shared responsibility

Evaluate and close vulnerabilities in security architecture, design, and solution elements

client based system

server-side system

Industrial Control Systems ICS

Distributed Systems

High performance computing system HPC

Internet of things

Edge and fog computing

Embedded devices and cyber-physical systems

static system

Internet-enabled devices

Information physics fusion system

Elements related to embedded and static systems

Security Issues in Embedded and Static Systems

Professional setting

microservices

Infrastructure as Code IaC

virtualization system

Containerization

Serverless architecture

mobile device

Basic security protection mechanism

Common security architecture flaws and issues

rootkit

incremental attack

Learn about shared responsibilities. The safety-for-nothing principle shows that no organization is run on haste. Since we participate in a shared responsibility, we must learn to use safety design principles to study, implement and manage the engineering process.

Be able to explain the differences between multitasking, multicore, multiprocessing, multiprogramming, and the main thread. Multitasking is the simultaneous execution of multiple applications on a computer and is managed by the operating system. A core refers to a core that exists within a CPU. Multiprocessing uses one processor to increase computing power. Similar to multitasking, multiprogramming refers to the coordination by the operating system to falsely execute two tasks at the same time on a single processor to improve operating efficiency. Multithreading allows multiple concurrent tasks to be performed within a process.

Understand the concept of protective rings. From a security perspective, protection rings organize the code and components in the operating system into concentric rings. The deeper you are within the ring, the higher the privilege level associated with the code that occupies a particular ring.

Understand process status. The process status is divided into ready, running, waiting, management program and stopped.

Describe the different types of memory used in computers. ROM is non-volatile and cannot be written by the end user. Data can only be written to the PROM chip once. EPROM/UVEPROM chips can be erased with UV light. EEPROM chips can be erased using current. RAM chips are volatile and their contents are lost when the computer is shut down.

Understand the security issues associated with memory components. There are some security issues with memory components: data remains on the chip after a power outage, and there are memory access control issues in multi-user systems.

Understand memory addressing concepts. Memory addressing methods include register addressing, immediate addressing, direct addressing, indirect addressing, base address + offset addressing.

Describe the different characteristics of storage devices used in computers. The main storage device is memory. Secondary storage consists of magnetic, memory, and optical media, and the data saved in it must be read into the primary storage device before it can be used by the CPU. Random access storage devices can be read at any point, while sequential access devices seek to scan all data physically stored before the expected location.

Understand the variations of storage device types. These variations include: primary versus secondary storage, volatile versus non-volatile storage, and random access versus sequential access.

Understand the security issues of secondary storage devices. There are three main security issues with secondary storage devices: removable media can be used to steal data, access control and encryption must be used to protect the data, and data may remain on the media after files are deleted or the media is formatted.

Learn about launch safety. Many electrical devices emit electrical signals or radiation that can be intercepted by unauthorized persons. These signals may contain confidential, sensitive or private information. Countermeasures against Van Eck eavesdropping (i.e. eavesdropping) include Faraday cages, white noise, controlled zones, and shielding.

Understand the security risks that input and output devices may pose. Input/output devices can be easily tapped, peeked from behind, used to take data out of an organization, or used to create unauthorized and unsecured entry points into organizational systems and networks. Precautions should be taken to identify and close these vulnerabilities.

Understand the purpose of firmware. Firmware is software stored on a ROM chip. At the computer level, it contains the basic instructions needed to start the computer. Firmware can also be used in foreign devices such as printers to provide operating instructions. Examples include BIOS and UEFI

Learn about JavaSeript issues. Javascript is the most widely used scripting language in the world and is embedded in HTML documents. Whenever you allow code from unknown and untrusted sources to execute on your system, you put your system at risk of compromise.

Learn about massively parallel data systems. Systems designed to perform large amounts of computation simultaneously include SMR, AMP, and MPP. Grid computing is a form of parallel distributed processing that groups large numbers of processing nodes loosely. To jointly achieve a specific processing goal. Peer-to-Peer (P2P) technology is a networking and distributed application solution for sharing tasks and workloads among partners.

Be able to define ICS. An industrial control system (ICS) is a computer-managed device (also called operational technology) that controls industrial processes and machines. Examples of ICS include distributed control systems (DCS), programmable logic controllers (PLC), and supervisory control and data acquisition (SCADA) systems.

Learn about distributed systems. A distributed system or distributed computing environment (DCE) is a collection of individual systems that collaborate to support a resource or provide a service. Its main security concern is the interconnectivity between components.

Learn about blockchain. A blockchain is a collection or ledger of records, transactions, operations, or other events that are verified using hash functions, timestamps, and transaction data.

Understand data sovereignty. The concept of data sovereignty is that once information is converted into binary form and stored as a digital file, it becomes subject to the laws of the country where the storage device is located.

Learn about smart devices. Smart devices refer to various devices that provide users with a large number of customization options (usually through the installation of applications) and can take advantage of machine learning (ML) processing either locally on the device or in the cloud.

To be able to define the Internet of Things. The Internet of Things (1oT) is a category of smart devices that are connected to the Internet to provide automation, remote control or artificial intelligence (AD) processing to devices or equipment. IoT security issues often involve access control and encryption.

To be able to define the Industrial Internet of Things. The Industrial Internet of Things (1oT) is a derivative of the Internet of Things that focuses more on supervision, automation, management and sensing at the industrial, engineering, manufacturing or infrastructure level. Industrial IoT evolves from ICS and DCs integrated with cloud services to perform data collection, analysis, optimization and automation.

Learn about specialized equipment. Special purpose equipment is any equipment designed for a specific purpose, used by a specific type of organization, or to perform a specific function. They can be viewed as a type of DCS, IoT, smart device, endpoint device or edge computing system. Medical equipment, smart cars, drones and smart meters are all specialized devices.

Be able to define SOA. Service-oriented architecture (SOA) builds new applications or functionality from existing but independent software services. The result is often new applications: therefore, their security issues are unknown, untested, and unprotected. An emerging product of SOA is microservices.

Learn about microservices. A microservice is simply an element, feature, capability, business logic, or functionality of a web application that can be called or used by other web applications. A microservice is transformed from the functionality of one web application into a service that can be called by many other web applications. It allows large, complex solutions to be decomposed into smaller, self-contained functions.

Be able to define IaC. Infrastructure as Code (aC) embodies a change in how people perceive and approach hardware management. Where once hardware configuration was viewed as a manual, direct-operation, one-to-one management problem, today hardware configuration is viewed as another collection of elements. Manage hardware configurations as you would software and code in a DevSecOps (security, development and operations) model.

Understand management procedures. A hypervisor, also known as a virtual machine monitor/manager (VMM), is the virtualization component that creates, manages, and runs virtual machines.

Learn about Type I management procedures. A Type I hypervisor is a local or bare metal hypervisor. There is no host operating system in this configuration: instead, the hypervisor is typically installed directly on the hardware where the host operating system resides.

Understand Type II management procedures. A Type II hypervisor is a managed hypervisor. In this configuration, there is a standard conventional operating system on the hardware and the hypervisor is installed and used as another software application.

Learn about virtual machine escape. A virtual machine escape occurs when software in a guest operating system is able to break through the isolation protection provided by the hypervisor, thereby compromising other guest operating system containers or infiltrating the host operating system.

Learn about virtualization software. A virtual application or virtual software is a software product that is deployed in a way that fools visitors into thinking they are interacting with the entire host operating system. Virtual (or virtualized) applications are packaged or encapsulated to execute and operate without full access to the host operating system. Virtual applications are isolated from the host operating system and therefore cannot make any direct or permanent changes to the host operating system.

Learn about virtualized networking. Virtualized networking or network virtualization refers to the combination of hardware and software network components into an integrated entity. The resulting solution allows software control of all network functions such as management, traffic shaping, and address allocation.

Learn about SDx. Software-defined everything (SDx) refers to the trend of replacing hardware with software through virtualization. SDx includes virtualization, virtualization software, virtualized networking, containerization, serverless architecture, infrastructure as code, SDN, VSAN, software-defined storage (SDS), VDI, VMI, SDV, and software-defined data center (SDDC).

Learn about VDI and VMI. Virtual Desktop Infrastructure (VDD) is designed to reduce end device security risks and meet performance requirements by hosting desktop/workstation operating system virtual machines on a central server that can be accessed remotely by users. Virtual Mobile Infrastructure VIM refers to virtualization on a central server Mobile infrastructure for mobile device operating systems.

Learn about SDV. Software-defined visibility (SDV) is a framework that drives automation of network monitoring and response processes. It is designed to allow every packet to be analyzed so that decisions about forwarding, rejecting, or otherwise responding to threats can be informed by deep intelligence.

Learn about SDDC. Software-defined data center (SDDC) or virtual data center (VDC) refers to the concept of replacing physical IT elements with a virtually provided solution, often provided by an external third party (such as a cloud service provider).

Learn about XaaS. Everything as a Service (XaaS) is a general term for any type of computing service or functionality that can be provided to customers through or with the help of cloud solutions. Examples include SECaaS, IPaas, Faas, ITaaS and Maas.

Understand some of the security issues of virtualization. Virtualization does not reduce the security management requirements of the operating system. Therefore, patch management remains essential. The stability of the host must be protected. Organizations should maintain backup copies of virtual assets. Virtualized systems should undergo security testing. Virtual machine sprawl occurs when an organization deploys a large number of virtual machines but lacks a comprehensive IT management or security plan to enforce them.

Learn about containerization. Containerization or operating system virtualization is based on a concept: eliminating duplicate elements of the operating system in virtual machines. Each application is put into a container that contains only the resources really needed to support the enclosed application, while common or shared operating system elements are then brought into the hypervisor.

Learn about serverless architecture. Serverless architecture is a cloud computing concept in which the code is managed by the customer and the platform (i.e., supporting hardware and software) or servers are managed by a cloud service provider (CSP). In reality there will always be a physical server running the code, but this execution model allows software designers/architects/developers to focus on the logic of their code without having to worry about the parameters or limitations of a specific server. This model is also known as Functions as a Service (Faas).

Learn about embedded systems. Embedded systems are often designed around a limited set of specific functions related to the larger product to which the system is attached.

Learn about microcontrollers. Microcontrollers are similar to system-on-a-chip (SoC), but are less complex. A microcontroller can be a component of an SoC. A microcontroller is a small computer that consists of a CPU (with one or more cores), memory, various input/output functions, RAM, and non-volatile memory, usually in the form of flash memory or ROM/PROM/EEPROM. Examples include Raspberry Pi, Arduino and FPGA•

Understand static systems/environments. A static system/environment is an application, operating system, set of hardware, or network that is configured specifically for specific needs, capabilities, or functionality and, once set up, remains unchanged.

Learn about connected devices. A network-enabled device is any type of device - whether mobile or stationary - that has native networking capabilities. Network-enabled devices can be embedded systems or used to create embedded systems.

Learn about cyber-physical fusion systems. Cyber-physical systems refer to devices that provide computing means to control something in the physical world. In the past, such systems might have been classified as embedded systems, but the category of cyber-physical fusion seems to be more focused on physical world results than computational aspects.

Understand security issues for embedded systems and static environments. Static environments, embedded systems, networked devices, cyber-physical systems, HPC systems, edge computing devices, fog computing devices, mobile devices, and other limited- or single-purpose computing environments all require security management. These security management techniques include network segmentation, security layers, application firewalls, manual updates, firmware versioning, wrappers, and controlling redundancy and diversity.

Learn about HPC systems. High-performance computing (HPC) systems refer to computing platforms designed to perform complex calculations or data manipulation at extremely high speeds. Supercomputers and MPP solutions are common examples of HPC systems.

Ding explains RTOS. RTOS is designed to process or retain data as it arrives on the system with minimal latency or delay. Attached operating systems are typically stored in read-only memory (ROM) and can run in hard or soft real-time.

Learn about edge computing. Edge computing is a network design concept that brings data and computing resources as close as possible to minimize latency while optimizing bandwidth utilization. In edge computing, intelligence and processing are included in every device. Therefore, instead of sending specific data to a main processing entity, each device can process its own data locally.

Learn about fog computing. Fog computing is another example of an advanced computing architecture that is also commonly used as an element of Industrial IoT deployments. Fog computing relies on sensors, IoT devices, and even edge computing devices to collect data and then transmit the data back to a central location for processing. So intelligence and processing are centralized.

Learn about mobile device security. Security functions for electronic devices (PEDs) can often be managed using mobile device management (MDM) or unified endpoint management (UEM) solutions. These include device authentication, full device encryption, communication protection, remote wipe, device lock, screen lock, GPS and location services management, content management, application control, push notification management, third-party app store control, storage segmentation , asset tracking and inventory control, removable storage, connection method management, disabling useless features, rooting/jailbreaking, sideloading, custom firmware, carrier unlocking, firmware over-the-air updates, key management, credential management, and SMS security.

Learn about mobile device deployment strategies. There are now many deployment models that allow employees to be equipped with mobile devices that they can use to perform work tasks while at work and away from the office. Examples include BYOD, COPE, CYOD, and COMS/COBO. You should also consider VDI and VMI options.

Learn the ins and outs of mobile device deployment strategies. A mobile device deployment strategy should address the following issues: data ownership, documentation of ownership, patch and update management, secure product management, forensics, privacy, deployment/decommissioning, compliance with company policies, building management, and storage Shoe facilities include loyalty, legal issues, acceptable use policy, panel-cut camera support, recordable microphone, Wi-Fi Direct, tethering and hotspots, and contactless payment options.

Understand process isolation. Process isolation requires the operating system to provide a separate memory loop for each process's instructions and data. It also requires the operating system to set boundaries for these processes, thereby preventing one process from reading and writing data that belongs to another process.

Understand hardware separation. Hardware separation is similar to process isolation and is designed to prevent human access to information belonging to different processes/security levels. The main difference is that hardware separation achieves these purposes by using physical hardware controls rather than logical process isolation controls imposed by the operating system.

Understand the importance of system security policies. The role of a system security policy is to inform and guide the design, development, implementation, testing, and maintenance of a specific system. Therefore, this security strategy should be closely focused on specific implementation plans. Be able to explain what a covert passage is. Covert channel refers to a method of transmitting information on a path that is not commonly used for communication. The use of covert channels provides a means to violate, bypass, or circumvent security policies without being detected. The basic types of covert channels are covert timing channels and covert storage channels.

Understand the vulnerabilities created by design and coding flaws. Some attacks can result from poor design techniques, questionable implementation practices and procedures, or from poor or inadequate testing. Some attacks may result from intentional design decisions due to special entry points (used to bypass access controls, logins, or other security checks, often added to the code during development) that are built into the code when it is put into production. has not been removed. Improper coding practices and lack of security considerations are the source or cause of system architectural vulnerabilities. Vulnerabilities can be attributed to failures in design, execution, code management, or outright coding errors.

Learn about rootkits. A rootkit is a type of malicious software that is integrated into the operating system. The term is a cognate of the concept of rooting and a kind of hacker utility toolkit. Rooting means gaining total or complete control over a system.

Learn about incremental attacks. Some forms of hacking occur in a slow, incremental manner without an obvious or identifiable attempt to compromise the security or integrity of a system. This is incremental attack, and this attack comes in two forms: data fraud and drunken rummy attack.

1 When designing for security in an organization, it must be recognized that it is not only necessary to strike a balance between organizational goals and security goals, but also to emphasize shared responsibility for security. Which of the following are elements of shared responsibility? (Select all that apply.) A. All personnel in an organization have some responsibility for safety. B. Always be aware of threats to tangible and intangible assets. C. The organization has the responsibility to make good security decisions for stakeholders to maintain the continued development of the organization. D. When working with third parties, especially cloud providers, each entity needs to understand its share of shared responsibility for performing business operations and maintaining security. E. Multiple layers of security must be in place to prevent adversaries from accessing sensitive internal resources. F. When new vulnerabilities and new threats are discovered, we should responsibly disclose the situation to relevant vendors or information sharing centers, even if this is not our responsibility.

2. Many PC operating systems provide functions that support the simultaneous execution of multiple applications on a single-processor system. Which of the following words describes this function? A. Multi-state B. Multithreading C. Multitasking D.Multiple processing

3. According to recent papers on mobile code and web application risks, you need to adjust the security configuration of your organization’s endpoint devices to minimize exposure. On a modern Windows system with the latest version of Microsoft Browser and all other browsers disabled or blocked, which of the following is of greatest concern? A.Java B. Flash C. JavaScript D. ActiveX

4. Your organization is considering deploying a publicly available screensaver to free up system resources to handle company-sensitive data. What are the common security risks associated with adopting grid computing solutions that consume resources available to computers on the Internet? A. Loss of company privacy B. Communication delay C. Duplicate work D. Capacity fluctuation

5. Your company is evaluating multiple cloud providers to determine which one is best suited to host your custom services as a custom application solution. There are many aspects to your security controls that need to be evaluated, but key issues include: being able to process large amounts of data in a short period of time, controlling which applications can access which assets, and being able to prohibit virtual machine sprawl or duplication of operations. Which of the following is not relevant to this selection process? A. A collection of certain entities (usually users, but also applications and devices) that may be cast or not be granted access to perform specific tasks or access certain resources or assets. B. A virtual desktop infrastructure (VDD or virtual mobility infrastructure (VMD) instance that serves as a virtual endpoint for accessing cloud assets and cloud services. C. The ability of cloud processes to use or consume more resources (such as computing, memory, storage, or network) when necessary. D. A management or security mechanism that can monitor and differentiate between multiple instances of the same virtual machine, service, application or resource.

6. A central utility company in a large city saw a spike in the number of distribution nodes that failed or went offline. one The APT hacking group has been trying to take over control of the utility company, and these failures in the system are entirely their fault. Which of the following systems did the attacker compromise? A. MFP B. RTOS C.SoC D. SCADA

7. Your organization is concerned that employees taking decommissioned equipment home could lead to information leaks. Which of the following types of memory may retain information after being removed from the computer and therefore pose a security risk? A. Static RAM B. Dynamic RAM C. Auxiliary storage D. Actual memory

8. Your organization is considering deploying a distributed computing environment (DCE) to support a massively multiplayer online role-playing game (AMNORPO) based on characters from the popular film series. DCE Yuanxu probably wants to use software to pass the data, and it can pass the opponent's rotation and lateral movement to facilitate it. What is its main problem? A. Unauthorized user access B. Identity deception C. Component interconnectivity D. Insufficient identity authentication

9. To reduce costs, your boss wants to automate the building's HVAC system and lighting controls. He instructs you to use commercial off-the-shelf IoT equipment to ensure low-cost operation. When you use IoT devices in a dedicated environment, what are the best steps to take to reduce risk? A. Use public health addresses B. Cut off the power supply when the equipment is not in use C. Keep your device updated in real time D. Prevent IoT devices from accessing the Internet

10. Service-oriented architecture (SOA) uses existing but independent software services to build new applications or functions. The resulting applications are often new: therefore, their security issues are unknown, untested, and unprotected. Which of the following is a direct extension of SOA and creates single-purpose functionality that can be used by other software through APT? A. Cyber-physical fusion system B. Fog computing C.DCS D. Microservices

11. The organization deploys a new on-premises virtual desktop infrastructure (VDI). Many security breaches occur in organizations due to issues on typical desktop workstations and laptop computers that are used as endpoints. Many of these problems occur because users install unapproved software or change the configuration of important security tools. To avoid future security compromises arising from endpoints, all endpoint devices can now only be used as dumb terminals. Therefore, the endpoint does not store data or execute applications locally. In VDI, each employee is assigned a virtual machine CVND that contains all the software and data sets they need to run their business. Once configured, these virtual machines will prevent the installation and execution of new software code, data files cannot be exported to actual endpoints, and each time an employee logs out, the virtual machine used will be discarded, and the next time the employee logs in, there will be a Replace the static snapshot with the clean version. What type of system is being deployed for employees now? A. Cloud services B. Non-persistent C. Thin client D. Fog computing

12． The auditor's review of the company's operational virtualization determined that hardware resources to support virtual machines were almost completely exhausted, and the auditor requested that the company provide plans and layouts for the virtual machine system. But was told no such plan existed. What's wrong with Jiaoming Company? A. Systems using end-of-service life (EOSL) B. Virtual machine sprawl C.Weak code D.Virtual machine escape

13. Does the company’s server serve as a website only? The station site is simulated, but the operation has been calibrated to increase the capacity of the site. Since the company's I9g The budget has finally been used up, and the management has told you that you will not be able to create new ones. Deploy a new application to other applications. How can this be achieved? A.Data Sovereignty B. Infrastructure as Code C containerization D. Serverless architecture

14.———— is a cloud computing concept in which the code is managed by the customer and the platform (i.e. supporting hardware and Software) or servers are managed by a cloud service provider (CSP). In reality there is always a server running the code, but this execution model allows software designers/architects/programmers/developers to focus on the logic of their code without having to worry about the parameters or limitations of a specific server. A. Microservices B. Serverless Architecture C. Infrastructure as code D.Distributed system

15. You have been tasked with designing and implementing a new security policy to address new threats posed by newly installed embedded systems. What are embedded system security risks that are not common in standard PCs? A.Software defects B. Internet access C. Mechanism control of the physical world D.Power consumption

16. The company is developing a new product to perform simple automation tasks related to indoor gardening. This device will be able to turn lights on and off and control water pumps to deliver water. The technology to automate these tasks must be simple and cheap. It requires minimal computing power, does not require an Internet connection, and should be able to execute C commands locally without requiring an operating system. The company believes that an embedded system or microcontroller can provide the functionality required for the product. Which of the following is the best option for this new product? A.Arduino B. RTOS C. Raspberry Pi D. FPGA

17. You are developing a new product that can process data quickly to trigger real-world adjustments with minimal latency. Current plans are to embed code into ROM chips to optimize mission-critical operations. Which solution is suitable for this scenario? A. Containerized applications B. An Arduino product C.DCS D. RTOS

18. A large online data services company wants to provide better response and access times to users and visitors. They plan to deploy several small Web name servers for Internet service providers (SPs) nationwide. These small servers will each host dozens of homepages of the company's website, connecting users to servers closest to the bank and geographical location to optimize performance and minimize latency. Only when users request data that is not exposed on these sub-services, they are connected to the centralized main web cluster hosted at the company headquarters. What is this deployment usually called? A. Edge computing B. Fog computing C. Thin client D. Infrastructure as code

19. You're working to improve our company's mobile device policy. Due to the recent number of horrific breaches, the company is looking to improve security through technical means as well as user behavior and activity. What is the most effective way to reduce the risk of data loss from mobile devices such as laptops? A. Define strong login passwords B. Reduce data stored on mobile devices to a minimum C. Use a cable lock D. Encrypt hard drive

20. The chief information security officer (CISO) has asked you to propose an update to the company's mobile device security strategy. The company's main problems were the mingling of personal information with business data and the overly complex processes for assigning device security, management, updates and maintenance tasks. Which of the following is the best option to solve these problems? A. Bring your own device (BYOD) B. Company owned, personal use (COPE) C. Equipment of your choice (CYOD) D.Company owned