CISSP Domain 3 questions – Scenario Based

Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority. Question {1-4}

Question 1: If Alice wishes to send Bob an encrypted message, what key does she use to encrypt the message?
Bob’s public key
This is Correct. In an asymmetric cryptosystem, the sender of a message always encrypts the message using the recipient’s public key.
Bob’s private key
This is Incorrect.
Alice’s private key
This is Incorrect.
Alice’s public key
This is Incorrect.
Question 2: When Bob receives the encrypted message from Alice, what key does he use to decrypt the message?
Bob’s private key
This is Correct. When Bob receives the message, he uses his own private key to decrypt it. Since he is the only one with his private key, he is the only one who should be able to decrypt it, thus preserving confidentiality.
Bob’s public key
This is Incorrect.
Alice’s private key
This is Incorrect.
Alice’s public key
This is Incorrect.
Question 3: Which one of the following keys would Bob not possess in this scenario?
Alice’s private key
This is Correct.
Alice’s public key
This is Incorrect.
Bob’s private key
This is Incorrect.
Bob’s public key
This is Incorrect.
Question 4: Alice would also like to digitally sign the message that she sends to Bob. What key should she use to create the digital signature?
Alice’s private key
This is Correct. Alice creates the digital signature using her own private key. Then Bob, or any other user, can verify the digital signature using Alice’s public key.
Alice’s public key
This is Incorrect.
Bob’s private key
This is Incorrect.
Bob’s public key
This is Incorrect.
Question 5: Alison is examining a digital certificate presented to her by her bank’s website. Which one of the following requirements is not necessary for her to trust the digital certificate?
She knows that the server belongs to the bank.
This is Correct. The point of the digital certificate is to prove to Alison that the server belongs to the bank, so she does not need to have this trust in advance. To trust the certificate, she must verify the CA’s digital signature on the certificate, trust the CA, verify that the certificate is not listed on a CRL, and verify that the certificate contains the name of the bank.
She trusts the certificate authority.
This is Incorrect.
She verifies that the certificate is not listed on a CRL.
This is Incorrect.
She verifies the digital signature on the certificate.
This is Incorrect.
Question 6: During a system audit, Casey notices that the private key for her organization’s web server has been stored in a public Amazon S3 storage bucket for more than a year. What should she do?
Request a new certificate using a new key
This is Correct. The first thing Casey should do is notify her management, but after that, replacing the certificate and using proper key management practices with the new certificate’s key should be at the top of her list.
Notify all customers that their data may have been exposed
This is Incorrect.
Remove the key from the bucket
This is Incorrect.
Nothing, because the private key should be accessible for validation
This is Incorrect.
Question 7: Alex’s employer creates most of their work output as PDF files. Alex is concerned about limiting the audience for the PDF files to those individuals who have paid for them. What technology can he use to most effectively control the access to and distribution of these files?
DRM
This is Correct. Alex can use digital rights management technology to limit use of the PDFs to paying customers. While DRM is rarely a perfect solution, in this case, it may fit his organization’s needs. EDM is electronic dance music, which his customers may appreciate but which won’t solve the problem. Encryption and digital signatures can help to keep the files secure, and to prove who they came from but won’t solve the rights management issue Alex is tackling.
EDM
This is Incorrect.
Digital Signature
This is Incorrect.
Encryption
This is Incorrect.
Question 8: Howard is choosing a cryptographic algorithm for his organization, and he would like to choose an algorithm that supports the creation of digital signatures. Which one of the following algorithms would meet his requirement?
RSA
This is Correct. Digital signatures are possible only when using an asymmetric encryption algorithm. Of the algorithms listed, only RSA is asymmetric and supports digital signature capabilities.
AES
This is Incorrect.
Blowfish
This is Incorrect.
DES
This is Incorrect.
Question 9: Raj is selecting an encryption algorithm for use in his organization and would like to be able to vary the strength of the encryption with the sensitivity of the information. Which one of the following algorithms allows the use of different key strengths?
Blowfish
This is Correct. Blowfish allows the user to select any key length between 32 and 448 bits.
Skipjack
This is Incorrect.
DES
This is Incorrect.
IDEA
This is Incorrect.
Question 10: Sherry conducted an inventory of the cryptographic technologies in use within her organization and found the following algorithms and protocols in use. Which one of these technologies should she replace because it is no longer considered secure?
MD5
This is Correct. The MD5 hash algorithm has known collisions and, as of 2005, is no longer considered secure for use in modern environments.
3DES
This is Incorrect.
PGP
This is Incorrect.
WPA2
This is Incorrect.
Question 11: Gary intercepts a communication between two individuals and suspects that they are exchanging secret messages. The content of the communication appears to be the image shown here. What type of technique may the individuals use to hide messages inside this image?
Steganography
This is Correct. Steganography is the art of using cryptographic techniques to embed secret messages within other content. Some steganographic algorithms work by making alterations to the least significant bits of the many bits that make up image files.
Cryptographic hashing
This is Incorrect.
Transport layer security
This is Incorrect.
Visual cryptography
This is Incorrect.

CISSP Domain 3 questions – Digital Signature

Question : What can we use digital signatures to provide? [Select all that apply]
Non-repudiation
This is Correct.
Integrity
This is Correct.
Confidentiality
This is Incorrect.
Availability
This is Incorrect.
Question : Bob is a security administrator with the federal government and wishes to choose a digital signature approach that is an approved part of the federal Digital Signature Standard under FIPS 186-4. Which one of the following encryption algorithms is not an acceptable choice for use in digital signatures?
HAVAL
This is Correct. The Digital Signature Standard approves three encryption algorithms for use in digital signatures: the Digital Signature Algorithm (DSA); the Rivest, Shamir, Adleman (RSA) algorithm; and the Elliptic Curve DSA (ECDSA) algorithm. HAVAL is a hash function, not an encryption algorithm. While hash functions are used as part of the digital signature process, they do not provide encryption.
DSA
This is Incorrect.
RSA
This is Incorrect.
ECDSA
This is Incorrect.
Question : Jane is talking to a friend and is explaining what digital signatures do. Which of these could be something that she tells her friend is one of the MAIN reasons we use digital signatures?
Integrity
This is Correct. Digital Signatures: Provides Integrity and Non-Repudiation.
Confidentiality
This is Incorrect.
Authentication
This is Incorrect.
Availability
This is Incorrect.
Question : Which one of the following algorithms is not supported by the Digital Signature Standard?
El Gamal DSA
This is Correct. The Digital Signature Standard allows federal government use of the Digital Signature Algorithm, RSA, or the Elliptic Curve DSA in conjunction with the SHA-1 hashing function to produce secure digital signatures.
ECC DSA
This is Incorrect.
RSA
This is Incorrect.
Digital Signature Algorithm
This is Incorrect.

Secure Design Principles … System and System Architecture

System and application development consists of following stages

  1. Design
  2. Development
  3. Test
  4. Deployment processes.

Security has to be addressed at every step in the development cycle. However, addressing security in the design stage itself is most critical. Since prevention is better than cure, addressing security at the design stage itself can facilitate preventative controls to address security issues.

Hence, In this post we will take a look at the some of the important design principles must be considered while designing Systems.

Before I begin with Secure design principles – Lets understand what is a “system”;

Systems

Well system is something composed of Hardware and software; which allow software to run to perform some operation.

This typically includes the physical components, the operating systems, and the programming languages used. From a physical and logical perspective, a number of possible frameworks or platforms are in use. 

Below picture depicts about some of the most common systems.

Systems
Systems

Hence, A system is a collection of elements that together produce desired results which are not possible to get by the individual components alone. In enterprise solution, a system may involve single or multiple computers or devices working together to achieve a particular result.

For example, an online shopping system may involve a web server, an e-commerce server, and a database server. However, these systems alone cannot provide necessary security for online transactions. An organization may need to include multiple switches, routers, firewalls, IPS, IDS, Proxy or other security mechanism to ensure that security is maintained end to end.

To understand engineering using secure design principles, organizations must understand the difference between objects and subjects and closed versus open systems. Refer to below figure for all required details.

Refer to below examples to get a better understanding.
Example – Subject & Object
Suppose “Gaurav” wants to access an application. In this case, Gaurav is a subject, and the application is an object. Suppose then that once Gaurav is given access to the application, the application needs to access information in a database called “mrcissp”. Then the application becomes the subject, and the database becomes the object.

Let’s take a look at another example which is selected from our official study guide “Sybex” as it is.
Example – Transitive Trust
Workers (A) do not have access to specific internet sites (C). However, if workers can access a web proxy, virtual private network (VPN), or any other anonymization service, then this can serve as a means to bypass the local network restriction. In other words, if workers (A) are accessing VPN service (B), and the VPN service (B) can access the blocked internet service (C); then A can access C through B via transitive trust exploitation.

System Architecture

The system architecture, in turn, is the overall design of the components -such as hardware, operating systems, applications, and networks of an information system.

Organizations must implement and manage systems engineering processes using secure design principles as discussed in Domain 1: Security & Risk Management.

ISO & IEC groups have developed standards for systems engineering: ISO/IEC 15288:2015 and NIST Special Publication (SP) 800-160, which supersedes NIST SP 800-27.

Please note: ISO/IEC 15288:2015 will be discussed in separate blog.

Hence, Below are the primary Secure design principles used in System Engineering.

  1. The Computer Architecture
  2. System security mechanism
  3. Trusted Computing Base
  4. Assurance

Each of them is quite a Big topic in itself and we will discussing them through a separate post.

Vulnerabilities of Security Architectures and Designs

Organizations must assess and mitigate the vulnerabilities of security architectures, designs, and solution elements. Insecure systems are exposed to many common vulnerabilities and threats. This post discusses the vulnerabilities of

  • Client-based systems
  • Server-based systems
  • Database systems
  • Cryptographic systems
  • Industrial control systems
  • Cloud-based systems
  • Large-scale parallel data systems
  • Distributed systems
  • Internet of Things
  • Grid Computing Systems
  • Mobile Systems
  • Web based System

Client-based system

Vulnerabilities in Client Based System
Vulnerabilities in Client Based System

Server-based system

 Vulnerabilities in Server Based System
Vulnerabilities in Server Based System

Database systems

Vulnerabilities in Database System
Vulnerabilities in Database System

Industrial control system

Vulnerabilities in Industrial Control System
Vulnerabilities in Industrial Control System

Cloud based system

 Vulnerabilities in Cloud Based System
Vulnerabilities in Cloud Based System

Large-scale Parallel Data System

Vulnerabilities in Large-scale Parallel Data System
Vulnerabilities in Large-scale Parallel Data System

Grid and P-2-P computing

Vulnerabilities in Grid and Peer to Peer Computing System
Vulnerabilities in Grid and Peer to Peer Computing System

Internet of Things

 Vulnerabilities in System
Vulnerabilities in IoT System

Please stay tuned for the update in this post for “Mobile Based system” and “Web Based System”.

Physical Security Requirements

Is it possible to secure an asset with securing Physical perimeter of your building? – answer is “No”.

If a malicious person can gain physical access to your facility or equipment, they can do just about anything they want, from destruction to disclosure or alteration. Physical controls are your first line of defense, and people are your last.

All physical security should be based in a layered defense model.

CPTED

Crime Prevention Through Environmental Design (CPTED) refers to designing a facility from the ground up to support security. It is actually a broad concept that can be applied to any project. Some of key points mentioned in CPTED are as below.

CPTED
CPTED

Physical Security Plan

Another important aspect of site and facility design is the proper convergence between the physical layout and the physical security plan. Achieving all the goals of CPTED is not always possible, and in cases where gaps exist, the physical security plan should include policies and/or procedures designed to close any gaps. The plan should address the following issues.

Strategy for Physical Security
Strategy for Physical Security

The security controls implemented to manage physical security can be divided into three groups: administrative, technical, and physical.

Administrative Physical Security Control

For selection of site, a number of decision has to be made such as

  • Will the site be externally marked as a data center?
  • Is there shared tenancy in the building?
  • Where is the telecom demarc (the telecom demarcation point)?

Site selection should be based on the security needs of the organization. Below figure explain some of common questions which can help in Decision making.

Once site is selected; The support systems built into the building play critical role in overall physical security posture. Hence, there are multiple factors we need to look into while designing security.

Administrative Control
Administrative Control

Physical Control

Refer to below picture for all the physical controls used in an Organization

Technical Physical Control

Technical Physical Control
Technical Physical Control

Other Physical Security Requirements

In addition to the above mentioned control; there are few controls which are required for a specific area types such as Wiring closet, Data center, Server room, Media room etc.

In below figure we have discussed multiple controls for such special areas.

Specific Controls Based on Type of Area
Specific Controls Based on Type of Area

QUIZ TIME * – Practicing questions along with Concepts is Best way to Maintain Interest in Study. Hence, Please take some time for a small Quiz on Physical Security? – Please click on below image for quiz to start.

* The questions in these practice tests are listed to help you study information and concepts that are likely to be tested on CISSP certification and do not represent questions from any actual test. Your score on these practice tests is not meant to and will not correlate to any particular score on any test.

Equipment Failure

No matter the quality of the equipment your organization chooses to purchase and install, eventually it will fail.

Most IT professionals are used to talking about uptime, downtime, and system failure. But not everyone is entirely clear on the definition of the terms widely used in the industry. What exactly differentiates “mean time to failure” from “mean time between failures”? And how does “mean time to repair” play into it? Let’s get some definitions straight!

An SLA clearly defines the response time a vendor will provide in the event of an equipment failure emergency.

MTTF is the expected typical functional lifetime of the device given a specific operating environment.

MTTR is the average length of time required to perform a repair on the device.

MTBF is an estimation of the time between the first and any subsequent failures.

Refer to below picture for clear differences among MTTR, MTTF, MTBF

MTTR MTTF MTBF

Make sure to schedule all devices to be replaced before their MTTF expires

Security Capability of Information System … Trusted Computing Base

In computer systems, establishing the level of assurance based on the defined security models so that the computer system can be trusted for use in critical infrastructure is called trusted computing.

The following are some of the concepts that relate to information security aspects of a trusted computing architecture:

Trusted Computing Base

It defines – How a vendor should develop its Hardware, Software, Firmware to establish some level of Trust on CIA – Originally Documented in Orange Book.

Trusted Computing Base
Trusted Computing Base

Organizations must understand the security capabilities of any information systems that they implement. This section discusses memory protection, virtualization, Trusted Platform Module, interfaces, and fault tolerance.

other security capabilities
other security capabilities

Organizations can implement different policy mechanisms to increase the security of information systems.

Policy Mechanism
Policy Mechanism

Assurance … System Security Evaluation Models

In information security, the term assurance means the level of trust or the degree of confidence in the satisfaction of security needs. There are many standards and guidelines published by the government and commercial organizations to evaluate the assurance aspects of computer systems.

In this post, organizations that have created such evaluation systems are discussed.

System Security Evaluation Model
System Security Evaluation Model