: directly understandable information in a natural format before being converted into ciphertext
Cleartext - Information in a readable, usable form that is not intended to be obscured by encryption
•Ciphertext; a change in form of plain text information so that it cannot be read by anyone but the intended recipient
2. Encryption and decryption
•Encryption: The process of converting information from plain text to cipher text
• Decryption (Deeryption) - the opposite process of encryption, the process of converting cipher text information into plain text.
3.Algorithm and key
•Cryptographic algorithm; a mathematical function used in the encryption and decryption process
•Key; sometimes called a cryptographic variable, is introduced into the encryption process along with the algorithm to increase the complexity of encryption and decryption. Keys are similar to passwords in that they must be changed frequently and are generally known only to entities with the authority and authority to encrypt and decrypt information.
3.6.2. Cryptozoology life cycle
The cryptography life cycle involves algorithm selection, key management, and management of cryptographic teaching at rest, in transit, and in use. The following are the stages of the NIST cryptography life cycle:
1. Startup phase: Based on organizational needs, algorithm selection system is made.
•Fit-for-purpose type of cryptography (e.g., symmetric, public key, hashing, etc.)
•Specific algorithms (such as AES, RSA, SHA, etc.)
•Key length (such as AES-256, RSA-2048, SHA-512, etc.)
•Operating modes (ECB, CBC, etc.)
2 Development and Procurement: The organization develops, or more likely procures, encryption systems.
3. Implementation and evaluation: The encryption system is put into use and evaluated to see if it meets the organization's security objectives.
4 Operations and Maintenance: The organization ensures the continued secure operation of cryptographic systems.
5. Sunset: When the weaknesses of the encryption algorithm are discovered and it is no longer suitable for continued long-term use, the organization stops using the encryption algorithm.
3.6.3. Cryptographic methods (symmetric)
Security architects can use a number of encryption tools to protect the confidentiality and integrity of data. The choice of these tools depends on the threat being defended, the nature of the communication, and the sensitivity of the information. About encryption methods that can be used in different situations
3.6.3.1 Symmetric encryption algorithm
The sender and receiver use the same key to encrypt and decrypt information.
3.6.3.2 Main disadvantages of symmetric systems:
1. Secret key distribution problem
How to safely distribute the shared secret key to both parties before communication is a problem. Secret keys need to be distributed securely via out-of-band methods or asymmetric systems.
2. Does not provide non-repudiation
Unable to confirm which party the encrypted message came from
3. Lack of scalability
When there are too many participants, a huge number of secret keys need to be maintained, number of secret keys = n(1-1)/2
4. The key life cycle is short
After a participant leaves the communication group, all secret keys known to them need to be destroyed.
3.6.3.3 Main advantages of symmetrical systems:
•Speed: Symmetric systems are much faster than asymmetric systems
•Low cost: The implementation cost of symmetric key encryption is low and does not require complex computing resources and high equipment costs.
3.6.3.4 Basic types of symmetric cryptography
•Stream cipher.
Data streams are encrypted and decrypted using variable length keys. Stream ciphers can encrypt and decrypt data streams in real time, but are less secure. The most common stream cipher is RC4, which was once used in SSL and TLS, but is now basically abandoned.
•Block cipher:
Divide the plaintext data into thousands of blocks according to a certain length, and then use the key to encrypt each block. Block ciphers are more secure, but the key length must be fixed. Common block sizes are 64-bit, 128-bit, and 256-bit. Typical block ciphers include Blowfish, Twofish, DES, and AES.
3.6.3.5 Password operation mode
1. Electronic Code Book (ECB):
The input data is divided into chunks and each chunk is encrypted using the same key. It is vulnerable to repeated plaintext attacks and is usually not used alone in practical applications.
2. Cipher Block Chaining (CBC):
An initialization vector (N) is required to initialize the encryption process, XOR the ciphertext of the previous block with the plaintext of the current block, and then encrypt using the key. Can effectively prevent repeated plaintext attacks.
3. Password Feedback (CFB):
The plaintext is divided into kilobytes, XORed with the initialization vector, and then encrypted by a cryptographic algorithm. Suitable for encrypting real-time data streams such as telephone communications and live video streams.
4.Output feedback (OFB):
XOR each set of data with the ciphertext of the previous set. Suitable for encrypting real-time data streams and is not affected by data delay or loss.
5. Counter (CTR):
A numeric counter is used to generate a random initialization vector that is XORed with each set of data.
Each encryption generates a new initialization vector, improving security.
6. Galois/Counter Mode (GCM):
A symmetric cryptographic encryption technique used to encrypt data streams. It has the advantages of counter mode (CTR) and provides data integrity check (ICV) function to ensure data integrity.
3.6.3.6 Common symmetric encryption algorithms
•DES:
Data encryption standards, 56-bit keys, 64-bit blocks, are currently considered insecure.
•Triple DES
The Triple DES algorithm increased the key length from 55 bits to 168 bits, but it was abandoned by NIST in 2017 and was considered unsafe.
•AES:
The Advanced Encryption Standard, using 128, 192 and 256-bit keys, is currently (until 2023) considered a secure algorithm.
•RC series:
Symmetric key algorithms developed by Ron Rivest, including RC2, RC4, RC5, and RC6. Among them, RC2 and RC4 are considered unsafe, while RC5 and RC6 are considered safe.
•Blowfish:
Block cipher algorithm, the key length can be up to 448 bits, and the security is high. The source code is open and free to use, but commercial products require licensing.
•Twofish:
Block cipher algorithm, the key length can be up to 256 bits, and the security is high. Widely used in encryption software, encryption equipment and secure communication systems.
•Skipjack:
The symmetric cryptographic encryption algorithm proposed by the National Security Agency (NSA) of the US government has a key length of 80 bits and is highly secure, but the source code is confidential and is only used within the US government.
•IDEA:
International data encryption algorithm with a key length of 128 bits, used for PGP email encryption and decryption.
•CAST block encryption algorithm:
Including CAST 123 (using a 128-bit key) and CAST 256 (using a 256-bit key), of which CAST 256 is better in terms of security, but has slower encryption speed.
3.6.4. Cryptographic methods (asymmetric)
3.6.4.1 Asymmetric encryption algorithm
Asymmetric cryptography solves the scalability problem by providing each user with a pair of keys (public/private key). Common usage scenarios are as follows:
The main features of asymmetric encryption:
•High key distribution efficiency: Distribute keys through Public Key Infrastructure (PKI).
•Provides integrity, authentication and non-repudiation: Private keys implement these functions.
•Scalability: Simple key maintenance, number of keys = n~2.
•Long key lifecycle: participants only need to provide their public key to join the communication
Disadvantages: Asymmetric encryption is slower than symmetric encryption. Asymmetric encryption is usually used to exchange symmetric keys, and then symmetric encryption is used to ensure communication security.
3.6.4.2 Common asymmetric encryption algorithms
•Difie-Hellman-Merkle Key Exchange
A method for securely exchanging cryptographic keys, not for encryption or decryption, but for both parties to securely generate a shared key.
•RSA:
Asymmetric key algorithm for encrypting and signing data. The security is based on the difficulty of factoring two large prime numbers. RSA is one of the most commonly used public key encryption algorithms.
•El-Gamal
Asymmetric key algorithm for transmitting digital signatures and key exchange. Based on the discrete logarithm problem, derived from the Diffie-Hellman-Merkle algorithm.
3.6.5. Cryptographic methods (elliptic curve, quantum)
3.6.5.1 Elliptic Curve Cryptography (ECC)
•ECC is a public-key cryptography method whose security is based on the special algebraic structure of elliptic curves.
•Using shorter key lengths produces high security. For example, a 256-bit ECC key is equivalent to a 3072-bit RSA key.
•Since smaller keys lead to faster calculations, ECC is more efficient than other public key algorithms and is suitable for resource-constrained application scenarios.
3.6.5.2 Quantum cryptography
•Quantum cryptography exploits a property of quantum mechanics: any measurement or observation of a quantum system perturbs it.
•This provides the basis for transmitting secret encryption keys, which can be discovered if intercepted by an eavesdropper.
•The emergence of quantum computing and its applications in encryption and decryption has raised concerns that existing security algorithms could be broken.
3.6.6. Public Key Infrastructure (PKI)
Public Key Infrastructure (PK); is a technical architecture used to achieve e-commerce and network security. It is mainly composed of some institutions, certificate issuing agencies and certification agencies. Provides the necessary infrastructure for e-commerce and network security.
3.6.6.1 Digital Certificate
A digital certificate is an electronic credential used to verify the identity of an entity (such as a person, organization, or device) in a network environment and associates the entity's public key with its identity information. The Certificate Issuing Authority (CA) is responsible for verifying the entity’s identity information and issuing digital certificates.
3.6.6.1.1X.509
A common digital certificate format widely used in e-commerce and network security fields for identity authentication and data encryption. A typical X509 certificate includes the following information:
•Shuyu Certificate Version: The version number of the x.509 certificate, indicating the format and content of the certificate.
•Certificate serial number: The unique identifier of the x.509 certificate, which distinguishes different certificates.
•Certificate Signing Algorithm Identifier: The algorithm identifier used to sign the certificate, including algorithm name and version.
•Certificate subject name: X. 509 The name of the certificate holder (such as an individual or organization).
•Certificate subject public key information: the public key information of the certificate holder, used to encrypt data and verify digital signatures
•Certificate extension information: Additional and extended properties of X.509 certificates, such as key usage restrictions and certificate
•Certificate pre-issuer name: The name of the certificate issuing authority (CA) that pre-issued the X 509 certificate.
•Certificate issuer public key information: CA's public key information, used to verify the signature of the certificate.
•Certificate Validity Period: The validity period of the X.509 certificate, including the effective date and expiration date.
3.6.6.2 Certificate issuer
A Certificate Issuing Authority (CA) is an organization or institution responsible for issuing, managing, renewing, and revoking digital certificates. Shuyu certificate guarantees the authenticity and integrity of electronic documents and provides documentation for e-commerce and network security.
CA is mainly divided into two categories
•Top CAs are authoritative organizations responsible for issuing high-security certificates.
•Sub-CA is an ordinary organization that mainly issues low-security certificates and is usually used for internal certification of organizations.
CAs typically work with a Registration Authority (RA) for identity verification before issuing a certificate. The RA is responsible for verifying the user's identity information (such as supporting documents and contact information) and submitting a verification report to the CA. In this way, CA can manage certificates more effectively and ensure e-commerce and network security.
3.6.6.3 Certificate life cycle
1. Register:
Users apply for a digital certificate from the Certificate Issuing Authority (CA), fill out the application form and submit their identity information and public key. After verification, the CA issues a digital certificate to the user.
2. Verification:
The CA verifies user certificate information to ensure its security and reliability. Verification steps include Domain Verification (DV), Authority Verification (QV) and Extended Validation (EV) to ensure certificate authenticity and credibility
3. Log out:
When a certificate expires or is revoked, the CA marks it as invalid. This process is called deregistration and is typically accomplished through a Certificate Revocation List (CRL) or Online Certificate Status Protocol (OCSP).
3.6.6.4 Certificate format
3.6.6.5 Usage scenario: email communication
1. The user registers in PKI and obtains a pair of digital certificates (public key and private key).
2. The sender uses the recipient’s public key to encrypt the email content.
3. The sender uses his or her private key to digitally sign the email.
4 The recipient uses the sender’s public key to verify the authenticity of the message and uses his or her private key to decrypt the message content.
5. If the digital signature and verification process of the email are normal, the recipient can safely read the email content.
3.6.7. Key management practices
The security of cryptography relies on symmetric private keys and the confidentiality of private keys. Here are the proper key management practices
1. Key generation
•Length: Key length needs to accommodate increasing computing power and the development of quantum communications.
•Randomness: Use hardware-based random number generators such as TPM and HSM.
2. Key storage and use
•Use KEK to encrypt the data encryption key and obtain the encrypted key.
•Use DEK to encrypt data and obtain encrypted data.
•Store in HSM.
3. Management measures
•Segregation of duties: People who have access to encryption keys cannot have access to encrypted data.
•Dual Control: Protect private keys using two different control factors, such as device and password.
•Knowledge segmentation: Splitting a key (or password) into multiple pieces that need to be combined to decrypt data (or enter a system).
4. Rotate and replace keys
•Keys have a limited lifespan and should be replaced as soon as possible if there is evidence or suspicion of destruction.
. Even if key confidentiality is maintained, it should be replaced regularly.
•Rotate keys when key personnel with access to cryptographic materials leave the company.
•NIST and PCI recommend rotating data encryption keys at least annually.
5. Key destruction
Securely destroy the key when you confirm that the encrypted data is no longer needed:
•Delete all copies of the key by overwriting storage, degaussing or physical destruction to ensure irrecoverability.
• Maintain records of destruction, including key location and means of destruction.
3.6.8.Digital signatures and digital certificates
3.6.8.1 Digital signature
Digital signatures utilize asymmetric encryption technology to achieve integrity, authentication and non-repudiation:
Authentication: When recipients verify a digital signature, they can confirm the identity of the sender because only the sender possesses the private key used to sign.
•Integrity: By hashing the message digest generated by Western numbers, the recipient can verify that the information has not been tampered with during transmission.
• Non-recognizability: The sender cannot deny that the message was sent because they signed it with their private key and can prove this fact to a third party.
3.6.8.2 Digital certificate
A digital certificate is an electronic document used to verify the ownership of a public key. Usually issued by a trusted third party (such as a certificate authority, CA) to confirm the validity of the public key. The Shuyu certificate includes the identity information of the public key holder and the Shuyu signature, ensuring the authenticity of the certificate content.
3.6.8.3 Digital signature process
The sender performs a hash operation on the message and obtains the message digest.
The sender uses the private key to encrypt the message digest and generate a digital signature.
The sender sends the original information, digital signature and public key to the receiver
The receiver uses the public key to decrypt the digital signature and verify the integrity of the information and the identity of the sender.
3.6.8.4 Hash Message Authentication Code (HIMAC)
•Verify message integrity and authenticity using cryptographic hash functions and keys
•Commonly used with SHA-2 or SHA-3 hash Western numbers
•MAC is used to verify message integrity and authenticity. Compared with HMAC, MAC does not use a key, but uses a public parameter to calculate the authentication code of the message. If the message and the authentication code do not match, the message has been tampered with.
3.6.8.5 Digital signature standards
RSA: A commonly used asymmetric encryption algorithm that uses two keys for encryption and decryption. In digital signatures, the private key is used to sign the data, and the public key is then used to verify the signature.
•DSA: Key Signature Algorithm, based on the integer decomposition problem, only uses the private key to generate signatures, so it can only be used to generate signatures and cannot be used to encrypt data.
•ECDSA: Digital signature algorithm based on elliptical curve, with higher security and calculation speed
3.7. Understand the methods of cryptanalysis attack
3.7.1. Brute force attack
A brute-force attack is an attack method in cryptography in which the attacker attempts to exhaust all possible keys until he finds the correct key to access encrypted information.
3.7.1.1 Rainbow Tables
To increase the efficiency of air attacks, a rainbow table can be used. Rainbow tables store hash values of possible passwords and are mainly used to crack offline hashed passwords.
3.7.1.2 Prevent rainbow table attacks
To defend against rainbow table attacks, techniques such as salting, peppering, and key stretching can be used.
-Salt: Add a random string before the user password to make each user's hash value unique and reduce the success rate of rainbow table attacks.
•Pepper: Add a fixed stealth value to the hashing process so that the attacker cannot precompute the rainbow
•Key extension: By hashing Western numbers through multiple iterations, the amount of calculation required to crack the password is increased, thereby increasing the difficulty of cracking.
3.7.2. Password text only
Only samples of cipher text are analyzed. This type of attack is one of the most common because the password text is easily obtained by intercepting network traffic. There are different methods that can be used to attack plain ciphertext, including: Frequency analysis
3.7.3. Known plaintext
In this type of attack, the attacker not only has the ciphertext, but also the known plaintext associated with it, allowing the attacker to compare the results of the known plaintext with the ciphertext to determine any relationship between the two. .
3.7.4.Selected plaintext
In a chosen plaintext attack, the attacker can choose any number of plaintexts to attack and deduce the value of the key by comparing the differences between plaintext and ciphertext.
3.7.5. Frequency analysis
Frequency analysis is an attack method in which an attacker examines cipher text in an attempt to associate commonly used words in order to discover the encryption key or algorithm used.
3.7.6. Carrying out attacks
The attack was carried out in an attempt to exploit some weakness in the cryptographic system. Such as loopholes in protocols or algorithms.
3.7.7. Side channel
Side-channel attacks are more subtle and usually do not directly destroy the function of the system, but crack the encrypted information by recording system activity characteristics, such as changes in CPU utilization, power or electromagnetic radiation.
It uses certain non-key characteristics of the encryption system to crack the encryption system, which can be done in a variety of ways, including: timing, cache access, energy consumption, electromagnetic radiation, error information, etc.
3.7.8.Fault injection
Fault injection attacks are side channel attacks that involve deliberately injecting faults or erroneous inputs and observing errors and outputs
3.7.9. Timing
A timing attack is a side-channel attack in which an attacker attempts to break a cryptographic system by monitoring the time required to execute an algorithmic function
3.7.10. MITM
Man-in-the-middle MITM attacks require the attacker to be able to intercept and forward messages between two parties, and possibly modify the original message. To protect against MitM attacks, encryption is often used to protect the content of communications.
3.7.11. Passing hash values
Pass-the-Hash Attack is an attack technique in which the attacker obtains the password hash value and directly uses the hash value for authentication. In this attack, the attacker unleadedly decrypts the hash or obtains the clear text password. Such attacks target authentication protocols rather than hashes or other cryptographic elements.
Ways to defend against pass-the-hash attacks:
•Least-privilege security model: Reduces the likelihood and impact of pass-the-hash attacks by limiting an attacker's ability to obtain and use elevated privileges.
• Code management: Regularly (preferably automatically) rotating passwords and using password management tools can help protect against this type of attack.
3.7.12. Leveraging Kerberos
Kerberos is a ticket-based network authentication protocol that uses symmetric key encryption to provide strong authentication in client/server environments. It allows nodes (systems) on the network to prove their identities to each other.
Kerberos vulnerability attacks refer to attackers exploiting vulnerabilities in the Kerberos authentication protocol. By exploiting these vulnerabilities, attackers can bypass authentication, gain unauthorized access, or even execute malicious code on the victim's system.
Ways to defend against attacks that exploit Kerberos vulnerabilities:
. Least-privilege security model: Reduces the likelihood and impact of attacks that exploit Kerberos vulnerabilities by limiting an attacker's ability to obtain and use elevated privileges.
•Password management: Regularly (preferably automatically) rotate passwords and use password management tools to help protect against attacks
3.7.13. Ransomware
Ransomware is a malicious program that infects a system, encrypts the victim's files and locks access unless payment is made. In a typical ransomware attack, victims receive instructions on how to pay a ransom to obtain a decryption key to recover their data. This can be partially mitigated by storing backups regularly.
Ways to prevent ransomware attacks:
•Patches and Updates: Keep operating systems and applications patched and updated.
•Least Privileges: Restrict the use of administrative privileges.
• Anti-malware: Use trusted anti-malware tools with the latest signatures, as well as follow other best practices for system hardening.
In addition to the above security measures, regular backup of data is key in dealing with ransomware so that data can be recovered without paying a ransom. By storing backups regularly, you can quickly restore to a known safe state in the event of an attack.
3.8 Apply safety principles in site and facility design
3.8.1. Apply safety principles to sites and facilities
1Application of general security principles in physical security:
. Information security principles applicable to physical security include the CIA Three Essentials:
•Confidentiality and Integrity: The main physical threats to confidentiality and integrity are unauthorized access, such as intruders and theft.
•Availability: Availability is affected by natural environmental events (such as earthquakes) and infrastructure events (such as power outages, HVAC failures, floods).
2. Risk treatment methods: avoid, mitigate, transfer and accept
•Avoid: Choose facilities that are less susceptible to certain risks, such as locating data centers in geologically stable areas to avoid earthquake risks.
•Mitigation: Mitigating threats by implementing security controls (administrative, technical, and physical).
•Transfer: transfer or share physical risk through insurance or contract.
•Acceptance: Evaluate the remaining risk to determine whether it is within the organization's risk tolerance. If it is not met, additional measures need to be taken to reduce the remaining risk.
3. Types of physical security controls:
•Management controls: Facility construction and selection, site management, personnel controls, security awareness training, and emergency response and procedures.
•Technical Controls: Access Control, Intrusion Detection, Alarms, CCTV, Surveillance, HVAC Power Supply, and Fire Detection and Fire Fighting.
•Physical controls: fences, lighting, door locks, building materials, traps, dogs and guards.
3.9. Design site and facility safety controls
3.9.1. Wiring closets and intermediate power distribution facilities
Organizations that rely on Internet service providers (SPs) to provide high-bandwidth communications services have specific sensitive areas and equipment within the premises to receive these services. These communications areas, called distribution facilities, are the physical points where external data lines enter the building, breaking up high-bandwidth lines into multiple lower-bandwidth lines.
•Main Distribution Facility (MDF): A power distribution facility in a large facility, typically located in data centers and server rooms of large facilities
•Intermediate Distribution Facility (1DF): Smaller distribution area and equipment that breaks high-bandwidth connections into individual lines or network cabling for connecting terminals, hosts, or centralized network switches. Typically located in small wiring closets
Physical security measures:
. Restricted Access: MDF and 1DF should be in locked or restricted areas with restricted access.
•Height Considerations: Avoid locating MDF and 1DF in basements or below-grade areas to prevent flooding or other damaging events.
Proximity to risk sources: Special MDF and 1DF are located away from the risks posed by malfunctioning overhead wine sprayers, broken water pipes, or HVAC equipment.
3.9.2. Server rooms and data centers
1. Risk assessment
Determine the physical security risks of the data center and ensure the security of the data center. When assessing risk, consider the following:
Physical access risk
Heating, Ventilation and Air Conditioning (HVAC)
environmental risks
fire risk
2. Design standards
3. Operation and maintenance
•To ensure the proper and safe operation of the data center, appropriate procedures need to be implemented, including:
•Personnel security: background checks, training and access procedures
•Maintenance: Ensure facilities and equipment are maintained in a timely manner
•Logging, monitoring and alerting: Monitor data center conditions in real time and trigger alerts when anomalies occur
•Control testing and auditing: Regularly inspect and test data center security measures
For example, during a power outage, if the load capacity of the uninterruptible power supply (UPS) is insufficient to support normal operations, other backup energy options need to be considered, such as diesel generators. At the same time, generators should be regularly tested and maintained to ensure sufficient fuel, and be aware that fuel may deteriorate over time.
3.9.3. Media storage facilities
Media storage facilities need to implement environmental controls to prevent degradation of storage media over time. Specific controls depend on the media being stored, manufacturer recommendations and anticipated threats, and typically include:
stable temperature and humidity
Air filtration and positive pressure control to reduce dust, particles or contaminants in the air (such as corrosive fumes, emissions from diesel generators or nearby vehicles)
Proper floor covering (such as vinyl flooring, rubber flooring) to reduce static electricity generation
Media storage facilities should be located away from electrical equipment that may produce magnetic fields (such as transformers or motors)
Long-term archived data should be read from storage media and re-recorded to new media periodically, following the tape manufacturer's recommendations (e.g., every six years)
When moving storage devices, measures such as separation of duties and dual-person control should be adopted and recorded.
Important data should be backed up offsite
Implement media reporting procedures to disinfect (e.g., degauss) and securely destroy media before disposal to ensure that sensitive information cannot be extracted from the media after it leaves the organization.
3.9.4. Evidence storage
Evidence storage needs to consider physical controls to protect the integrity of the chain of custody and ensure evidence used in court has not been tampered with or contaminated. At a minimum, a log should be included: an indelible record of every item that is placed in or removed from the evidence vault. Controls over chain of custody in evidence storage rooms include:
•Develop strict policies regarding who has access to the evidence storage room, what information is recorded in the log, and procedures for managing keys to the evidence storage room.
•Video Surveillance: Consider using motion detection or a system tied to a door sensor that only records when a person enters the evidence storage room. This is because evidence usually needs to be preserved for a long period of time while awaiting trial, and continuous monitoring of
Records consume too much storage space or are stored for a shorter period than typical evidence storage.
•The evidence storage room must be equipped with a double-locked door or a locked storage cabinet within the locked evidence storage room. There are separate charges for key control, and two people are required to enter the evidence storage room.
3.9.5. Security of restricted areas and work areas
Restricted area and work area security involves a series of measures designed to protect the security of a specific area, such as an office area or a restricted government area. These special measures include reviewing personnel entering the area, installing monitoring systems and setting up access control systems to prevent unauthorized personnel from entering and protect people and resources in the area.
Workspace security should be based on risk assessment (including threat modeling), following security principles and appropriate control design to reduce risk. Factors to consider include:
1. Least privilege and knowing what you need
Based on formally approved policies and procedures, individuals are allowed access to restricted and secure areas only to the extent necessary to perform their duties. Regularly review access rights to ensure the reasons for access have not changed and maintain detailed auditable records.
2. Segregation of duties and/or dual control
Depending on the risk assessment, the presence of more than one certified worker may be required to gain access to the safe work area. This can be verified through administrative controls (such as guard recording or video surveillance), or enforced through multiple locks or electronic access controls.
3. Defense in depth
• Facilities should be designed to support a hierarchy of security controls, from common areas outside the building to the highest security areas (such as where the most sensitive or high-risk assets or jobs are located).
• Access control system certification: The appropriate level of stringency and tolerable false alarm rate depends on the security level of the area being protected.
•Multi-factor authentication technology: Users require an access card and enter a PIN to prevent the access card from being lost and used by impostors.
•Corrective controls: Detective controls such as video surveillance and corrective controls such as motion detectors and sirens can serve as compensatory controls.
4. Compliance obligations
Organizations that handle government or military classified data need to establish necessary security controls, such as personnel authentication, security, electronic access control, etc. Non-military or government organizations also need to meet security requirements from regulatory or contractual obligations such as GDPR, HIPAA, PCI DSS, etc.
3.9.6. Water, electricity and heating, ventilation and air conditioning (HVAC)
Utilities include electricity, water, communications and heating, ventilation and air conditioning. The following points need attention:
1. Power management equipment:
•Surge Protector: Provides power overload protection.
•Power Conditioner: Advanced surge protector that eliminates or filters line noise.
•Uninterruptible power supply (UPS): Provides additional power for graceful shutdown of equipment.
•Battery backup: to run the entire infrastructure in the presence of battery switching interruptions.
•Generator: Advanced version of backup battery, theoretically, continuous fuel and continuous power.
2. Terminology for electrical problems:
•Fault: Instantaneous power outage.
Blackout: Complete loss of power supply.
•Sag: Instantaneous low voltage.
•Low voltage (Brownout): Low voltage for a long time.
•Spike: Instantaneous high voltage.
•Surge: High voltage for a long time.
nrush: The initial power surge usually associated with receiving a power supply.
•Ground: The grounded conductor in a circuit.
3. Noise:
Power disturbance caused by some form of disturbance, interruption or flow. Electromagnetic interference (EMI) and radio frequency interference (RF)) affect the normal operation of Ding equipment.
4Temperature, humidity and static electricity:
•Temperature range: 15-32 degrees Celsius
•Humidity range: 20%-80%
•Be aware that too high humidity can cause corrosion, and too low humidity can cause static electricity.
5.Water:
Sensitive areas need to improve drainage systems to prevent flooding.
3.9.7. Environmental issues
1. Environmental risk factors:
•Extreme weather (typhoon, tornado, blizzard, etc.)
•Geological disasters (earthquakes, floods, seafood)
-Natural disasters (forest fires, volcanoes)
construction risks
•Biological factors (pests, wild animals)
preventive solution:
Proper location selection of data centers
Avoid placing critical facilities in vulnerable locations
Enhance data center resiliency and disaster recovery plans
-Assess supplier risk tolerance
2. Epidemic risk:
•Impact employee or supplier work
-Increased organizational stress
Responses:
1) Implement remote working
2) Shift work to less affected areas
3. Use cloud services:
•Move key operations to secure areas
•Leverage distributed data centers to reduce risk
3.9.8 Fire prevention, detection and extinguishing
Protecting people's lives and health takes priority over protecting facilities and buildings, ensuring that people can leave the building safely
3.9.8.2 Four main stages of fire combustion:
•Ionization reaction: A chemical reaction occurs between a substance and an oxidizing agent, releasing energy.
. Smoke: The organic components in the substance begin to decompose at high temperatures, producing smoke, etc.
•Flame: The visible part of a fire, usually predominantly yellow or orange.
•Combustion: Complete combustion of matter, producing large amounts of heat and light.
3.9.8.3 Fire detection
1. Thermal induction:
•Fixed temperature detector: triggers when the temperature reaches the threshold
•Rise rate detector: Triggered when the temperature rise rate reaches the threshold
2 Flame induction: Sensing the flicker of flame or the infrared energy of flame.
3Smoke sensor:
•Photoelectric: Sensing changes in light intensity
•Beam type: sensing smoke and interrupting the beam to detect smoke
•Ionization: Sensing interference from normal ionization current of radioactive materials
•Aspiration type: Inhales air into the sampling chamber and senses trace amounts of smoke.
3.9.8.5 Fire response system:
• Automatically notify the fire department
•Linked fire extinguishing system to extinguish fire
3.9.8.6 Sprinkler system
•Wet pipes: There is always water in the pipes, which is released at a specific temperature. For use in normal temperature environments.
•Dry pipe: There is no water in the supply pipe until the sprinkler head is triggered. Commonly used in warehouses exposed to freezing temperatures.
•Flood: A variation of the thousand-tube type, capable of transporting large amounts of water quickly. Used where large amounts of water are required to extinguish fires.
•Pre-action: The pipe is filled with compressed gas, and water injection begins after detecting a fire. Water will not be sprayed until a certain temperature is reached. Recommended for use in information processing areas as it reduces the risk of accidental releases by allowing manual intervention.
Key exercises
1. Mathew works as a security administrator for a consulting firm and must enforce access control policies that limit users' access based on their previous activity. For example, once a consultant accesses data from Acme Cola, a consulting client, they can no longer access data from any of Acme's competitors. Which security model best suits Matthew's needs? A. Clark-Wilson B. Biba C. Bell-LaPadula D. Brewer-Nash
3.Ralph is designing the physical security infrastructure for a new computing facility with few employees. He plans to install motion detectors at the facility, but also wants to include a secondary verification of physical presence control. Which of the following is best suited to meet his needs, A. Closed-circuit television surveillance (CCTV) B. Intrusion Prevention Systems (IPs) C. Turnstile D. Faraday cage
4.Harry wants to recover a lost encryption key from a database controlled using m n, where m=4, n=8. What is the minimum number of managed agents required to retrieve a key? A. 2 B.4 C. 8 D.12
5. Fro's company is considering ways to enable vendors to purchase e-mail services for the web and build its own e-mail server environment as a cost-saving measure. Fian's company considers What type of cloud computing environment? A. Saas B.laas C. Caas D. Paas
6.Bob is a security administrator for the U.S. federal government. He wants to choose a federal digital signature standard. (FIPS 186-4) approved digital signature method. Which of the following encryption algorithms is not an acceptable choice for digital signatures? A.DSA B. HAVAL C.RSA D. ECDSA
7.Harry wants to access a document owned by Sally and stored on the file server. Applying the subject/object model to this scenario, who or what is the subject of the resource request? A. Harry B. Sally C. Server D. Documentation
8. Michael is responsible for conducting a forensic investigation into a moderately severe security incident involving the tampering of the company's website. The relevant web server is running on a virtualized platform, and the marketing team hopes to restore the operation of the website as soon as possible. What’s the most logical next step for Michael? A. Keep the website offline until the investigation is completed. B. Take the virtualization offline as evidence. C. Take a snapshot of the compromised system and use it for investigation. D. Ignore the incident and focus on restoring the site quickly.
9. Helen is a software engineer who is developing a piece of code that she wants to confine to an isolated sandbox for security purposes. Which software development technology is Helen using? A. Boundaries B. Input validation C.Restrictions D.TCB
10. What is a concept that describes an organization's level of confidence that its controls meet security requirements? A. Trust B. Certificate issuance C. Verification D. ensure
11. When developers try to facilitate their own access to the software they develop for testing purposes, which security vulnerability is most likely to be introduced into the code? A. Maintenance hooks B. Cross-site scripting C. SQL injection D. Buffer overflow
12. In this figure, Sally cannot read the file due to limitations of the Biba integrity model. The Saly server has a Confidential-level security clearance, and the file has a Confidential-level classification. Is the B0a model implementing this principle? Sally Read Request Data File A. Simple security properties B. Simple integrity properties C \*-security attributes D.\*-Integrity attribute
13.Tom is responsible for maintaining the safety of systems used to pull industrial processes located within power plants. Live in happiness What is the terminology used to describe these systems? A. POWER B. SCADA C. HAVAL D. COBOL
14. Somia recently removed a piece of hardware from the laptop due to hardware issues and moved it to a new device. Although it seems to be the user's fault, there are difficulties in accessing the quality of internal reference. What hardware security feature might be causing this problem? A.TCB B. TPM C.NIACAP D.RSA
15.cors I want to prove whether the soft assorted buns he made were thinking about K-ultrasound after drinking and eating. If he thought that a skilled developer could have replaced the software package and added a backdoor, what hash worker should he use? A.MD5 B. 3DES C. SHA1 D. SHA 256
For questions 16 to 19, please consider the following scenario: Alice and Bob want to communicate with each other using an asymmetric encryption system. They are located in different parts of the country but exchange encryption keys using digital certificates signed by mutually trusted certificate issuers. key. 16. If Alice wants to send an encrypted message to B0b to ensure confidentiality, which key does she use? To encrypt messages? A. Alice’s public key B. Alice’s private key C.Bob’s public key D.Bob’s private key 17. When Bob receives the encrypted message sent by Aice, which key does he use to decrypt the plain text of the message? A. Alice’s public key B. Alice’s private key C.Bob’s public key D.Bob’s private key 18. In this scenario, which of the following keys would Bob not possess? A. Alice’s public key B. Alice’s private key C. Bob’s public key D.Bob’s private key Jian Shuyu's signature? 19. Alice also wants to digitally sign the message she sends to Bob. Which key should she use to create A. Alice’s public key B. Alice’s private key C. Bob’s public key D.Bob’s private key
20.Which of the following names is used for random values added to passwords in an attempt to defeat a rainbow table attack? A. Hash B. Salt value C.Expander D.Reinforcement bars
21.Which of the following is not a property of a hash algorithm? A They require an encryption key. B. They are irreversible. C. It is very difficult to find two messages with the same hash value. D. They accept variable length input.
22. When the early stages of a fire are detected, what type of fire suppression system fills a valve with water and requires the sprinkler heads to be heated before releasing the water? A. Wet pipe B. Thousand tubes C. submerged D.Pre-movement
23.Susan wants to configure IPsec in a way that guarantees the confidentiality of packet contents. Which component of IPsec provides this functionality? A.AH B.ESP ALin C.IKE D.ISAKMP
24.Which of the following encryption goals protects the risk posed if a device is lost or stolen? A. Non-repudiation B. Identity verification C.Integrity D. Confidentiality
25.1oanna wants to view the status of her organization's industrial control system used for construction control. What type of system should she ask about access? A. SCADA B.DSS C.BAS D.ICS-CSS
26. In the figure shown here, Harry's request to write to the data file is blocked. Harry has a Secret level security clearance and the data files have a Secret level classification. Which principle of the Bell-Lapadula model blocks Ning from this request? write request A. Simple security properties B. Simple integrity properties C.l*-security properties D. Discretionary security attributes
27.Aoran and Tobias want to start communicating using the Symmetric Calvary system. But they don't have the air steel arranged by them, and they can't exchange keys with Simi. What algorithms can they use to safely Exchange keys? A. IDEA B. Diffie-Hellman C.RSA D.MD5
28. Carl's organization recently conducted a user access review. After the review, auditors noted several instances of privilege creep. Which safety principle was violated? A. Security failure B. Keep it simple C. Trust but verify D. Least privilege
29. Matt's organization recently adopted a zero-trust network architecture. According to this approach, which of the following criteria is least applicable when granting a principal access to a resource? A. Password B. Two-factor authentication C.IP address D.Biometric scan
30.Colin is the Chief Privacy Officer of a non-profit organization and assists the team in transitioning to a “privacy by design” approach. Under this approach, which of the following principles should the team embrace? A. Initiative rather than passivity B. Privacy as default C. End-to-end security D. Defense depth
31. What cryptographic principles support the idea that cryptographic algorithms should be subject to public scrutiny? A. Safe via obfuscation B. Kerkhoff’s Principle C. Defense depth D. Heisenberg principle
32.Ryan is developing a physical access plan for his organization's data center and wants to implement the security controls indicated by the arrows in this illustration. What is the name of this control? A.Mantrap B. Turnstile C. Intrusion prevention system (Intrusion prevention Sstem) D. Portal
33. Which of the following does not describe standard physical security requirements for computer rooms? A. Only placed in areas monitored by security personnel. B. Do not store flammable items in the computer room. C. Use sensors on doors to record entry and exit. D. Regularly inspect the computer room.
35. Recently, Lana implemented a new process in her organization whereby managers responsible for granting users access to subsystems are not allowed to participate in access reviews. Which principle is she implementing? A. Two-person control B. Least privilege C. Permission expansion D.Separation of duties
36. Which of the following statements about system development is correct? (Select all that apply.) A The system should be designed to operate in a secure manner if no additional configuration is performed by the user. B. If the system encounters an error, it should be designed to fall back to a safe state. C. Systems should be designed with security as a design feature. D. The system should maintain its functionality in the simplest way possible.
37.Alen is looking into a system that has achieved an EAL assessment assurance level based on common standards. What level of assurance might he have regarding the design of the system? A. It has passed functional testing. B. It has passed structural testing. C. It has been formally verified, designed and tested. D. It has been systematically designed, tested, and reviewed.
38. Jake works at a research organization that is trying to deploy a grid computing system that will loop through user workstations for research tasks requiring high-performance computing. What are the most important risks associated with this operation? A. Data confidentiality B.Isolation destruction C.Data integrity D.Data availability
39. Eimear's software development team uses an approach that binds many discrete software objects together through the use of APIs. What is the term that best describes this architecture? A. Microservices B. Function as a Service C. Containerization D.Virtualization
40. Adam recently configured permissions on an NTFS file system to describe different users' access to files by listing each user one by one. What did he create? A. Access control list B. Access control entries C. Role-based access control D. Mandatory access control
41. Betty is concerned about buffer overflow attacks targeting her organization's custom applications. Which security control provides the strongest defense against these attacks? A. Firewall B. Intrusion detection system C. Parameter check D. Vulnerability scanning
42. Which of the following combinations of control measures best embodies the principle of defense depth? A. Email Encryption and Network Intrusion Detection B. Cloud Access Security Broker (CASB) and Security Awareness Training C. Data Loss Prevention and Multi-Factor Authentication D. Network firewall and host firewall
43.James is using a Department of Defense system authorized to handle both classified and top secret level information. What type of system is he using? A. Single state system B. No classification system C.Special system D.Multi-state system
44. Kyle was granted access to a military computer system using System High Mode. Which of the following is incorrect regarding kyle's security approval requirements? A.Kvle must have the highest level of approval for confidential information processed by the system, regardless of his access What about permissions. B.kyle must obtain access approval for all information in the processing system. c.kyle must have a legitimate need to know about all information processed by the system. D.Kyle must have valid security clearance.
45. Gary intercepted communications between two individuals and suspected that they were exchanging secret messages. Communication content That seems to be the image shown here. What type of technique might these two people have used to hide the message in this image? A visual cryptography B Steganography C password hash D transport layer security
46. Phiip is developing a new security tool that will be used by individuals in many different subsidiaries of the organization. He sampled using Docker to deploy tools to simplify configuration. Which of the following terms best describes this approach? A. Virtualization B. abstract C. Simplify D.Containerization
47. In the ring protection model shown here, which ring contains the kernel of the operating system? A ring 0 B ring 1 C ring 2 D ring 3
48. In an infrastructure-as-a-service (laaS) environment, the provider provides customers with access to storage services. Who is generally responsible for deleting sensitive data from decommissioned disks? A. Customer Security Team B. Customer’s storage team C. Customer’s supplier management team D. Suppliers
49. During a system audit, Casey noticed that the private keys for her organization's web servers had been stored in a public Amazon S3 bucket for over a year. Which of the following actions should she take first? A. Delete the key from the bucket. B. Notify all customers whose data may have been exposed. C. Request a new certificate using the new key. D. Do nothing since the private key should be accessible for verification.
50. Which of the following system assurance processes provides an independent third-party assessment of system controls that can be trusted by many different organizations? A. Certification B. Definition C verification D Approval
51. Darcy’s organization is deploying serverless computing technology to better meet the needs of developers and users. In a serverless model, who is typically responsible for configuring the operating system's security controls? A. Software developer B. Cybersecurity Professionals C. Cloud Architect D. Suppliers
52. Harold is assessing the vulnerability of his environment to hardware barriers and wants to determine the expected life of a piece of hardware. What metric should he use? A.MTTR B.MTTF C. RTO D. MTO
53. Chris is designing an encryption system for his company for internal use. The company, which has 1,000 employees, plans to use an asymmetric encryption system. They wanted the system to be set up so that any pair of users could communicate privately. How many keys do they need in total? A. 500 B. 1,000 C. 2,000 D.4,950
54. Gary is concerned about applying consistent security settings for the many mobile devices used in his organization. Which technology can best help solve this challenge? A.MDM B.IPS C. IDS D. SIEM
55.Alirce sent a message to Bob: Bah wanted to prove to Chartle that the message he received was indeed from Alice. What is the cryptographic goal that Bob is trying to achieve? A. Identity verification B. Confidentiality C. Deny and prevent D.Integrity
56.Pronda is considering the use of new ID cards for physical access control in her organization. She came across a military system that uses the card shown below. What type of card is it? A. Smart card B. Close range card C magnetic stripe card D.The third stage card
57. Gordon is concerned that hackers may use the phenomenon of EK radiation to remotely read the contents of mass computer systems located in restricted work areas at his facility. What technology can prevent this type of attack? A. TCSEC B. SCSI C.GHOST D. TEMPEST
58.Jorge believes an attacker has gained access to one of his organization’s Active Directory servers The hash of the Kerberos service account. What type of attacks might this lead to? A. Golden Note Attack B. Kerberoasting attack C. Pass-the-ticket attack D. Brute force cracking
59. Sherry conducted an inventory of the cryptographic techniques used in her fine weave and found the following algorithms and protocols in use. Which of these technologies should she replace because it is no longer considered safe? A.MD5 B.AES C.PGP D.WPA3
60.Robert is investigating a security breach and discovers that the Mimikatz tool is installed on a system in his environment. What is likely to happen with this type of attack? A. Password cracking B. Password Hash Pass C. MAC spoofing D.ARP poisoning
61. Tom is a cryptanalyst trying to crack the secret key of a cryptographic algorithm. He has an encrypted copy of the intercepted message, as well as a decrypted plaintext copy of the message. He hopes to use the blanked message and its plaintext secret key to decrypt other messages. What type of attack was Tom involved in? A.Chosen ciphertext attack B. Chosen plaintext attack C. Known plaintext attack D. Brute force cracking
62 A hacker recently compromised the integrity of James Company data by using precise timing attacks. The attacker waited for James to verify the integrity of the file's contents using a hash value, and then modified the file between James verifying the integrity and reading the file's contents. What type of attack occurred? A. Social engineering attack B.TOCTOU attack C. Data tampering attack D. Parameter checking attack
63. Carl deploys an array of video sensors that will be placed in remote locations as part of a research project. Due to connectivity limitations, he would like to perform image processing and calculations on the device itself as much as possible before sending the results back to the cloud for further analysis. Which computing model best meets his needs? A. Serverless Computing B. Edge computing C. Infrastructure as a Service (laas) Computing D. Software as a Service (Saas) Computing
64. What steps can you take to prevent accidental data leakage due to wear leveling on a solid state drive before returning it to use? A. Reformat B. Disk encryption C. Magnetization elimination D. Physical destruction
65. Johnson wrdoers strictly restricts access to total sales information and specifically treats it as competitive confidentiality. However, shippers are given unrestricted access to order records to facilitate transaction completion. Recently, a delivery member extracted all of his individual sales records from his database and aggregated them to determine total sales. What type of attack occurred? A. Social engineering attacks B. Inference attack C. Aggregation attack D. Data tampering attack
66 Which physical security controls continuously broadcast false radiation to mask the true electromagnetic radiation of computing devices A. Faraday cage B. Copper Clad Windows C. Shielded cable D.White noise
67. In a software-as-a-service cloud computing environment, who is typically responsible for ensuring appropriate firewall controls are in place to protect applications? A. Customer’s security team B. Suppliers C. Client’s Network Team D. Customer’s infrastructure management team
68. Alice has read permissions on the object and wants Bob to have the same permissions. Which rule in the Take-Grant protection model allows her to accomplish this? A. Create rules B. Delete rules C. Grant permission rules D. Accept permission rules
69. As part of his incident response process, Charles securely wiped the compromised machine's hard drive and reinstalled the operating system (OS) from the original media. Once completed, he fully patched and applied the organization's security template, then reconnected the system to the network. Almost immediately after the system was reactivated, he discovered that it had reconnected to the same botnet it had previously been a part of. Where should Charles look for the malware causing this behavior? A. Operating system partition B. System BIOS or firmware C. System memory D.Installation media
70. Lauren implemented Address Space Layout Randomization (ASLR) to help prevent the system from being compromised. What technology did she use to protect her system? A. Encryption B. Mandatory access control C. Memory address randomization D. Discretionary access control
71.Alan has intercepted an encrypted message and wants to determine the type of encryption algorithm used to create the message. He first performed a frequency analysis and noticed that the frequency of letters in the message closely matched the distribution of letters in English. What type of password was most likely used to create this message? A. Replace password B.AES C. Transposition cipher D. 3DES
72. The Double DES (2DES) encryption algorithm has never been used as a viable alternative to the DES algorithm. 2DES is susceptible to an attack that is not present in the DES or 3DES methods. What kind of implementation attack is this attack? A. Chosen plaintext attack B. Brute force attack C. Man-in-the-middle attack D. Two man-in-the-middle attacks
73.Grace wants to implement application control technology in her organization. The user often needs to install new applications for research and testing, and she doesn't want to interfere with this process. At the same time, she wanted to prevent the use of known malware. What type of application control would be appropriate in this situation? A. Blacklist control B. Greylist control C. Whitelist control D. Blue list control
74.Warren is designing a physical intrusion detection system for a sensitive media storage facility and would like to include technology that will sound an alarm if the alarm system's communication lines are accidentally severed. Which technology can Meet this requirement? A.Heartbeat sensor B. Radiation Safety Technology C. Motion detector D. Faraday cage
75.John and Gary are negotiating a business deal, and John must prove to Gary that he can access the system. He used an electronic version of the Might and Magic scene shown below. What technique did John use? A segmentation knowledge proof B Zero-knowledge proof C. Logical proof D.Mathematical proof
76. After scanning all the systems on the wireless network, Mike noticed that one system was identified as an iOS device running a not very outdated version of Google Mobile OS. Upon further investigation, he discovered that the device was an original iPad "and could not be upgraded to the current secure version of Windows Phone. What was the best option for dealing with this device?" A. Retire or replace equipment. B. Isolate the device on a dedicated wireless network. C. Install a firewall on the tablet. D. Reinstall the operating system.
77. Tonya believes an attacker could eavesdrop on her users and remote web pages by conducting a DNS poisoning attack Legal HTTPS communication between servers. After DNS poisoning, what techniques might an attacker use to eavesdrop? A. Man-in-the-middle attack B. Brute force cracking C. Timing attack D. Attack in the meeting
78.Howard is selecting an encryption algorithm for his organization, and he wants to select an algorithm that supports digital signatures. Which of the following algorithms meets his requirements? , A.RSA B. 3DES C.AES D. Blowfish
79. Laura is responsible for securing the company's web-based applications and would like to conduct an education program for developers about common web application security vulnerabilities. Where can she find a concise list of the most common web application problems? A.CVE B.NSA C. OWASP D.CSA
80. The Bell-LaPadula and Biba models are implemented in a way that uses a specific state machine model state machine? A. Information flow B. Non-intrusive C. cascade D.Feedback
81 During third-party vulnerability scanning and verification testing, Danielle's employer recently discovered a critical remote access vulnerability in a connected system installed for management in the company's new building. The manufacturer has gone out of business and there are no patches or updates for these devices. What action should Danielile recommend her employer take regarding the hundreds of vulnerable devices? A Determine replacement device models and replace each device. B. Turn off all equipment. Heart. Migrate the device to a secure and isolated network segment. D. Reverse engineer the device and build internal patches.
82. Which type of motion detector senses changes in electromagnetic fields in the area being monitored? A. Infrared ray B.Waveform C. Capacitor D. Optoelectronics
83. Mike is tasked with preventing malware outbreaks like Mirai, a botnet that targets IP cameras and routers. What type of system should his organization protect? A. Server B. SCADA C.Mobile devices D. Internet of Things (IoT) devices
84. Which of the following statements is true regarding the Biba access control model? A. It involves confidentiality and integrity. B. It involves integrity and availability. C. It prevents covert channel attacks. D. It focuses on protecting objects from integrity threats.
85. In transport layer security, what type of key is used to encrypt the actual communication between the web server and the client? A. Short-lived session keys B. Client’s public key C. Server’s public key D. Server’s private key
86 Beth hopes to use technology to prevent unnecessary electromagnetic pool leakage in data center security zones. Which of the following technologies will help her achieve this goal? A. Heartbeat sensor B. Faraday Cage C Piggybacking D.WPA2
87. In a virtualized computing environment, which component is responsible for enforcing isolation between hosts? A. Guest operating system B. Hypervisor (Virtual Machine Monitor) C. Kernel D. Protection Manager
88 Rick is a developer who primarily uses Python for application development. Recently, he decided To evaluate a new service, it provides its own Python code to the vendor, which is then executed in the vendor's server environment. What type of cloud computing environment does this service belong to? A. Saas (Software as a Service) B. Paas (Platform as a Service) C. laas (infrastructure as a service) D. Caas (Containers as a Service)
89.The main HVAC system in the data center managed by Kim experienced a component failure, causing an elevated temperature alarm. After resolving the problem, which of the following measures should kim consider to prevent a similar problem from happening again? A. Closed Loop Cooler B. Redundant cooling system C. Evaporative cooler D. Move data centers to colder climates
90. Tommy plans to install a power conditioning UPS in a rack in his data center. If which of the following conditions persists for a period of time, the UPS will be unable to protect? A. Failure B. Power outage C. Voltage drop D. Noise
91. Which of the following humidity values is within the acceptable range for data center operations? A. 0% B. 10% C.25% D.40%
92.Kristen’s organization suffered a ransomware infection and lost access to critical business data. She is considering paying a ransom to regain access to the data. Which of the following statements are true about this type of payment? (Select all that apply.) A. Paying ransom may be illegal. B. Paying the ransom may result in further payment demands. C. Paying the ransom ensures the decryption key is obtained. D. Paying ransom may lead to data leakage.
93 Alex's employer creates most of his work as PDF files. Alex is worried that the audience of PDF files is limited to those who pay a fee. Which of the following techniques can he use to most effectively control access to and distribution of these files? A.EDM (Electronic Document Management) B. Encryption C.Shuyu signature D.DRM (Digital Copyright Management)
94. As part of the team's forensic investigation process, Matt signs out drives and other evidence before using the storage facility. What type of file is he creating? A. Criminal documents B. Evidence chain C.Civil documents D.CYA (self-protection)
95.Todd believes that the digital certificate used by his organization has been compromised, and he wants to add it to the Certificate Revocation List (CRL). Which element of the certificate appears in the CRL? A. Serial number B. Public key C. Digital signature D.Private key
96.Alison is checking the digital certificate provided to her by the bank's website. Which of the following requirements is unnecessary for her to trust Shuyu's certificate? A. She knows that the server belongs to the bank. B. She trusts the certificate authority. C. She verifies that the certificate is not listed on the CRL. D. She verifies the digital signature on the certificate.
97. Which of the following is an example of using covert time channels to steal information from an organization? A. Send an email B. Publishing files on peer-to-peer file sharing services C. Enter in the rhythm of Morse code D. Write data to the shared memory space
98. Which of the following is a reasonable application for using self-signed digital certificates? A.Shuyu business website B. Banking applications C. Internal Scheduling Application D. Customer Portal
99. Ron is investigating a security incident that occurred at a high-security government facility. He believes encryption keys were stolen during the attack and found evidence that the attackers used dry ice to freeze encryption components. What type of attack is this likely to be? A. Side channel attack B. Brute force attack C. Timing attack D. Fault injection attack
100. Match the following numbered security models with the corresponding alphabetical security descriptions security model 1. Clark-Wilson 2.Graham-Denning 3.Bell-LaPadula 4. Biba describe A. This model ensures confidentiality by preventing lower-level objects from accessing higher-level objects. B. The *property of this model can be summarized as "no compose" C. The model uses security tags to grant access to child objects through the transformer and restricted interface model. D. This model focuses on securely creating and deleting subjects and objects through eight main protection rules or operations.
101. Match the following numbered architectural security concepts with the corresponding letter descriptions Architecture security concepts 1. Time check 2. Covert passage 3. Usage time 4. Maintain hooks 5. Parameter check 6. Race conditions describe A. A method used to convey information over paths not normally used for communication B. Use system behavior to attack dependence on external event sequences C. The time when the subject checks whether the object is available D. The time the subject has access to the object E. Access methods known only by system developers F. A method that can help prevent buffer overflow attacks