CyberVista Security Architecture and Design Questions and Answers

Question 1

A financial services company is designing a new system to handle sensitive customer transaction data. The primary security concern is to prevent unauthorized modification of this data by both internal and external actors. Which security model would be most appropriate to ensure data integrity?

Accepted Answer

Biba Model

Answer

The Biba Model is specifically designed to address data integrity. It uses rules such as 'no read down' and 'no write up' to prevent subjects at a lower integrity level from corrupting data at a higher integrity level. The Bell-LaPadula model focuses on confidentiality, not integrity. The Take-Grant and Access Control Matrix are models for representing access rights but do not inherently enforce integrity in the same way as Biba.

Question 2

A security architect is applying the principle of 'least privilege' to a new application's design. Which of the following actions BEST exemplifies this principle?

Accepted Answer

Granting a user account only the specific permissions needed to perform its intended function.

Answer

The principle of least privilege dictates that a subject (user, process, or system) should be given only the minimum levels of access – or permissions – needed to perform its required functions. Encrypting data is a confidentiality control, requiring two administrators is separation of duties, and setting secure defaults is another important, but distinct, design principle.

Question 3

Which of the following enterprise architecture frameworks is specifically focused on being business-driven and uses a six-layered model (Contextual, Conceptual, Logical, Physical, Component, and Operational) to align security with business objectives?

Accepted Answer

Sherwood Applied Business Security Architecture (SABSA)

Answer

SABSA is a business-driven framework for enterprise security architecture. It emphasizes aligning security with business goals from the start and uses a six-layered model to view the architecture from different perspectives. TOGAF and Zachman are broader enterprise architecture frameworks, and COBIT is a framework for IT governance and management.

Question 4

A software development team is building a critical system where every request for a resource must be validated at the time of the request, regardless of whether previous requests from the same user were approved. This practice is a direct implementation of which secure design principle?

Accepted Answer

Complete Mediation

Answer

The principle of Complete Mediation requires that every access to every object must be checked for authority. This means that permissions are validated every single time a request is made, preventing situations where access rights are cached and might become outdated.

Question 5

An organization is using the OSI model to guide its layered security strategy. At which layer would a security architect primarily focus on implementing IPsec to secure network communications?

Accepted Answer

Layer 3 (Network Layer)

Answer

IPsec (Internet Protocol Security) operates at the Network Layer (Layer 3) of the OSI model. It is used to secure IP communications by authenticating and encrypting each IP packet of a communication session.

CyberVista Test Practice Test

CyberVista Test Practice Test

CyberVista Security Architecture and Design Questions and Answers