13. c. The proof-of-correspondence deals with verifying the design between a formal model and the functional specifications. A proof-of-wholeness is having all of an object’s parts or components include both the sense of unimpaired condition (i.e., soundness) and being complete and undivided (i.e., completeness). It applies to preserving the integrity of objects in that different layers of abstraction for objects cannot be penetrated, and their internal mechanisms cannot be modified or destroyed. A proof-of-origin is the basis to prove an assertion. For example, a private signature key is used to generate digital signatures as a proof-of-origin. A proof-of-correctness applies mathematical proofs-of-correctness to demonstrate that a computer program conforms exactly to its specifications and to prove that the functions of the computer programs are correct.
14. Regarding cryptographic modules, the implementation of a trusted channel protects which of the following?
1. Plaintext critical security parameters
2. Cryptographic module software
3. Use of untrusted software
4. Spoofing by a remote system
a. 1 and 2
b. 1 and 3
c. 3 and 4
d. 1, 2, 3, and 4
14. d. The implementation of a trusted channel protects plaintext critical security parameters (CSPs) and the software of the cryptographic module from other untrusted software that may be executing on the system. The trusted channel also protects from spoofing by a remote system.
15. For cryptographic modules, additional life-cycle assurance is provided through which of the following?
1. Automated configuration management
2. Detailed design
3. Low-level testing
4. Operator authentication
a. 1 and 2
b. 2 and 3
c. 3 and 4
d. 1, 2, 3, and 4
15. d. For cryptographic modules, additional life-cycle assurance is provided through automated configuration management, detailed design, low-level testing, and operator authentication using vendor-provided authentication information.
16. From a security risk viewpoint, which of the following situations is not acceptable?
a. Fail in a known state
b. Return to an operational state
c. Fail in a safe but unknown state
d. Restore to a secure state
16. c. It is not good to assume that an unknown state is safe until proven because it is risky. The other three choices are examples of acceptable situations because of little or no risk.
17. Memory protection is achieved through which of the following?
1. System partitioning
2. Nonmodifiable executable programs
3. Resource isolation
4. Domain separation
a. 1 and 2
b. 1 and 4
c. 3 and 4
d. 1, 2, 3, and 4
17. d. Memory protection is achieved through the use of system partitioning, nonmodifiable executable programs, resource isolation, and domain separation. Inadequate protection of memory leads to many security breaches through the operating system and applications.
18. Organizations should not design which of the following?
a. Operating system-independent application systems
b. Virtualization techniques
c. Operating system-dependent applications
d. Virtualized networking
18. c. Organizations should design operating system-independent application systems because they can run on multiple operating system platforms. Such applications provide portability and reconstitution on different platform architectures, increasing the availability or critical functionality while operating system-dependent application systems are under attack. Virtualization techniques provide the ability to disguise information systems, potentially reducing the likelihood of successful attacks without the cost of having multiple platforms. Virtualized networking is a part of virtualization techniques.
19. Typically, computer architecture does not cover which of the following?
a. Operating systems
b. Business application systems
c. Computer memory chips
d. Hardware circuits
19. b. Computer architecture covers operating systems, computer memory chips, and hardware circuits to make the computer run. However, it does not cover business application systems because they are required to perform a business task or function. Business application systems by themselves do not make the computer run.
20. A trusted channel can be realized in which of the following ways?
1. A communication pathway between the cryptographic module and the local endpoints
2. A cryptographic mechanism that does not allow misuse of transitory sensitive security parameters (SSPs)
