CISSP-2022 Exam Cram Domain 3
CISSP-2022 Exam Cram Domain 3
Security Architecture
and Engineering
D O M A I N 3 : SECURITY ARCHITECTURE & ENGINEERING
For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
what’s new in domain 3?
3.6 Select and determine cryptographic solutions
– Quantum
Relevant and expanded versus
what is in the official study guide
For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
what’s new in domain 3?
3.7 Understand methods of cryptanalytic attacks
– Brute force – Fault injection
– Ciphertext only – Timing
– Known plaintext – Man-in-the-Middle (MITM)
– Frequency analysis – Pass the hash
– Chosen ciphertext – Kerberos exploitation
– Implementation attacks – Ransomware
– Side-channel
covered in “Attacks and Countermeasures”
For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
secure design principles taken from NIST SP 800-160
For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
CLOUD MODELS & SERVICES - IAAS
Applications Applications
Data Data
Runtime Runtime CSP provides building blocks, like
Middleware Middleware networking, storage and compute
OS OS
Virtualization Virtualization CSP manages staff, HW, and
Servers Servers
datacenter
Storage Storage
Networking Networking
On-premises IaaS
For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
CLOUD MODELS & SERVICES - IAAS
Applications Applications
Data Data
Runtime Runtime
Middleware Middleware
OS OS
Virtualization Virtualization
Servers Servers Azure Virtual Amazon EC2 GCP Compute
Storage Storage Machines Engine
Networking Networking
On-premises IaaS
For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
CLOUD MODELS & SERVICES - PAAS
Applications Applications
Data Data
Runtime Runtime Customer is responsible for
Middleware Middleware deployment and management of apps
OS OS
Virtualization Virtualization CSP manages provisioning,
Servers Servers
configuration, hardware, and OS
Storage Storage
Networking Networking
On-premises PaaS
For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
CLOUD MODELS & SERVICES - PAAS
Applications Applications
Data Data
Runtime Runtime
Middleware Middleware
OS OS
Virtualization Virtualization
Servers Servers Azure SQL API Azure App
Storage Storage Database Management Service
Networking Networking
On-premises PaaS
For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
HOW
is SERVERLESS
function-as-a
service (FaaS)
Different
from PAAS in terms of
responsibility?
PaaS Serverless
Applications Applications
Data Data
Runtime Runtime
Middleware Middleware Customer just configures features.
OS OS
Virtualization Virtualization CSP is responsible for management,
Servers Servers
operation, and service availability.
Storage Storage
Networking Networking
On-premises SaaS
For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
CLOUD MODELS & SERVICES - SAAS
Applications Applications
Data Data
Runtime Runtime
Middleware Middleware
OS OS
Virtualization Virtualization
Servers Servers
Storage Storage
Networking Networking
On-premises SaaS
For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
CLOUD models
Describe the differences between Public, Private
and Hybrid cloud models
For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
CLOUD models
Describe the differences between Public, Private
and Hybrid cloud models
For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
CLOUD models
Describe the differences between Public, Private
and Hybrid cloud models
For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
CLOUD models
Describe the differences between Public, Private
and Hybrid cloud models
For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
CLOUD models
Describe the differences between Public, Private
and Hybrid cloud models
For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
CLOUD models
Describe the differences between Public, Private
and Hybrid cloud models
For more cybersecurity exam prep tutorials, follow us on Youtube at Inside Cloud and Security
cloud access security broker
WHAT IS A
Doubling key length from 128 to 256 does not make the
key twice as strong, it makes it 2128 times as strong.
POST-QUANTUM CRYPTOGRAPHY
a 3-dimensional array of
regularly spaced points
POST-QUANTUM CRYPTOGRAPHY
LATTICE
cryptography
Block cipher
is a method of encrypting text (to produce ciphertext) in which a
cryptographic key and algorithm are applied to a block of data (for example,
64 contiguous bits) at once as a group rather than to one bit at a time.
Substitution
use the encryption algorithm to replace each character or bit of the plaintext
message with a different character. Julius Caesar developed one of the
earliest ciphers of this type now known as the “Caesar cipher”.
cryptography – TYPES OF CIPHERS
uses an encryption algorithm to rearrange the letters of a plaintext message,
forming the ciphertext message.
Three very similar stream ciphers. The main difference between these ciphers
is key length.
Caesar shift cipher uses a key of length one
Vigenère cipher uses a longer key (usually a word or sentence),
One-time pad uses a key that is as long as the message itself.
ONE-TIME PAD success factors
“
Split knowledge means that the information or privilege
required to perform an operation is divided among
multiple users.
This ensures that no single person has sufficient
privileges to compromise the security of the environment.
concept: work function (work factor)
Work function, or work factor, is a way to measure the
strength of a cryptography system by measuring the
effort in terms of cost and/ or time to decrypt messages.
Usually, the time and effort required to perform a
complete brute-force attack against an encryption
system is what a work function rating represents.
The security and protection offered by a cryptosystem is
directly proportional to value of its work function/factor.
Cipher Block Chaining (CBC). Each block of unencrypted text is XORed with the
block of ciphertext immediately preceding. Decryption process simply decrypts
ciphertext and reverses the XOR operation.
Cipher Feedback (CFB). Is the streaming version of CBC. Works on data in real
time, using memory buffers of same block size. When buffer is full, data is
encrypted and transmitted. Uses chaining, so errors propagate.
Output Feedback (OFB). Operates similar to CFB, but XORs the plain text with a
seed value. No chaining function, so errors do not propagate.
|
using the same algorithm but using different keys.
El Gamal
is an extension of the Diffie-Hellman key exchange algorithm that depends on
modular arithmetic. (less common than RSA in last several years)
Elliptic curve
Algorithm depends on the elliptic curve discrete logarithm problem and
provides more security than other algorithms when both are used with keys of
the same length.
digital signatures
government (DoD)
Biba Bell-LaPadula
No read down, no write up
No read up, no write down
Sutherland
preventing interference
(information flow and SMM)
D O M A I N 3 : SECURITY MODELS
Lattice-based
READ Secret
WRITE
Confidential
Unclassified
Subject
Objects and cannot write data into
lower classification
document (no write down)
D O M A I N 3 : SECURITY MODELS
Top Secret
READ Secret
WRITE
Confidential
Unclassified
Subjects Objects
This model uses a formal set of protection rules for which each
object has an owner and a controller.
It is focused on the secure creation and deletion of both subjects
and objects.
A collection of eight primary protection rules or actions that
define the boundaries of certain secure actions.
D O M A I N 3 : SECURITY MODELS
Dedicated Mode
Security clearance that permits access to ALL info processed by system, approval for ALL
info processed by system, valid need-to-know for ALL info processed by system.
Multilevel Mode
Can process information at different levels even when all system users do not have the
required security clearance to access all information processed by the system.
System High Mode
Each user must have valid security clearance, access approval for ALL info processed by
system, and valid need-to-know for at least SOME info on the system. Offers most
granular control over resources and users of these models.
Compartmented Mode
Goes one step further than System High. Each user must have valid security clearance,
access approval for ALL INFO processed by system, but requires valid need-to-know for
ALL INFO they will have access to on the system.
D O M A I N 3 : TRUSTED COMPUTING BASE
Selection of Security
5 Functional Requirements 2 Identification
of Threats
System &
Environment
Objectives
Determination of
4 Security Objectives
3 Analysis & Rating
of Threats
Hierarchical environment
Various classification labels are assigned in an ordered
structure from low security to medium security to high security.
Compartmentalized environment
Requires specific security clearances over compartments or
domains instead of objects.
Hybrid environment
Contains levels with compartments that are isolated from the
rest of the security domain. Combines both hierarchical and
compartmentalized environments so that security levels have
subcompartments.
D O M A I N 3 : MADATORY ACCESS CONTROL
“
A key point about the MAC model is that every
object and every subject has one or more labels.
These labels are predefined, and the system
determines access based on assigned labels.
security models, design, and capabilities
MFA
factors of authentication
MFA
factors of authentication
Identity
“
Single-state processors are capable of
operating at only one security level at a time,
whereas multistate can simultaneously
operate at multiple security levels.
processor operating modes
“
Subject to eavesdropping and tapping, used to
smuggle data out of an organization, or used to
create unauthorized, insecure points of entry
into an organization’s systems and networks.
The purpose of firmware
THE PURPOSE OF
THE ROLE OF
The hypervisor, also known as a virtual machine monitor (VMM), is the component
of virtualization that creates, manages, and operates the virtual machines (VMs).
Type I hypervisor
A native or bare-metal hypervisor. In this configuration, there is no host OS;
instead, the hypervisor installs directly onto the hardware where the host OS
would normally reside.
Type II hypervisor
A hosted hypervisor. In this configuration, a standard regular OS is present on the
hardware, and the hypervisor is then installed as another software application.
cloud access security broker
WHAT IS A
Static environments
are applications, OSs, hardware sets, or networks that are configured for a
specific need, capability, or function, and then set to remain unaltered.
Separation of privilege
increases the granularity of secure operations.
“
Too much humidity can cause corrosion. Too
little humidity causes static electricity. Even on
nonstatic carpet, low humidity can generate
20,000-volt static discharge!
fire and suppression agents
Class A (ASH) fires are common combustibles such as wood, paper, etc. This
type of fire is the most common and should be extinguished with water or soda acid.
Class B (BOIL) – fires are burning alcohol, oil, and other petroleum products
such as gasoline. They are extinguished with gas or soda acid. You should never use
water to extinguish a class B fire.
Class C (CONDUCTIVE) – fires are electrical fires which are fed by electricity
and may occur in equipment or wiring. Electrical fires are conductive fires, and the
extinguishing agent must be non-conductive, such as any type of gas.
Class D (DILYTHIUM) – fires are burning metals and are extinguished with dry
powder.
Class K (KITCHEN) – fires are kitchen fires, such as burning oil or grease. Wet
chemicals are used to extinguish class K fires.
The three categories of fire detection systems include smoke sensing, flame sensing, and heat sensing.
fire extinguisher classes
Fire extinguishers and suppression agents
Wet pipe systems are filled with water. Dry pipe systems contain compressed
air until fire suppression systems are triggered, and then the pipe is filled with water;
and flame activated sprinklers trigger when a predefined temperature is reached.
Dry pipe systems also have closed sprinkler heads: the difference is the pipes
are filled with compressed air. The water is held back by a valve that remains
closed as long as sufficient air pressure remains in the pipes. Often used in areas
where water may freeze, such as parking garages.
Deluge systems are similar to dry pipes, except the sprinkler heads are open
and larger than dry pipe heads. The pipes are empty at normal air pressure; the
water is held back by a deluge valve.
water and electricity do not mix!
gas discharge systems
Usually more effective than water discharge systems, but
should not be used in environments where people are located,
because they work by removing oxygen from the air.
Biometric Systems
Something you are
Conventional Locks
Easily picked / bumped & keys easily duplicated