3. A cryptographic mechanism to protect SSPs during input
4. A cryptographic mechanism to protect SSPs during output
a. 1 only
b. 2 only
c. 1 and 2
d. 1, 2, 3, and 4
20. d. A trusted channel can be realized as follows: It is a communication pathway between the cryptographic module and endpoints that is entirely local, directly attached to the cryptographic module, and has no intervening systems. It is a mechanism that cryptographically protects SSPs during entry and output. It does not allow misuse of any transitory SSPs.
21. Usually, a trusted path is not employed for which of the following?
a. To provide authentication
b. To provide reauthentication
c. To protect cryptographic keys
d. To protect user login
21. c. A trusted path is employed for high confidence connections between the security functions of the information system (i.e., authentication and reauthentication) and the user (e.g., for login). A trusted path cannot protect cryptographic keys. On the other hand, a trusted platform module (TPM) chip is used to protect small amounts of sensitive information (e.g., passwords and cryptographic keys).
22. Distributed system security services can be no stronger than the underlying:
a. Hardware components
b. Firmware components
c. Operating system
d. Application system
22. c. The operating system security services underlie all distributed services. Therefore, distributed system security can be no stronger than the underlying operating system.
23. Which of the following statement is not true about operating system security services as a part of multilayer distributed system security services?
a. Security services do not exist at any one level of the OSI model.
b. Security services are logically distributed across layers.
c. Each layer is supported by higher layers.
d. Security services are physically distributed across network.
23. c. In multilayer distributed system security services, cooperating service elements are distributed physically across network and logically across layers. Operating system security services (lower layer) underlie all distributed services, and above it are the logical levels of middleware, user-application, and client-server security services (higher layers). System security can be no stronger than the underlying operating system. Each layer depends on capabilities supplied by lower layers, directly on operating system mechanisms. Hence, it is not true that each layer in a multilayer distributed system is supported by higher layers. The other choices are true statements.
24. Security domains do not contain which of the following key elements?
a. Flexibility
b. Domain parameters
c. Tailored protections
d. Domain inter-relationships
24. b. Domain parameters are used with cryptographic algorithms that are usually common to a domain of users (e.g., DSA or ECDSA). Security domains can be physical or logical and hence domain parameters are not applicable. Security domain is a system or subsystem that is under the authority of a single trusted authority. These domains may be organized (e.g., hierarchically) to form larger domains. The key elements of security domains include flexibility, tailored protections, domain inter-relationships, and the use of multiple perspectives to determine what is important in IT security.
25. Which of the following exists external to the trusted computing base (TCB)?
a. Memory channel
b. Exploitable channel
c. Communications channel
d. Security-compliant channel
25. b. An exploitable channel is a covert channel usable or detectable by subjects external to the trusted computing base (TCB). The other three choices are incorrect because they do not exist external to the TCB. A memory channel is based on CPU capacity. A communication channel is the physical media and devices that provide the means for transmitting information from one component of a network to other components. A security-compliant channel enforces the network policy.
26. Which of the following is not an example of a first line-of-defense?
a. Physical security
b. Network monitors
c. Software testing
d. Quality assurance
26. c. Software testing is a last line-of-defense because it is the last step to ensure proper functioning of security controls. After testing, the system is implemented and ready to operate in the real world.
The other three choices provide first lines-of-defense. Physical security with security guards and keys and locks can prevent threats.
