Skip to content

Page169

Summary of Exam Objectives

In this (large) domain we began by describing fundamental logical hardware, operating system, and software security components, and how to use those components to design, architect, and evaluate secure computer systems. Understanding these fundamental issues is critical for an information security professional.

We then moved on to cryptography, which dates to ancient times, but is very much a part of our modern world, providing security for data in motion and at rest. Modern systems such as Public Key Infrastructure put all the cryptographic pieces into play via the use of symmetric, asymmetric, and hash-based encryption to provide confidentiality, integrity, authentication, and non-repudiation. You have learned how the pieces fit together: slower and weaker asymmetric ciphers such as RSA and Diffie-Hellman are used to exchange faster and stronger symmetric keys such as AES and DES. The symmetric keys are used as session keys to encrypt short-term sessions, such as Web connections via HTTPS. Digital signatures employ public key encryption and hash algorithms such as MD5 and SHA-3 to provide non-repudiation, authentication of the sender, and integrity of the message. Understanding these concepts and others discussed in this chapter and applying them together is critical for success on the exam.

Finally, physical security is implicit in most other security controls and is often overlooked. We must always seek balance when implementing controls from all 8 domains of knowledge. All assets should be protected by multiple defense-in-depth controls that span multiple domains. For example, a file server can be protected by policy, procedures, access control, patching, antivirus, OS hardening, locks, walls, HVAC, and fire suppression systems (among other controls). A thorough and accurate risk assessment should be conducted for all assets that must be protected. Take care to ensure no domains or controls are overlooked or neglected.

Self-Test

Note
Please see the Self-Test Appendix for explanations of all correct and incorrect answers.

  1. What type of sprinkler system would be best for an art gallery?
    A. Wet pipe
    B. Dry pipe
    C. Deluge
    D. Pre-action

  2. What is the primary drawback in using dogs as a perimeter control?
    A. Training
    B. Cost
    C. Liability
    D. Appearance

  3. The RSA algorithm is based on which one-way function?
    A. Elliptic curves
    B. Discrete logarithm
    C. Frequency distribution
    D. Factoring composite numbers into their primes

  4. Which of the following is true for digital signatures?
    A. The sender encrypts the hash with a public key
    B. The sender encrypts the hash with a private key
    C. The sender encrypts the plaintext with a public key
    D. The sender encrypts the plaintext with a private key

  5. Which algorithm should you use for a low-power device that must employ digital signatures?
    A. AES
    B. RSA
    C. ECC
    D. ElGamal

  6. What model should you use if you are primarily concerned with confidentiality of information?
    A. Brewer-Nash
    B. Bell-LaPadula
    C. Biba
    D. Clark-Wilson

  7. On Intel x86 systems, the kernel normally runs in which CPU ring?
    A. Ring 0
    B. Ring 1
    C. Ring 2
    D. Ring 3

  8. Which type of cloud service level would Linux hosting be offered under?
    A. IaaS
    B. IDaaS
    C. PaaS
    D. SaaS