Architecture Principles
Questions 1β8
Which security architecture principle states that security requirements should be addressed from the very beginning of development β not as an afterthought?
The principle of Fail Secure prioritizes availability β it disables the security control so users can still access the system even when something goes wrong.
Scenario: A financial organization ensures that the same person who initiates a wire transfer cannot also approve it. What security principle does this demonstrate?
A database admin is only given access to the databases they directly manage β not to HR systems, application servers, or other unrelated resources. This is an example of:
An enterprise deploys a perimeter firewall, an IDS, network segmentation, secure endpoints, AND encryption β so that if the firewall is bypassed, other controls still protect the network. What principle does this represent?
Zero Trust is a security model that assumes all internal network users are trusted, but external users must be verified before access is granted.
Which of the following BEST describes the "Default Deny" principle?
Name two ongoing maintenance tasks that are required because "Security is a Process" β meaning security must be maintained over time.
Architecture Flaws & Attacks
Questions 9β14
A technique used to transfer information in a secretive, unauthorized manner β either by exploiting shared resources like RAM/CPU or by accessing storage media β is called a:
Scenario: A malicious employee at a bank writes code that rounds down each transaction by $0.001 and deposits those fractions into a hidden account. Over millions of transactions, this accumulates into a large theft that went undetected. What type of attack is this?
A Maintenance Hook (backdoor) is a legitimate and safe feature because it is only accessible to authorized developers.
Which type of covert channel involves one process accessing the timing or usage of a shared system resource (such as CPU or RAM) to leak information to another process?
What is Data Diddling? Describe when it occurs.
Which protection mechanism ensures that a system returns to a known-good secure state after a failure or discontinuity, preventing the failure from compromising secure operation?
CIA Techniques & OS Concepts
Questions 15β18
What is process confinement, and give one real-world technology that implements it?
In the OS ring model, Ring 0 (the Kernel) has the least privilege, while Ring 3 (Applications) has the most privilege.
If a compromised program is processing sensitive data, which aspect of the CIA triad is MOST directly threatened?
What does Process Isolation guarantee in an operating system?
Security Models
Questions 19β25
The Bell-LaPadula model is designed to enforce which security property?
Scenario: A user with "Secret" clearance tries to read a "Top Secret" document. According to Bell-LaPadula, is this allowed? Name the rule that applies.
The Biba model's "No Read Down" rule means:
In the Access Control Matrix, the columns represent Capability Lists tied to subjects (users).
What are the four rules of the Take-Grant model? List them.
Which statement CORRECTLY compares Bell-LaPadula and Biba?
Scenario: A "Top Secret" cleared analyst wants to write a report summary into an "Unclassified" document. According to Bell-LaPadula, is this allowed? What rule applies and why?
0
/ 25
β
β
β
0
Correct
0
Wrong
0%
Score